Select Page

Privacy Policy

1. Introduction and general information

Thank you for your interest in our website. The protection of your personal data is important to us. Below you will find information on how we handle your data that is collected through your use of our website. Your data will be processed in accordance with the General Data Protection Regulation (GDPR) and the German Data Protection Law (Bundesdatenschutzgesetz – BDSG). Our privacy policy uses the legal terms as defined in Art. 4 GDPR.

Insofar as links are provided to other websites, we have neither influence nor control over the linked contents and the data protection regulations there. We recommend checking the privacy policies on the linked websites to determine whether and to what extent personal data is collected, processed, used, or made available to third parties.

2. Data Controller

Qwist GmbH
Kronenstraße 63
10117 Berlin
Email: contact@qwist.com
Phone: +49 40 228212718
Represented by the Managing Directors: Matthew Colebourne, Maximilian Kleinsorge

3. Contact details of our Data Protection Officer

External Data Protection Officer:
Marc Neumann
IBS data protection services and consulting GmbH
Zirkusweg 1
20359 Hamburg, Germany
dataprivacy@qwist.com

4. The purposes and legal bases of the processing

4.1 Technical provision and hosting of the website

The processing is carried out for the purpose of providing our websites on the basis of an overriding legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interests are the provision of technically necessary and expressly requested digital services, ensuring the security and error-free operation of our IT systems and the assertion, exercise and defense of legal claims.

Once you visit our website, it is technically necessary that data is transmitted to our web server via your internet browser. The following data is recorded during an active connection for communication between your internet browser and our web server

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status
  • Web browser used and operating system used
  • (Full) IP address of the requesting computer
  • Transmitted amount of data

In addition, in certain cases we store pseudonymised information in your browser (cookies or local storage) insofar as this is necessary to display our websites or to enable necessary functions on our websites (technically necessary services or cookies), such as cookies that are necessary to carry out the electronic communication process, to provide certain functions you have requested (e.g. for the shopping cart function). The storage of information in your end device or access to information stored there is absolutely necessary in these cases in order to provide you with the expressly requested digital service.

If you use a contact form provided by us, we collect the data you provide, at least the information marked as mandatory. The transmission to the web server is encrypted via https (SSL) and then sent to us by email. In addition to the data entered (message content), connection data (e.g. IP address, mail client, time stamp) and metadata (e.g. size of the transmitted data) as well as any attachments containing personal data are processed for all communication by email. E-mails are always checked for unwanted content (e.g. viruses, spam) in our IT systems using technical equipment.

This website is hosted by an external service provider (wordpress.com). Personal data collected on this website is stored on the hoster’s servers. This may include IP addresses, contact requests, meta and communication data, website access and other data generated via a website.
We have concluded a Data Processing Agreement with the provider in accordance with the requirements of Art. 28 GDPR, in which we oblige the provider to protect our customers’ data and not to pass it on to third parties.
You must provide the above listed data without any legal or contractual obligation to do so. A visit to our website is not possible or only possible with restrictions without the provision of this information.

4.2 Cookiebot

The processing is carried out for the purpose of obtaining, managing and evidencing your consent to the use of non-essential cookies and web services on the basis of an overriding legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interests are the verifiability of compliance with legal requirements pursuant to Art. 5 para. 2 GDPR and the assertion, exercise and defense of legal claims.

When you visit our websites, you can give or subsequently change your consent to the web services via an additional interface (Consent Manager). We process pseudonymous information (e.g. IP address, time stamp) via the cookie banner and store your consent in your browser (cookie / local storage) to ensure that only those services are used to which you have consented. The provider of this technology is Usercentrics GmbH Sendlinger Straße 7 80331 Munich.

The storage of information in your end device or access to information stored there is absolutely necessary in these cases in order to provide you with the expressly requested digital service.

We show you an overview of the cookies and website services managed at the bottom of this page “Cookie settings”.

4.3 Cookies und web services

Our website uses cookies and other web services. We use them to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

Cookies are small text files used by websites to make the user experience more efficient.

By law, we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we need your consent pursuant to Art. 6 para. 1 lit. a GDPR. In accordance with Art. 7 para. 3 GDPR, you have the right to withdraw your consent you have given for the processing of your personal data at any time with effect for the future. The lawfulness of processing based on your consent in accordance with Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR remains unaffected until your withdrawal.

You are neither legally nor contractually obliged to provide this data. It is generally possible to visit our website without providing this information.
This site uses different types of cookies. Some cookies are placed by third parties that appear on our pages.

You can change or withdraw your consent at any time from the cookie declaration on our website.

Please provide your consent ID and date when you contact us regarding your consent.

An overview of the managed cookies and website services can be found here.

4.3.1 DoubleClick

This website contains components of DoubleClick, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google). DoubleClick transmits your data to the DoubleClick server with each impression as well as with clicks or other activities. Each of these data transfers triggers a cookie request to your browser. If the browser accepts this request, DoubleClick places a cookie on your IT system. The cookie is used, among other things, to place and display user-relevant advertising and to create reports on advertising campaigns or to improve them. The cookie is also used to avoid multiple displays of the same advertisement.

Each time you access one of the individual pages of this website, which is operated by us and on which a DoubleClick component has been integrated, the Internet browser on your IT system is prompted by the respective DoubleClick component to transmit data to Google for the purpose of online advertising and billing of commissions. As part of this technical process, Google obtains knowledge of data that Google also uses to create commission statements. A DoubleClick cookie does not contain any personal data. However, a DoubleClick cookie may contain additional pseudonymized identification numbers. Among other things, Google can see that you have clicked on certain links on our website.
These processing operations are only carried out with your express consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures.

You can view the data protection provisions of DoubleClick by Google at: https://www.google.com/intl/de/policies/.

4.3.2 Google Tag Manager

We use Google Tag Manager to manage JavaScript and HTML tags for tracking and analytics with our own and third-party software. Tags are small code elements that help us, among other things, to measure traffic and visitor behavior, understand the impact of our advertising, set up remarketing and targeting, and test and optimize our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google’s parent company in the United States. The transfer of personal data to Google is based on the adequacy decision (“Data Privacy Framework”).
The legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You are free to withdraw your consent at any time.
Further information on Google Tag Manager and Google’s privacy policy can be found at https://policies.google.com/privacy?hl=de

4.3.3 Jetpack

We use the WordPress plug-in Jetpack on our website. The service is provided by Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA. Jetpack has various functions and modules. All these tools help us to optimize the website. The tool can also be used to display related posts, content can be shared and Jetpack can also improve the loading speed of our website. All functions are hosted and provided by WordPress.

The integrated tracking tool also collects, stores and processes your personal data. The collected data is synchronized with Automattic and stored there. In addition to IP address (anonymized before storage) and data on user behaviour, this includes, for example, browser type, unique device identifier, preferred language, data and time of page entry, operating system and information on the mobile network. Jetpack uses this information to improve its own services and offers and to gain better insights into the use of its own service. The following data can also be synchronized and stored:

  • For Google Ads customers, the email address and the physical address of the account are synchronized
  • Successful and unsuccessful login attempts. Your IP address and the user agent are also stored for this purpose
  • The user IDs, usernames, email addresses, roles and skills of registered users. But no passwords are stored
  • The user ID of users who make changes on the website
  • Twitter username, if this has been configured with Jetpack

The legal basis for processing: Your consent in accordance with Art. 6 para. 1 lit. a GDPR. Your consent can be revoked at any time with effect for the future. The transfer of data to the USA is based on the adequacy decision of the European Commission, as the provider has undertaken to comply with the data processing principles of the Data Privacy Framework (DPF).

You can find more information about the processing of data by Jetpack or Automattic at https://automattic.com/privacy/

4.3.4 Google Ads Conversion-Tracking

On our website, we use the online advertising program “Google Ads” and, as part of Google Ads, the conversion tracking of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). We use Google Ads to draw attention to our advertising on external websites with the help of advertising material (so-called Google Adwords). Google Ads allows us to pre-define keywords that will cause an ad to appear in Google’s search results only when the user uses the search engine to retrieve a keyword relevant search result. In the Google advertising network, the ads are distributed to topic-relevant websites by means of an automatic algorithm and in accordance with the keywords previously defined.

With Google Ads conversion tracking, we can determine how successful the individual advertising measures are in relation to the advertising campaign data. Our aim is to show you advertising that is of interest to you, to make our website more interesting for you and to achieve a fair billing of the advertising costs incurred.

The conversion tracking cookie is set when a user clicks on an ad placed by Google. These cookies generally lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies can therefore not be tracked via the websites of Google Ads customers. The information collected using the conversion cookie is used to generate conversion statistics for Google Ads customers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
The legal basis for the processing of your data described above is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.

As part of the use of Google Ads, personal data may also be transmitted to the servers of Google LLC. in the USA. There is an adequacy decision in accordance with Art. 45 GDPR, so that personal data may also be transferred without further guarantees or additional measures.

You can find more information about Google’s privacy policy at the following Internet address: https://www.google.de/policies/privacy/

Furthermore, you can object to interest-based advertising by Google. To do so, the person concerned must access https://adssettings.google.com/anonymous? from each of the Internet browsers he or she uses and make the desired settings there.

4.3.5. Matomo

This website uses the open source web analysis service Matomo. Matomo is a service provided by InnoCraft Limited, 7 Waterloo Quay, PO625, 6140 Wellington, New Zealand. With the help of Matomo, we are able to collect and analyze data about the use of our website by website visitors.

This enables us to find out, among other things, when which pages were accessed and which region you come from. We also record various log files (e.g. IP address, referrer, browser and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).

The processing is carried out for the purpose of optimizing our website and our offer on the basis of your express consent in accordance with Art. 6 para. 1 lit. a GDPR. You have the right to withdraw your consent with effect for the future.

The data is stored in the cookie in your browser for a period of one year from the date of consent or at the latest until you manually delete the data in your browser.

Usage data — when you visit our site, we will store: the website from which you visited us from, the parts of our site you visit, the date and duration of your visit, your anonymised IP address, information from the device (device type, operating system, screen resolution, language, country you are located in, and web browser type) you used during your visit, and more. We process this usage data in Matomo Analytics for statistical purposes, to improve our site and to recognize and stop any misuse.

4.3.6 HubSpot

We use HubSpot for our online marketing activities. This is an integrated software solution with which we cover various aspects of our online marketing.

These include among others:

  • E-mail marketing (newsletters and automated mailings, e.g. to provide downloads)
  • Social Media Publishing & Reporting
  • Reporting (e.g. traffic sources, accesses, etc. …)
  • Contact management (e.g. user segmentation & CRM)
  • Contact Forms (HubSpot Forms)
  • HubSpot Analytics.

The use if HubSpot involves so-called “web beacons” and also “cookies”, which are stored on your computer and enable us to analyze your use of the website. HubSpot evaluates the information collected (e.g. IP address, geographical location, type of browser, duration of the visit and pages accessed) on our behalf in order to generate reports on the visit and the pages visited by us.

Our registration service allows visitors to our website to learn more about our company, download content and provide your contact information and other demographic information.

This information, as well as the content of our website, is stored on servers of our software partner HubSpot. We may use this information to contact visitors to our site and to determine which of our services may be of interest to you.

All information collected by us is subject to this privacy policy. We use all collected information exclusively to optimize our marketing. Insofar as you have given your consent to this in accordance with Art. 6 para. 1 lit. (a) GDPR, the processing on this website is for the purpose of website analysis.

HubSpot is a software company from the USA with a branch in Ireland. (Ground Floor, Two Dockland Central Guild Street, Dublin 1, Ireland, telephone: +353 1 5187500.)

HubSpot is certified under the “EU – U.S. Data Privacy Framework” and is subject to TRUSTe’s Privacy Seal and the “U.S. – Swiss Safe Harbor” framework.

You can permanently object to the collection of data by HubSpot and the setting of cookies by preventing the storage of cookies through your browser settings accordingly. You may object to the processing of your personal data at any time with effect for the future by sending an e-mail to contact@qwist.com.

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. Further information about how HubSpot works can be found in the HubSpot Inc. privacy policy, available at: http://legal.hubspot.com/de/privacy-policy.

4.3.7 LinkedIn Ads

We use the conversion tracking technology and the retargeting function of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland on our website. This enables us to display personalized ads on LinkedIn to visitors to our website. For this purpose cookies are set in your browser, which enable LinkedIn to recognize if you visit this website and are logged into your LinkedIn account at the same time. LinkedIn uses this data to create anonymous reports on the performance of advertisements and information on website interaction. The information generated by the cookies is usually transferred to a server in the USA and stored there.

This involves processing your IP address, timestamp, URL and user agent.

The legal basis for the processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Consent can be withdrawn at any time with effect for the future.

As personal data is transferred to the USA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. The transfer of personal data to the USA (incl. the parent company Microsoft Inc.) takes place on the basis of the adequacy decision (Data Privacy Framework).You can deactivate LinkedIn conversion tracking and interest-based personalized advertising by opting out at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Further information on data protection at LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy.

4.3.8 LinkedIn Analytics

We use the conversion tracking technology and the retargeting function of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland on our website. LinkedIn enables us to collect statistical data about your visit and use of our website and to provide us with corresponding aggregated statistics on this basis. The service is also used to show you interest-specific and relevant offers and recommendations after you have found out about certain services, information and offers on the website. The relevant information is stored in a cookie. In this context, the IP address, device information, browser information, referrer URL and timestamp are collected and processed. The legal basis for the processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Consent can be withdrawn at any time with effect for the future.

As personal data is transferred to the USA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. The transfer of personal data to the USA (incl. the parent company Microsoft Inc.) takes place on the basis of the adequacy decision (Data Privacy Framework).
You can deactivate LinkedIn conversion tracking and interest-based personalized advertising by opting out at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Further information on data protection at LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy.

4.4 Qwist GmbH in social media

The processing is carried out for the purpose of providing our fan pages in social networks (company pages) and for marketing purposes on the basis of an overriding legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interests are the support of the social media platforms as well as the presentation of our business activities and the implementation of marketing activities.

If you visit our company page on one of the following social media platforms, we determine the purposes and means together with the platform operators. In terms of data protection, we are joint controllers pursuant to Art. 26 GDPR.

We have set a link to the pages of social networks. There is no further data exchange with these sites on our website. When the social media element is active, a direct connection is established between your device and the provider. The provider then receives information about your visit to this website. If consent has been obtained, the above-mentioned service is used on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TDDDG. Consent can be revoked at any time.

You are neither legally nor contractually obliged to provide us with this information. The use of social networks is independent of the provision of your data, but it is not possible to contact us or visit our profile without the provider of the social network providing us with this data.

4.4.1 X (ehemals Twitter)

Functions of the service X (Twitter) are integrated in this website. The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. Our social media presence on X (Twitter) serves to ensure the most comprehensive presence possible on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR.

If you are logged into your account and visit our profile, X (Twitter) can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, through cookies that are stored on your end device or by recording your IP address.

You can adjust your data protection settings on X (Twitter) yourself in your user account. To do this, click on the following link and log in: https://twitter.com/personalization.

Your data may also be transferred to X’s parent company (Twitter) in the United States. The transfer of personal data to Twitter is based on the adequacy decision (Data Privacy Framework).

You can learn more about the processing of your data by X (Twitter) by clicking on the link: https://x.com/en/privacy

4.4.2 LinkedIn

If you visit our profile on the social network “LinkedIn” as a registered user, follow us or interact with us (e.g. message, comment), LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”) processes personal data in order to provide us with aggregated information (“Page Insights”). No information is provided that enables us to track the behavior of an individual user.

We and LinkedIn are jointly responsible for the processing of personal data for the purpose of providing Page Insights in accordance with Art. 26 GDPR. For more information on the processing of your personal data as joint controllers, please visit the following external link directly at LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum.

If, as a registered user, you also interact with our profile or posts shared by us (e.g. reading, following, commenting) or we access your profile, LinkedIn processes your information as an independent controller (operation of the social network) and shares with us all information required for the operation of the social network in accordance with LinkedIn’s terms of use. In this case, we collect user data (e.g. name, location), qualification data (e.g. professional activity, position, education) and communication data (e.g. message content) directly from you or through the use of the LinkedIn social network.

Further information on the processing of personal data by LinkedIn can be found at the following external link https://de.linkedin.com/legal/privacy-policy.

Your data may also be transferred to LinkedIn’s parent company – Microsoft Corporation, in the United States. The transfer of personal data to Microsoft is based on the adequacy decision (Data Privacy Framework).

4.5 Web form for consultation

We offer a contact form on our website where you can get in touch with us for further information about our products, services and events. If you take this opportunity, the data entered in the input mask will be transmitted to us and stored. This includes first and last name, form of address, e-mail address, telephone number, company name and other data. This information is required to contact you and to provide you with personal and differentiated information. The legal basis for the processing of data transmitted in the course of sending an e-mail is the implementation of pre-contractual measures or a contract in accordance with Art. 6 para. 1 lit. (b) GDPR or your consent granted to us in accordance with Art. 6 para. 1 sentence 1 lit. (a) GDPR.

Your personal data will generally be deleted as soon as they are no longer required for the purpose of their collection. Continued processing will only take place if it is necessary within the framework of a resulting initiation and processing of a contract or for the fulfilment of resulting contractual purposes.

If you do not wish to receive further contact from us, you can unsubscribe at any time by using the unsubscribe link at the end of an e-mail or send us an e-mail to dataprivacy@qwist.com with effect for the future.

4.6 Contact form and contact by e-mail

If you send us enquiries via contact form or e-mail, your provided details, including your stated first name, last name and salutation, will be stored for the purpose of processing the enquiry and in the event of follow-up questions. It is required to provide an e-mail address to contact us. Name and phone number are provided voluntarily. Under no circumstances will we transfer these data without your consent. The legal basis for the data processing is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. (f) GDPR and, if applicable, Art. 6 para. 1 lit. (b) GDPR, as far as your request is aimed at concluding a contract. Your data will be deleted after final processing, provided that there are no obligations to preserve records. You can object to the processing of your personal data at any time if Art. 6 para. 1 lit (f) GDPR is applicable. In case you have given us your consent to subsequently contact you for information about our products, services and events, the renewed contact is based on your consent according to Art. 6 para. 1 lit. (a) GDPR. You can withdraw your consent at any time with effect for the future in accordance with Art. 7 para. 3 GDPR. To withdraw, please use the unsubscribe link at the end of an e-mail or contact the person responsible by e-mail at dataprivacy@qwist.com. If you have made use of your right of withdrawal, we will not contact you again for this purpose.

The form is provided by the CRM system Hubspot. For more information, please see Hubspot’s privacy policy.

To contact us, you are neither contractually nor legally obliged to provide the data. However, it is not possible to process the request without providing certain personal data (mandatory fields), so that contact cannot be made without providing this information.

4.7 Documents download

On our website we offer the download of various information materials to give you a deeper insight into current topics related to our products and services. Before you can start the download, we ask for your name and your e-mail address. This information is required in order to be able to provide the requested information material to the appropriate trade audience.

You can additionally consent to receiving newsletter and invitations to webinars.

The processing of your personal data is based on Art. 6 para. 1 a) GDPR.

If you do not wish to receive further contact from us, you can unsubscribe at any time by using the unsubscribe link at the end of an e-mail or send us an e-mail to dataprivacy@qwist.com with effect for the future.

4.8 Job application

Processing for the purpose of carrying out application procedures is carried out to decide on the establishment of an employment relationship and, after the employment relationship has been established, for its implementation in accordance with Art. 6 para. 1 lit. b) GDPR and § 26 para. 1 BDSG.

In addition, in the event of a rejected application, processing may be carried out to safeguard overriding legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the assertion, exercise or defense of legal claims.

If, in the case of an unsolicited application or a rejection of the application, you expressly agree to keep and consider it for a later date, the processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. In accordance with Art. 7 para. 3 GDPR, you have the right to withdraw your consent to the processing of your personal data at any time. The lawfulness of processing based on your consent in accordance with Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR remains unaffected until you withdraw your consent.

When you apply to us, we collect all the personal data that you provide to us as part of your application. You can submit an unsolicited application or one based on a job advertisement published by us. We then process your personal data in the application process in order to invite you to a personal interview if necessary and to decide on the establishment of an employment relationship. You can apply to us via E-Mail or an application form provided by the recruiting page of the personnel and applicant management software Personio of Personio GmbH, Rundfunkplatz 4, 80335, Munich, Germany. In case of use of the application form, your data will be transmitted to Personio and stored. We have concluded a data processing agreement with Personio GmbH. For more information please refer to the Personio privacy policy at https://www.personio.com/privacy-policy/.

The following personal data is transmitted to us via the input mask and stored:

  • First name, surname
  • Telephone/ mobile phone number
  • E-mail address
  • Data about your career and your person like curriculum vitae and certificates
  • Salary expectations
  • Date of joining

Within our company, only those persons have access to your personal data which they absolutely need to carry out the application procedure or to fulfil our legal obligations (e.g. human resources). If necessary, your application will be forwarded to the responsible person for further examination (e.g. Team Lead).

If we are unable to make you a job offer, you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The retention serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for further storage no longer applies.

Longer storage may also take place if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if statutory retention obligations prevent deletion.

4.9 Newsletter

You have the possibility to subscribe to the newsletter of our company on the website. Which personal data will be transmitted to us when you subscribe to the newsletter is determined by the input mask used for this purpose (e.g. name, E-Mail).

Qwist GmbH informs its customers and business partners about company offers in regular intervals by means of a newsletter. In principle, the newsletter of our company can only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject registers to receive the newsletter. For legal reasons, a confirmation e-mail will be sent to the e-mail address registered for the first time by a data subject for the purpose of receiving the newsletter using the double opt-in procedure. This confirmation mail is used to check whether the owner of the e-mail address has authorized the receipt of the newsletter as a data subject.

When signing up for the newsletter, we also save the IP address assigned by the Internet service provider (ISP) of the computer system used by the data subject at the time of registration, as well as the date and time of the registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of a data subject’s e-mail address at a later date and therefore serves to provide legal protection for us.

The personal data collected during registration for the newsletter is used exclusively for sending our newsletter. In addition, subscribers to the newsletter could be informed by e-mail if this is necessary for the operation of the newsletter service or for registration, as might be the case if there are changes to the newsletter offer or if technical conditions change. The personal data collected within the scope of the newsletter service will not be passed on to third parties. The subscription to our newsletter can be withdrawn by the data subject at any time. The consent to the storage of personal data, which the data subject has given us for the newsletter service, can be withdrawn at any time. For the purpose of the withdrawal the consent, a corresponding link is included in every newsletter. It is also possible to inform us of the withdrawal of consent by e-mail to contact@qwist.com. The legal basis is your consent based on art. 6 para. 1 a) GDPR.

You can withdraw your consent to receive the newsletter at any time with effect for the future in accordance with Art. 7 para. 3 GDPR. To do so, you must simply inform us of your withdrawal or click on the unsubscribe link contained in every newsletter.

Our e-mail newsletters are sent via the technical service provider Hubspot, to whom we pass on the data provided by you in the newsletter registration. This disclosure is in accordance with Art. 6 para. 1 lit. (f) GDPR and serves our legitimate interest in the use of an effective, secure and user-friendly newsletter system. The data you enter to subscribe to the newsletter (e.g. e-mail address) will be stored on the servers of Hubspot.

Hubspot uses this information to send and statistically evaluate the newsletter on our behalf. For evaluation purposes, the e-mails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. In this way it can be determined whether a newsletter message was opened, and which links were clicked on, if applicable. Conversion tracking can also be used to analyze whether a previously defined action (e.g. sending a consultation form on our website) was carried out after clicking on the link in the newsletter. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). The data is only collected pseudonymously and is not linked to your other personal data, a direct personal reference is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.

We have concluded a contract with Hubspot in which we commit Hubspot to protect the data of our customers and not to disclose it to third parties.
If necessary, data may be transferred to Hubspot Inc. in the USA. HubSpot, Inc, Cambridge, Massachusetts, US, is certified under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures. For more information, please see Hubspot’s privacy policy.

4.10 Business cards

If we receive business cards from you at trade fairs or other events, we will use your company data stated on these cards, including personal data such as name, first name, title, telephone number and e-mail address and store it in our system to be able to establish a contact. Under no circumstances will we pass on your data without your consent. The processing is based on our legitimate interest in maintaining business and customer contacts in accordance with Art. 6 para. 1 lit (f) GDPR as well as, if applicable, Art. 6 para. 1 lit (b) GDPR, if the presentation of the business card to us is aimed at the conclusion of a contract.

If your data has been processed due to our legitimate interest and no contact has been made for two years, we will delete your data after this period. If the processing is based on the conclusion of a contract or pre-contractual measures, we will delete your data, provided that you have not sent us any feedback after a reasonable period of time and no legal storage obligations prevent a deletion.

If the processing of your data is based on our legitimate interest in accordance with Art. 6 para. 1 lit (f) GDPR, you can object to the processing of your personal data at any time with effect for the future.

4.11 Exercising your rights as a data subject

The processing is carried out for the purpose of guaranteeing the rights of data subjects on the basis of the fulfillment of legal obligations pursuant to Art. 6 para. 1 lit. c GDPR and to safeguard overriding legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the assertion, exercise and defense of legal claims.

If you contact us to assert your rights as a data subject, we will collect all the personal data that you provide to us as part of the request. Alternatively, we may also receive the data from third parties if you have commissioned someone to assert your rights on your behalf (e.g. representative, lawyer, counselor) or have contacted other bodies in advance (e.g. data protection officer).

We process this data in order to verify your identity, check the applicability of the respective rights, implement your rights and communicate with you.

You are under no legal or contractual obligation to provide your data. However, without the provision of certain information that enables your person to be identified or your rights to be implemented, it is not possible or only possible to a limited extent to process your request.

5. Recipients and international data transfers

Your personal data is not transferred to third parties, unless

  • we have explicitly pointed this out in the description of the respective data processing.
  • you have given your explicit consent in accordance with Art. 6 para. 1 lit. (a) GDPR,
  • the transfer pursuant to Art. 6 para. 1 lit. (f) GDPR is necessary for the assertion, exercise or defense of legal claims and our legitimate interests are not overridden by your fundamental rights and freedoms (e.g. legal advisors, auditors, data protection officer),
  • there is a legal obligation to transfer data pursuant to Art. 6 para. 1 lit. (c) GDPR (e.g. authorities, courts),
  • required by Art. 6 para. 1 lit. (b) GDPR for the execution of contractual relationships with you.

In addition, we use external service providers for the processing of our services, whom we have carefully selected and commissioned in writing. They are bound by our instructions and are regularly monitored by us. Required data processing agreements pursuant to Art. 28 GDPR are concluded before the commission. In particular these contracts concern web hosting services, the dispatch of e-mails and IT services and maintenance. Your personal data will not be transferred to third parties by our service providers.

Transfers to recipients in third countries outside the EU/EEA or to international organizations only take place insofar as this is necessary and legally permissible for the respective processing. In these cases, the transfer takes place on the basis of an EU adequacy decision or, if this does not exist, on the basis of agreed standard contractual clauses or binding internal data protection regulations. Insofar as the aforementioned guarantees do not exist, the transfer to third countries outside the EU/EEA is based on an exception pursuant to Art. 49 para. 1 GDPR (express consent, performance of a contract, assertion, exercise or defense of legal claims).

6. Security of processing

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of data subjects, we take appropriate technical and organizational measures to ensure a level of security appropriate to the risk in accordance with Art. 32 GDPR. For reasons of security and to protect the transmission of confidential content, this website uses SSL encryption or the Transport Layer Security Standard.

7. Storage period

To guarantee the principle of storage limitation in accordance with Art. 5 para. 1 lit. e GDPR, we store personal data in a form that only allows the identification of data subjects for as long as is necessary for the respective legitimate purposes.
We have set the following storage periods:

  • Server log files are stored for 1-30 days depending on the IT system and then automatically deleted;
  • technically necessary cookies are deleted at the end of a session (e.g. closing the browser) or after reaching the specified maximum age (max-age) or manually by the user in the browser;
  • Non-essential cookies are deleted after the specified maximum age (max-age) or manually by the user in the browser.
  • Application documents of rejected applicants will be deleted 6 months after rejection without consent for permanent storage.

Personal data that must be stored due to commercial or tax regulations will not be deleted before 6 years or 10 years have passed. Further storage takes place for the assertion, exercise or defense of legal claims, e.g. in the case of unresolved tax, audit or administrative proceedings.

Personal data that we process for the assertion, exercise or defense of legal claims is generally deleted after 3 years (regular limitation period pursuant to Section 195 of German Civil Code (Bürgerliches Gesetzbuch – BGB); in certain cases (e.g. claims for damages), the limitation period is 10 years or 30 years from the date on which the claim arises pursuant to Section 199 BGB, whereby the maximum storage period is 30 years from the date of the damaging event.

8. Your rights

Below you will find information on the rights the applicable data protection law grants you with regard to the processing of your personal data.

  • The right to request information about your personal data processed by us pursuant to Art. 15 GDPR. In particular, you can request information on the purpose of processing, the category of personal data being processed, the categories of recipients to whom your data has been disclosed, the planned retention period, the right to rectification or erasure of personal data, or restriction of processing of your data, the right to lodge a complaint, what the source of the data is, if it wasn’t collected by us, and if any automated decision-making, including profiling exists and, where appropriate, meaningful information about their details.
  • The right, in accordance with Art. 16 GDPR, to demand the correction of incorrect or completion of incomplete personal data stored by us without delay.
  • The right to demand the deletion of your personal data stored with us, according to Art. 17 GDPR, as far as the processing is not required for the right of freedom of expression and information, the compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims.
  • The right to demand the restriction of the processing of your personal data, in accordance with Art. 18 GDPR, as far as the accuracy of the data is disputed by you, the processing is unlawful, but you oppose the erasure and we no longer need the data, but they are required by you for the establishment, exercise or defense of legal claims or you have lodged an objection against the processing pursuant to Art. 21 GDPR.
  • The right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our above-named company domicile or, if applicable, your usual place of residence or workplace.
    The supervisory authority responsible for Qwist is:
    The Hamburg Commissioner for Data Protection and Freedom of Information (Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit)
    Ludwig-Erhard-Str. 22
    20459 Hamburg
    Phone: 040 / 428 54 – 4040,
    Email: mailbox@datenschutz.hamburg.de
    The supervisory authority with which the appeal has been lodged shall inform the appellant of the status and results of the appeal, including the possibility of a judicial remedy under Art. 78 GDPR.
  • Right to withdraw granted consent pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw the previously given consent in the processing of data at any time with effect for the future. In the case of withdrawal, we will delete the data concerned immediately, as far as further processing cannot be based on a legal basis where consent is not required for processing. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation;
  • Right to data portability:
    You have the right granted by the European regulator to receive the personal data concerning you that you have provided to Qwist in a structured, common and machine-readable format. You also have the right to transfer this data to another data controller without obstruction by Qwist, provided that the processing is based on the consent provided for in Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR or on a contract in accordance with Art. 6 para. 1 letter b GDPR and processing is carried out by means of automated procedures, except where processing is necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.
    Furthermore, when exercising your right to data transferability pursuant to Art. 20 para. 1 GDPR, the right to require that the personal data is transmitted directly from Qwist to another responsible person, as far as technically feasible and provided that this does not affect the rights and freedoms of others.
    To assert the right to data transferability, you can contact our support employees at any time.
  • Right to object
    If your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. (f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, insofar as this is for reasons that arise from your particular situation. If you object to the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of specifying a particular situation.
    If we process your personal data on the basis of your consent according to Article 6 para. 1 lit. (a) GDPR, you have the right according to Article 7 para. 3 GDPR to withdraw your consent to us at any time. As a result, we are no longer allowed to continue processing data based on this consent in the future.
    If you wish to make use of your right of revocation or objection, an e-mail to contact@qwist.com is sufficient.

9. Versions, Modification of this Privacy Policy

We reserve the right to change this Privacy Policy at any time in accordance with the law. In this way, we can adapt it to current legal requirements and take changes in our services into account, e.g. when introducing new services. When we make changes to this Policy, we will inform users on our website, via app or via e-mail. The most current version applies to your visit.

This version of this policy is effective as of 17. April 2025.