Data Privacy
Privacy Notice
We, Aleph Alpha GmbH , operate www.aleph-alpha.com and collect certain data from you, whereas necessary. In the following privacy policy, you will be informed what we do with your data, so-called personal data, and why we do this. We will also inform you how we protect your data, when this data is deleted and what rights you have within data protection.
I. Who can I contact?
Responsible for this website is:
Aleph Alpha GmbH
Grenzhöfer Weg 36
69123 Heidelberg
E-mail: privacy@aleph-alpha.com
Data Protection Officer (“Datenschutzbeauftragter”)
Fresh Compliance GmbH
Frank Trautwein
Schönhauser Allee 43a
10435 Berlin Germany
E-mail: dsb@freshcompliance.de
Via the contact data you can reach our Data Protection Officer or another data protection relevant contact. Don’t hesitate to contact us if you have specific questions about your personal data, deletion of your personal data or similar things.
II. What are my rights?
You can contact us – preferably by e-mail to privacy@aleph-alpha.com – at any time if you have any questions about your rights regarding data protection or if you wish to exercise any of the following rights:
- Right to withdraw your consent in accordance with Art. 7 para. 3 GDPR (e.g., you can contact us if you wish to cancel a previously given consent to a newsletter)
- Right to access your data in accordance with Art. 15 GDPR (e.g., you can contact us if you would like to know what data we have stored about you)
- Right to correct your data in accordance with Art. 16 GDPR (e.g., you can contact us if your e-mail address has changed and we should replace your old e-mail address)
- Right to have your data deleted in accordance with Art. 17 GDPR (e.g., you can contact us if you want us to delete certain data that we have stored about you)
- Right to limit data collection in accordance with Art. 18 GDPR (e.g., you can contact us if you do not want us to delete your e-mail address, but only to send absolutely necessary e-mails)
- Right to data portability in accordance with Art. 20 GDPR (e.g., you can contact us to receive your data in a zipped format, if you want to upload it to another website)
- Right to file complaints to the supervisory authority in Baden-Württemberg in accordance with Art. 77 para. 1 f GDPR
YOU ALSO HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR DATA IN ACCORDANCE WITH ART. 21 GDPR (E.G., YOU CAN CONTACT US IF YOU DO NOT AGREE WITH ADVERTISING OR USER ANALYTICS PROCEDURES AS DESCRIBED WITHIN THIS PRIVACY POLICY).
III. General information on deletion of data and storage periods
The following information describes our approach to deletion of data and storage periods in general. For further information concerning deletion of data and storage periods, please see the specific data processing activities below.
Unless otherwise stated, we will delete or anonymize your data as soon as it is no longer needed, e.g., your e-mail address after you have unsubscribed from a newsletter. Your data will also be deleted or blocked automatically if the mandatory storage period expires. Some data may be needed for longer periods of time for legal reasons. You can request information about all personal data we have stored about you. Data protection inquiries and other legal matters may also be stored for a longer period of time within the scope of the legally relevant retention and statute of limitations periods.
IV. General information on data Receipents
The following information describes our approach to data recipients in general. For further information concerning data recipients, please see the specific data processing activities below.
We only share data with our processors within the meaning of the GDPR, i.e., entities that process your data only on our behalf, our instructions and in accordance with respective data processing agreements.
We only share data that is necessary for the performance of the mutual contract or if you have given us your consent, for example, in the context of our newsletter. If no contract exists yet, we share the data in certain cases in the context of legitimate interests. This is the case, for example, if you only want to visit our website or contact us. When you visit our website, it is in the interest of both parties to provide access to the services and to communicate with each other.
We have also entered into data processing agreements with all external recipients to comply with applicable data protection law requirements. Depending on your location, some of the above service providers – if specified – will also transfer your data to the United States. Currently, there is an adequacy decision in place between the EU and the USA. This decision confirms that certified organizations within the scope of the EU-U.S. Data Privacy Framework ensure an adequate level of protection for personal data in the USA. Additional contracts for data processing, known as Standard Contractual Clauses, are also concluded. We also check each service provider together with our data protection officer and ensure that additional security measures are available, such as strong encryption of data.
V. Data processing acitivities
We only process your personal data to the extent that this is necessary for the purposes outlined below and to the extent that processing is permitted by law. We may process the following personal data, depending on how you use our website:
VI. Visiting our website
If you merely wish to browse our website, we only collect personal data that your browser sends to us, e.g.:
- IP address (e.g. 82.93.116.example or 2a02:7122:99222:1112:bdb2:723f:example)
- Approximate location based on IP range (e.g., “Berlin city”)
- Internet provider (e.g., “Telecom” or „AT&T”)
- Internet connection speed (e.g., 120 Mbit)
- Date and time of visit (e.g., 11:55 on 25.05.2023)
- Last visited website (e.g., google.com or sub-pages of the Aleph Alpha website)
- Browser and version (e.g., Chrome or Safari)
- Operating system (e.g., Mac OS)
- Hardware (e.g., Intel processor)
Purpose: The purpose of the temporary storage of the data is, on the one hand, the technical necessity for establishing the connection and, on the other hand, the correct, error-free presentation of our website. The IP address and processing the technical data is necessary to display the website, to prevent display problems for visitors and to correct error messages.
Data recipients: Our website is hosted on Namecheap as our data processor and data recipient. Additionally, Fastly is our data processor and data recipient as we use Fastly’s Content Delivery System as well. This services helps us provide (host) the website and to deliver web content to users. For this purpose, we have concluded a data processing agreement with these data recipients to ensure that the personal data is only processed in accordance with our instructions. Personal data is processed by Namecheap in the United States. Further information can be found for Namecheap at https://www.namecheap.com/legal/universal/data-processing-addendum/#:~:text=Namecheap%E2%80%99s%20sub-processors%20will%20process%20personal%20data, and for Fastly at https://www.fastly.com/data-processing/.
Deletion of data and storage periods: We delete or anonymise the IP address after your visit to our website. This means that the other technical data can no longer be traced back to you and are only used for anonymous, statistical purposes to optimise our website.
Legal basis: We process this personal data based on our legitimate interest to provide the website to our visitors, in accordance with the European data protection requirements from Art. 6 para. 1 lit. f GDPR. Upon request, we will provide you with further information concerning the balancing of interests.
VII. Contacting us and communication
If you decide to contact us by email or other means, we may process the information you provide to us. The information provided and subsequently processed may include, for example, the following data:
- First name / last name
- Telephone
- Company
- Job title
- Number of employees
- Address
- City
- Country
- ZIP/Postal Code
- Organization type
- Message or request
Purpose: We process the personal data you provide to process your request and communicate with you.
Deletion of data and storage periods: Your personal data will generally be deleted once your contact request has been fully resolved. On a case-by-case basis, the nature or results of your contact request may require a longer retention period (e.g., due to mandatory legal retention periods), and we will inform you separately if applicable.
Legal basis: We process this personal data based on our legitimate interest to process and respond to requests, in accordance with the European data protection requirements from Art. 6 para. 1 lit. f GDPR. Upon request, we will provide you with further information concerning the balancing of interests. If you contact us to initiate, implement and / or terminate a business relationship, the legal basis for the processing is Article 6 para. lit. b) GDPR.
VIII. Sign up
You also have the option of signing up on our website and then logging in at any time with a user account. To register with us, the following data is required:
- First- / Last name
- Email address
- Type of organization
- Reason for signing up / eligibility
- Password
Purpose: We process the personal data to create a user account that provides extended functionality to the website or other services on the website, e.g., access to some of our services. We may ask you for the reason for signing up to determine your eligibility for the signed-up account (e.g., if you sign up for research access).
Deletion of data and storage periods: Your personal data will generally be deleted once your account – or individual personal data relating to your account – is deleted, unless the relationship established mandates or justifies a longer retention period (e.g., due to mandatory legal retention periods). We will inform you separately if applicable.
Legal basis: We process this personal data based on your consent in accordance with the European data protection requirements under Art. 6 para. 1 lit. a GDPR. In cases where the sign up is required for the mutual conclusion of the contract, the legal basis is the fulfilment of the contract in accordance with the European data protection requirements from Art. 6 para. 1 lit. b GDPR.
IX. Newsletter
If you are interested in receiving updates about our company or our products, you can subscribe to our newsletter. You will then receive an e-mail in which you must click on a link to confirm receipt of the newsletter. We will then save your e-mail address until you unsubscribe from the newsletter. For this purpose, you will find a corresponding link to unsubscribe in every e-mail of our newsletter. The delivery of the newsletter is carried out by the specialized service provider Mailchimp. Further information can be found in the service provider’s privacy policy: https://www.intuit.com/privacy/statement/.
Purpose: We process the personal data to send our newsletter to your personal e-mail address in order to fulfil your request for updates about our company or our products.
Deletion of data and storage periods: If you confirmed receipt of the newsletter, your personal data will generally be deleted once you opt out from our newsletter. Additionally, we will delete your personal data after two years if you do not refresh your consent. If you did not confirm receipt of the newsletter, your personal data will be deleted after 48 hours.
Legal basis: We process this personal data based on your consent in accordance with the European data protection requirements under Art. 6 para. 1 lit. a GDPR.
X. Job applications
Insofar as you apply to us online or otherwise respond to one of our job ads, we collect and process the personal applicant data provided in the application. The following data may be provided as part of your application on our website:
- Name (required)
- Email (required)
- Phone number (optional)
- Resume (required)
- Other files (e.g., references or certificates) (optional)
- Availability to work in the office location (required)
- Starting date (required)
- Expected salary (optional)
- LinkedIn profile (optional)
- GitHub profile (optional)
Additional information may be processed as may be provided during the course of the job application process.
Purpose: We process the personal data to process your application. If we conclude an employment contract, the transmitted data will be processed for the purpose of performing the employment relationship in compliance with the statutory provisions. Furthermore, we may offer you the option to retain your application data to contact you with further job ads relevant to your initial application.
Data recipients: As part of the job application process, we also use a recruiting and applicant management software, which is provided by the service provider Ashby as our data processor and data recipient. This software helps us to place job advertisements and manage applications centrally. For this purpose, we have concluded a data processing agreement to ensure that the personal data of our applicants is only processed in accordance with our instructions. Personal data is processed by Ashby in the United States. Further information can be found in the service provider’s privacy policy: https://www.ashbyhq.com/privacy
Deletion of data and storage periods: If we do not conclude an employment contract, the application documents will be deleted six months after notification of the rejection decision – this retention period is justified by a potential obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG). You have the option to give your consent to us retaining your application data for up to one year to contact you.
Legal basis: We process your personal data for the establishment and performance of the employment relationship on the basis of an employment contract in accordance with Art. 6 para. 1 lit. b GDPR, Art. 88 GDPR with § 26 BDSG (Federal Data Protection Act of Germany, where applicable). If we retain your application data to contact you for other job offerings for up to one year, your personal data will be processed based on your consent in accordance with the European data protection requirements under Art. 6 para. 1 lit. a GDPR. To the extent we retain your personal data for six months after notification of the rejection decision, we process (retain) this personal data based on our legitimate interest in accordance with the European data protection requirements from Art. 6 para. 1 lit. f GDPR; our legitimate interest is to justify our decision by a potential obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG). Upon request, we will provide you with further information concerning the balancing of interests.
Date of the privacy policy: 4 September 2024