If you have any questions regarding the processing of your personal data, you can contact our external data protection officer directly. He and his team are also available to deal with requests for information, applications or complaints:
Data protection officer of the Workpath GmbH
Nymphenburger Strasse 86
The responsible body within the meaning of the data protection laws is
Nymphenburger Strasse 86
Managing Director: Johannes Müller
Seat of the company: Munich, register court: Munich Local Court, HRB 230902
When you access our website, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your internet service provider and similar information. This is anonymized information which does not allow any conclusions to be drawn about your person. Processing is carried out in accordance with Art. 6 Para. 1 lit. f DSGVO on the basis of our justified interest in improving the stability and functionality of our website. Anonymous information of this kind is statistically evaluated by us in order to optimize our website and the technology behind it.
Like many other websites, we also use so-called "cookies". Cookies are small text files that are transferred to your hard drive from a website server. This automatically provides us with certain data such as IP address, browser used, operating system via your computer and your connection to the Internet.
Cookies cannot be used to start programs or transfer viruses to a computer. We can use the information contained in cookies to make navigation easier for you and to enable our websites to be displayed correctly.
Under no circumstances will the data we collect be passed on to third parties or linked to personal data without your consent.
To protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g. SSL) via HTTPS.
If you register to receive our newsletter, the data you provide will be used exclusively for this purpose. Subscribers can also be informed by e-mail about circumstances relevant to the service or registration (for example, changes to the newsletter offer or technical conditions).
For an effective registration we need a valid e-mail address. In order to verify that a registration is actually made by the owner of an e-mail address, we use the "double opt-in" procedure. For this purpose, we log the ordering of the newsletter, the sending of a confirmation e-mail and the receipt of the hereby requested answer. Further data is not collected. The data will be used exclusively for the newsletter and will not be passed on to third parties. You can revoke your consent to the storage of your personal data and its use for the newsletter at any time. In each newsletter is a corresponding link. Alternatively, you can unsubscribe from the newsletter at any time by sending an e-mail to email@example.com.
If you contact us by e-mail or contact form, the information you provide will be stored for the purpose of processing your inquiry and for possible follow-up questions.
We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as required by the various storage periods provided for by law. After the respective purpose has ceased to exist or these periods have expired, the corresponding data is routinely blocked or deleted in accordance with the statutory provisions.
This website uses Google Analytics, a web analysis service of Google Inc. (following: Google). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, due to the activation of IP anonymization on these websites, your IP address will be shortened by Google within member states of the European Union or in other signatory states of the Agreement on the European Economic Area before. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. The IP address transmitted by your browser within the framework of Google Analytics is not combined with other data from Google.
In addition or as an alternative to the browser add-on, you can prevent tracking by Google Analytics on our pages by clicking on this link. This will install an opt-out cookie on your device. This prevents Google Analytics from tracking this website and this browser in the future as long as the cookie remains installed in your browser.
Our website uses Google Conversion Tracking. If you have reached our website via an advertisement placed by Google, Google Adwords will set a cookie on your computer. The conversion tracking cookie is set when a user clicks on an ad served by Google. These cookies expire after 30 days and are not personally identifiable. If the user visits certain pages on our site and the cookie hasn't expired, we and Google can tell that the user clicked the ad and was redirected to that page. Each Google AdWords customer receives a different cookie. As a result, cookies cannot be tracked across the websites of AdWords customers. The information collected through the conversion cookie is used to compile conversion statistics for advertisers who have opted in to conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
If you do not wish to participate in tracking, you can refuse to accept cookies by changing your browser settings to disable automatic placement of cookies or to set your browser to block cookies from the domain "googleleadservices.com".
Please note that you may not delete the opt-out cookies unless you wish to record measurement data. If you have deleted all your cookies in your browser, you have to set the respective opt-out cookie again.
This website uses the remarketing feature of Google Inc. to deliver interest-based ads to website visitors within the Google advertising network. A so-called "cookie" is stored in the visitor's browser, which makes it possible to recognize the visitor when he or she visits websites that belong to the Google advertising network. On these pages the visitor may be presented with advertisements relating to content that the visitor has previously viewed on websites that use Google's remarketing function.
This website uses the Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personal information. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If disabled at the domain or cookie level, it will remain disabled for all tracking tags implemented with Google Tag Manager.
On some of our websites we embed Youtube videos. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page with the YouTube plugin, a connection is established to Youtube servers. This tells Youtube which pages you visit. If you are logged in to your YouTube account, Youtube can assign your surfing behavior to you personally. You can prevent this by first logging out of your Youtube account.
If you've disabled cookies for the Google Ad program, you won't be able to expect to receive cookies when you watch Youtube videos. However, Youtube also stores non-personal usage information in other cookies. If you want to prevent this, you must block the storage of cookies in your browser.
On our website we use the analysis and conversion tracking technology of the LinkedIn platform. LinkedIn's aforementioned technology allows us to display more relevant advertising based on your interests.
You may opt-out of LinkedIn's analysis of your usage patterns and the display of interest-based recommendations by clicking on the "Opt-out" box for LinkedIn members or "Opt-in" box for other users at the link below: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
We use Hubspot for our online marketing activities. This is an integrated software solution with which we cover various aspects of our online marketing.
These include among others:
Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, telephone: +353 1 5187500.
HubSpot is certified under the EU - U.S. Privacy Shield Framework and is subject to TRUSTe's Privacy Seal and the U.S. - Swiss Safe Harbor Framework.
If you do not want Hubspot to collect cookies in general, you can prevent cookies from being stored by your browser settings at any time.
We use Hotjar software (https://www.hotjar.com, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe) to improve the user experience on our websites. Hotjar enables us to measure and evaluate user behavior (mouse movements, clicks, scroll height, etc.) on our website. The information generated by the "tracking code" and "cookie" about your visit to our website is transmitted to the Hotjar servers in Ireland and stored there. The following information is collected by the Tracking Code:
Device dependent data
You can prevent Hotjar from collecting this information by clicking on the following link and following the instructions: https://www.hotjar.com/opt-out.
If you are a member of New Relic and do not want New Relic to collect data about you on our pages in order to link them with your membership data stored at New Relic, you must log out of New Relic before visiting our pages.
You have the right to receive information about your personal data stored by us at any time. You also have the right to correction, blocking, restriction of processing, data transferability or, apart from the prescribed data storage for business purposes, deletion of your personal data. You will find our contact details at the top.
In order that a blockage of data can be considered at any time, this data must be kept in a block file for control purposes. You can also demand the deletion of the data, as long as there is no legal archiving obligation. If such an obligation exists, we will block your data upon request.
You can make changes or withdraw your consent by notifying us accordingly with effect for the future.
In addition, you have the right of appeal to a competent data protection supervisory authority (Art. 77 DSGVO in conjunction with § 19 BDSG). A list of the supervisory authorities (for the non-public sector) with their addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data relating to you that is carried out on the basis of Art. 6, para. 1, letter f) DPA (data processing based on a balancing of interests); this also applies to profiling based on this provision within the meaning of Art. 4, no. 4 DPA.If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
We reserve the right to adapt this data protection declaration from time to time so that it always meets current legal requirements or to implement changes to our services in the data protection declaration, e.g. when new services are introduced. The new data protection declaration then applies to your next visit.
The data protection declaration was created with the data protection declaration generator of activeMind AG and adapted to our conditions at the relevant points and supplemented by individual passages.
By using the Service OKR Generator on workpath.com,
a) that your data subjected to this Service is processed by Workpath GmbH (Germany) and Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA and its subsidiaries;
b) that You comply with the terms and conditions and the additional terms available here:
and c) that You will not subject personal or confidential data to this Service.
On https://company.workpath.com/ according to Art. 13 ff GDPR (full GDPR text available on https://gdpr-info.eu/):
Who is responsible for processing my data?
Workpath (https://www.workpath.com/de/impressum) provides a Software as a Services solution (hereinafter the "Software") to your employer under this website and processes, among others, your personal data in the context of a so-called commissioned processing pursuant to Article 28(3) of the GDPR in order to fulfill the software usage agreement concluded with your employer. The responsible party is your employer, unless Workpath processes data for its own purposes.
Workpath GmbH ("Workpath" or "We").
Nymphenburger Straße 8680636 Munich
Managing Director: Johannes Müller
Registered office of the company: Munich
Registry court: Munich Local Court, HRB 230902.
Who is the data protection officer?
The data protection officer of Workpath GmbH is:
Your employer will provide you with the name and contact information for your employer's data protection officer.
What data and data categories are used and where do they come from?
We process the following personal data that we receive from your employer as part of our business relationship:
What security measures has Workpath implemented to protect my data?
Workpath will protect your personal data well. We have implemented appropriate physical, administrative and technical safeguards to protect your personal data from unauthorized access, use and disclosure. Details of this can be found in our Workpath Security Addendum, which is available here: https://www.workpath.com/security-addendum. Personal data is always encrypted in this process when transmitted over the Internet and stored in a database. Workpath Software can generally only be accessed via secure HTTPS access.
For what purposes is the personal data processed?
The processing of personal data by Workpath is necessary to provide the services contractually agreed with your employer, in particular the provision of the Software. In addition, Workpath processes personal data for its own purposes to improve the use of the Software, if you consent to this.
What is the legal basis for the processing?
The legal basis for Workpath's commissioned processing is the agreement with your employer on the use of the Software. Your employer processes this data as part of your employment or other contractual relationship between you and your employer.Data processing by Workpath for its own purposes is based on your consent.
Does Workpath use so-called "cookies"?
A cookie is a piece of textual information that can be stored in the browser on the user's device (computer, laptop, smartphone, tablet, etc.) in relation to a visited website. Workpath uses such cookies to provide the services agreed with your employer ("Functional Cookie") and to improve your experience of using the Software ("Non-Functional Cookie").
Overview of cookies used by Workpath:
In addition, the following further data processing takes place for technical reasons with regard to the security of the product:
Access logs ("Server logs")
General log data, so-called server logs, are automatically recorded with each access as well as with significant activities within the Software. These data are usually pseudonyms and therefore do not allow any conclusions to be drawn about a natural person.Without this data, it would not be technically possible in part to deliver and display the contents of the Software. In addition, the processing of this data is mandatory for security reasons, in particular for access, input and transfer and storage control. Furthermore, the anonymous information can be used for statistical purposes as well as for the optimization of the offer and the technology. In addition, the log files can be subsequently controlled and evaluated in the event of suspicion of illegal use of the Software. Data such as the domain name of the website, the web browser and web browser version, the operating system, the IP address and the time stamp of access to the Software are generally recorded. The scope of this logging does not exceed the usual scope of any other website on the Internet.The storage period of these access logs is up to 30 days.
Error logs (“error logs”)
For the purpose of error identification and correction, so-called error logs are created. This is absolutely necessary in order to be able to react to possible problems in the presentation and implementation of content as promptly as possible (legitimate interest). These data are usually pseudonyms and therefore do not allow any conclusions to be drawn about a natural person. When an error message occurs, general data such as the domain name of the website, the web browser and web browser version, the operating system, the IP address and the time stamp when the corresponding error message or specification occurred are recorded.The storage period of these error logs is up to 90 days.
Activity logs ("audit logs")
Log data, so-called audit logs, are automatically recorded for documentary evidence of security-relevant activities (in particular access, modification and deletion actions).The processing of this data is mandatory for security reasons, in particular for access, input, transfer and storage control. In addition, the log files can be subsequently checked and evaluated if there is any suspicion of unlawful use of the Software. General data such as the type of activity, the ID of the person performing the activity, the ID of the object of the activity, the client, the IP address and the timestamp of the execution of the activity are recorded.The storage period of these activity logs is 360 days.
Saving data in local memory
In some cases, data is also stored in the so-called local memory within the Software, i.e. the memory capacity of your browser is used. In principle, this data is used to ensure security when visiting a website or Software ("absolutely necessary"), to implement certain functionalities such as standard language settings ("functional") or to improve the user experience or performance on the website ("performance").Within the Software, only strictly necessary and functional data is stored in the Local Storage, in particular to identify the User and to ensure security. The use of the local memory is absolutely necessary for the provision of our services and thus for the fulfillment of the contract with your employer.The storage period ends with the termination of the Software session.
In the field of "Cookies", we also use Google Analytics service from Google Ireland Limited, as shown above in the "Cookies" overview, to obtain information so that we can continuously improve our Software with a view to the user experience (e.g. access desktop versus mobile device, screen size, internet browser type). This processing is based on your consent within the cookie banner before using our Software.More information about Google's order processing is here:
and more information on data protection there:
Google anonymizes here your IP address that you use when accessing our Software, cf.
Workpath is solely responsible for this processing.
Who receives your personal data?
Workpath processes your data in the course of providing the services agreed with your employer. At Workpath, only employees are given access to your data to the extent necessary in the course of their employment.In order to provide and continuously improve our services, Workpath uses third party service providers, known as sub-processors, who are subject to Workpath's control and instructions and with whom sub-processing agreements are in place. We have selected these third party service providers carefully and in accordance with the provisions of the GDPR. An overview of the current sub-processors, including so-called "sub-processors", agreed with your employer can be viewed here: https://www.workpath.com/subprocessors. If your employer has agreed with Workpath, we may a) only use the sub-processor Pendo with a so-called tokenization solution without using your email address, and/or b) not use the sub-processor Zendesk at all.
Will my data be transferred to a third country outside the EU?
No, all processing operations by Workpath and sub-processors take place in the EU.
For how long will the personal data be processed?
Personal data will be processed for at least the duration of your employment relationship with your employer and will be deleted no later than 30 days after the termination of the contract between Workpath and your employer. Before that, your employer may delete or correct your personal data itself at any time.
What data protection rights can I assert as a data subject (e.g. rights to information)?
You can assert all rights according to Art 15 ff GDPR against your employer or against Workpath, in particular your right to information, rectification, deletion, etc. You can reach Workpath for this purpose at the contact details provided above. Please note that to assert your data subject rights arising from processing for the purpose of employment, you should address your employer directly; however, Workpath will be happy to pass on incoming requests to your employer if necessary.
To which authority can I complain, if any?
The data protection supervisory authority responsible for Workpath is:
Bavarian State Office for Data Protection Supervision ("BayLDA").
Promenade 1891522 Ansbach
Phone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
You can find out the data protection authority responsible for your employer from your employer's data protection officer or you can find out here based on the federal state in which your employer is located: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.
No automated decision making or profiling is performed by Workpath.
Version: December 2022
Workpath Legal Department