Privacy Policy

If you have any questions regarding the processing of your personal data, you can contact our external data protection officer directly. He and his team are also available to deal with requests for information, applications or complaints:

Data protection officer of the Workpath GmbH
Data protection officer of Workpath GmbH
PROLIANCE GmbH
www.datenschutzexperte.de
Leopoldstr. 21
80802 Munich
datenschutzbeauftragter@datenschutzexperte.de

When contacting the Data Protection Officer, please state the company to which your enquiry relates. Please refrain from enclosing sensitive information such as a copy of an identity card with your enquiry.

The responsible body within the meaning of the data protection laws is
Workpath GmbH
Ridlerstraße 39
80339 Munich
Germany
Managing Director: Johannes Müller
Seat of the company: Munich, register court: Munich Local Court, HRB 230902

Acquisition of general information

When you access our website, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your internet service provider and similar information. This is anonymized information which does not allow any conclusions to be drawn about your person. Processing is carried out in accordance with Art. 6 Para. 1 lit. f DSGVO on the basis of our justified interest in improving the stability and functionality of our website. Anonymous information of this kind is statistically evaluated by us in order to optimize our website and the technology behind it.

Cookies

Like many other websites, we also use so-called "cookies". Cookies are small text files that are transferred to your hard drive from a website server. This automatically provides us with certain data such as IP address, browser used, operating system via your computer and your connection to the Internet.

Cookies cannot be used to start programs or transfer viruses to a computer. We can use the information contained in cookies to make navigation easier for you and to enable our websites to be displayed correctly.

Under no circumstances will the data we collect be passed on to third parties or linked to personal data without your consent.

Of course, you can always view our website without cookies. Internet browsers are regularly set to accept cookies. You can deactivate the use of cookies at any time via the settings of your browser. Please use the help functions of your Internet browser to find out how to change these settings. Please note that individual functions of our website may not work if you have deactivated the use of cookies.

SSL Encryption

To protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g. SSL) via HTTPS.

Newsletter

If you register to receive our newsletter, the data you provide will be used exclusively for this purpose. Subscribers can also be informed by e-mail about circumstances relevant to the service or registration (for example, changes to the newsletter offer or technical conditions).

For an effective registration we need a valid e-mail address. In order to verify that a registration is actually made by the owner of an e-mail address, we use the "double opt-in" procedure. For this purpose, we log the ordering of the newsletter, the sending of a confirmation e-mail and the receipt of the hereby requested answer. Further data is not collected. The data will be used exclusively for the newsletter and will not be passed on to third parties. You can revoke your consent to the storage of your personal data and its use for the newsletter at any time. In each newsletter is a corresponding link. Alternatively, you can unsubscribe from the newsletter at any time by sending an e-mail to datenschutz@workpath.com.

Contact Form

If you contact us by e-mail or contact form, the information you provide will be stored for the purpose of processing your inquiry and for possible follow-up questions.

Deletion or Blocking of Data

We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as required by the various storage periods provided for by law. After the respective purpose has ceased to exist or these periods have expired, the corresponding data is routinely blocked or deleted in accordance with the statutory provisions.

Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. (following: Google). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, due to the activation of IP anonymization on these websites, your IP address will be shortened by Google within member states of the European Union or in other signatory states of the Agreement on the European Economic Area before. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. The IP address transmitted by your browser within the framework of Google Analytics is not combined with other data from Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: Browser add-on to deactivate Google Analytics

In addition or as an alternative to the browser add-on, you can prevent tracking by Google Analytics on our pages by clicking on this link. This will install an opt-out cookie on your device. This prevents Google Analytics from tracking this website and this browser in the future as long as the cookie remains installed in your browser.

Further information about Google Analytics can be found in Google's privacy policy, which can be found here: http://www.google.com/intl/de/analytics/privacyoverview.html.

Google Adwords

Our website uses Google Conversion Tracking. If you have reached our website via an advertisement placed by Google, Google Adwords will set a cookie on your computer. The conversion tracking cookie is set when a user clicks on an ad served by Google. These cookies expire after 30 days and are not personally identifiable. If the user visits certain pages on our site and the cookie hasn't expired, we and Google can tell that the user clicked the ad and was redirected to that page. Each Google AdWords customer receives a different cookie. As a result, cookies cannot be tracked across the websites of AdWords customers. The information collected through the conversion cookie is used to compile conversion statistics for advertisers who have opted in to conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

If you do not wish to participate in tracking, you can refuse to accept cookies by changing your browser settings to disable automatic placement of cookies or to set your browser to block cookies from the domain "googleleadservices.com".

Please note that you may not delete the opt-out cookies unless you wish to record measurement data. If you have deleted all your cookies in your browser, you have to set the respective opt-out cookie again.

Google Remarketing

This website uses the remarketing feature of Google Inc. to deliver interest-based ads to website visitors within the Google advertising network. A so-called "cookie" is stored in the visitor's browser, which makes it possible to recognize the visitor when he or she visits websites that belong to the Google advertising network. On these pages the visitor may be presented with advertisements relating to content that the visitor has previously viewed on websites that use Google's remarketing function.

According to its own information, Google does not collect any personal data during this process. If you still do not want Google's remarketing function, you can deactivate it by making the appropriate settings at http://www.google.com/settings/ads. Alternatively, you can disable the use of cookies for interest-based advertising via the advertising network initiative by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp.

Google Tag Manager

This website uses the Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personal information. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If disabled at the domain or cookie level, it will remain disabled for all tracking tags implemented with Google Tag Manager.

Embedded YouTube Videos

On some of our websites we embed Youtube videos. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page with the YouTube plugin, a connection is established to Youtube servers. This tells Youtube which pages you visit. If you are logged in to your YouTube account, Youtube can assign your surfing behavior to you personally. You can prevent this by first logging out of your Youtube account.

If a Youtube video is started, the provider uses cookies that collect information about user behaviour.

If you've disabled cookies for the Google Ad program, you won't be able to expect to receive cookies when you watch Youtube videos. However, Youtube also stores non-personal usage information in other cookies. If you want to prevent this, you must block the storage of cookies in your browser.

Further information on data protection at "Youtube" can be found in the provider's privacy policy at: https://www.google.de/intl/de/policies/privacy/

Facebook Remarketing

This website uses the remarketing function "Custom Audiences" of Facebook Inc. ("Facebook"). This function is used to present visitors to this website with interest-based advertisements ("Facebook Ads") as part of their visit to the social network Facebook. For this purpose, the Remarketing tag of Facebook was implemented on this website. This tag is used to establish a direct connection to the Facebook servers when visiting the website. In doing so, it is transmitted to the Facebook server that you have visited this website and Facebook assigns this information to your personal Facebook user account. You can find more information on the collection and use of data by Facebook and on your rights and options for protecting your privacy in this regard in Facebook's privacy policy at https://www.facebook.com/about/privacy/. Alternatively, you can deactivate the remarketing function "Custom Audiences" at https://www.facebook.com/settings/?tab=ads#_=_. You must be logged in to Facebook to do this.

LinkedIn Conversion Tracking

On our website we use the analysis and conversion tracking technology of the LinkedIn platform. LinkedIn's aforementioned technology allows us to display more relevant advertising based on your interests.

LinkedIn also provides us with aggregated and anonymous reports of ad activity and information about how you interact with our site. For more information about LinkedIn's privacy policy, please visit https://www.linkedin.com/legal/privacy-policy#choices-oblig.

You may opt-out of LinkedIn's analysis of your usage patterns and the display of interest-based recommendations by clicking on the "Opt-out" box for LinkedIn members or "Opt-in" box for other users at the link below: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Hubspot

We use Hubspot for our online marketing activities. This is an integrated software solution with which we cover various aspects of our online marketing.
These include among others:

  • E-mail marketing (newsletters and automated mailings, e.g. to provide downloads)
  • Social Media Publishing & Reporting
  • Reporting (e.g. traffic sources, accesses, etc. ...)
  • Contact management (e.g. user segmentation & CRM)
  • Landing Pages and Contact Forms

Our registration service allows visitors to our website to learn more about our company, download content and provide their contact information and other demographic information. This information, as well as the content of our website, is stored on servers of our software partner HubSpot. We may use this information to contact visitors to our Web site and to determine what services of our company are of interest to them. All information collected by us is subject to this Privacy Policy. We use all information collected solely to optimize our marketing efforts. HubSpot is a software company based in the USA with an office in Ireland.

Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, telephone: +353 1 5187500.

HubSpot is certified under the EU - U.S. Privacy Shield Framework and is subject to TRUSTe's Privacy Seal and the U.S. - Swiss Safe Harbor Framework.

If you do not want Hubspot to collect cookies in general, you can prevent cookies from being stored by your browser settings at any time.

Microsoft Clarity

On our websites, we integrate the "Microsoft Clarity" service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

In the European Union (EU) and the European Economic Area (EEA), the service is provided by Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.

We use the service to better understand, analyze and evaluate the origin and nature of our website visitors and how they interact with our websites.

The service provides statistical evaluations of certain individual values (e.g. pages visited per session, scroll depth, length of stay of visitors, origin, type of end device used), heat maps (graphical highlighting of user clicks on individual web pages) and session recordings (playable recordings of how individual users interact with our websites during a visit).

Cookies and similar technologies, in particular JavaScript, are used to store and read data on your end device.

On the basis of the results obtained, we try to

  • to trace the origin of visitors to our websites,
  • to identify errors in the structure and design of the websites or insufficient compatibility with certain end devices, browsers or operating systems,
  • Understand the barriers to visitors using our websites and
  • recognize the effectiveness of online advertising campaigns.

In this way, we are able to understand how we can adapt and optimize our websites to existing demand and can manage our online advertising campaigns more effectively.

For these purposes, the service collects various information about visits to the websites, the end devices used and the interactions of a user with our websites on the basis of a pseudonym.

In particular, the following types of data are processed by the service:

  • User pseudonym (Clarity User ID).
  • Website visit data
  • IP address of the requesting end device
  • Time of the request
  • Number of visits
  • Length of stay
  • referring third party websites
  • Websites visited
  • Country of origin of the user
  • Data on end devices
  • Type of device (PC, tablet, mobile device, other)
  • Screen resolution
  • Operating system
  • Web browser
  • Interactions with the website
  • Mouse pointer movements
  • Click behavior
  • Scroll behavior
  • Entered text
  • Selected text
  • Clicked text
  • Recording of the entire website visit (session recording)

The legal basis for the integration and use of the service is your consent. The use of cookies and similar technologies is based on § 25 para. 1 TTDSG. The subsequent data processing is based on Art. 6 para. 1 sentence 1 lit a GDPR.

Your consent is voluntary and can be freely revoked at any time with effect for the future. To exercise your revocation, please use the "Cookie declaration" link at the bottom of the website to access our consent management platform again and change your settings.

As it is possible for Microsoft to transfer personal data to affiliated companies and subcontractors in countries outside the EU and the EEA, further protective mechanisms are required to ensure the level of data protection under the GDPR. For the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 para. 1 GDPR with regard to companies with certification under the EU-U.S. Data Privacy Framework. Microsoft Corporation is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search

For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.

In principle, we have no influence on further data processing by the third-party provider.

Further information on the handling of personal data by the provider of the service can be found at https://privacy.microsoft.com/de-de/privacystatement.

Storage duration
By integrating the service on our websites, data is transmitted to the above-mentioned recipients and stored there for a period of 13 months. Playable recordings of sessions are deleted after 30 days. No further storage of the data processed by the service and made available to us in our own systems takes place.

Hotjar

We use Hotjar software (https://www.hotjar.com, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe) to improve the user experience on our websites. Hotjar enables us to measure and evaluate user behavior (mouse movements, clicks, scroll height, etc.) on our website. The information generated by the "tracking code" and "cookie" about your visit to our website is transmitted to the Hotjar servers in Ireland and stored there. The following information is collected by the Tracking Code:

Device dependent data

  • IP address of your device (collected and stored in anonymous form)
  • Your e-mail address including first name and surname, if you have made this available to us via our website
  • Screen size of your device
  • Device type and browser information
  • Your location (country)

Log Daten

  • Referring domain
  • Visited pages
  • Geographical point of view (only the country)
  • The preferred language to display our website
  • Date and time when the website was accessed

Hotjar will use this information to evaluate your use of our website. Hotjar also uses the services of third party companies, such as Google Analytics and Optimizely, to provide services. These third parties may store information that your browser sends when you visit the website (for example, cookies or IP requests). For more information on how Google Analytics and Optimizely store and use data, please see their respective privacy policies. If you continue to use this website, you consent to the processing of data by Hotjar and its third party providers as described above in their privacy policies.Hotjar uses cookies with different durations.

You can prevent Hotjar from collecting this information by clicking on the following link and following the instructions: https://www.hotjar.com/opt-out.

Pingdom

Our website uses Pingdom, a service provided by Pingdom AB, Kopparbergsvägen 8, 72213 Västeras, Sweden. Among other things, Pingdom uses cookies that are stored on your computer and enable an analysis of your use of the website. As part of the use of the website, data, such as in particular the IP address and activities of the user, may be transmitted to a server of the company Pingdom AB and stored there. You can prevent the collection and forwarding of personal data (in particular your IP address) and the processing of this data by deactivating the execution of Java-Script in your browser or by installing a tool such as "NoScript". Further information on data protection when using Pingdom can be found at the following link: https://www.pingdom.com/legal/privacy-policy.

New Relic

This website uses a plug-in of the web analysis service of New Relic. This service is provided by New Relic Inc, 188 Spear Street, Suite 1200 San Francisco, CA 94105, USA. This enables statistical evaluations of the speed of the website to be recorded. Through the plugin, New Relic receives the information that a user has called up the corresponding page of the offer. If you are logged in as a user at New Relic, New Relic can assign the visit to your account. If you are not a member of New Relic, it is still possible for New Relic to find out and save your IP address. The purpose and extent of data collection, as well as information on the processing and use of data by New Relic, as well as setting possibilities for the protection of the users' privacy, can be taken from New Relic's privacy policy: https://newrelic.com/termsandconditions/privacy.
If you are a member of New Relic and do not want New Relic to collect data about you on our pages in order to link them with your membership data stored at New Relic, you must log out of New Relic before visiting our pages.

Your rights to information, correction, blocking, deletion, restriction of processing, data transferability and objection

You have the right to receive information about your personal data stored by us at any time. You also have the right to correction, blocking, restriction of processing, data transferability or, apart from the prescribed data storage for business purposes, deletion of your personal data. You will find our contact details at the top.

In order that a blockage of data can be considered at any time, this data must be kept in a block file for control purposes. You can also demand the deletion of the data, as long as there is no legal archiving obligation. If such an obligation exists, we will block your data upon request.
You can make changes or withdraw your consent by notifying us accordingly with effect for the future.

In addition, you have the right of appeal to a competent data protection supervisory authority (Art. 77 DSGVO in conjunction with § 19 BDSG). A list of the supervisory authorities (for the non-public sector) with their addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

Information about your right of objection according to Art. 21 DSGVO

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data relating to you that is carried out on the basis of Art. 6, para. 1, letter f) DPA (data processing based on a balancing of interests); this also applies to profiling based on this provision within the meaning of Art. 4, no. 4 DPA.If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

Amendment of our data protection provisions

We reserve the right to adapt this data protection declaration from time to time so that it always meets current legal requirements or to implement changes to our services in the data protection declaration, e.g. when new services are introduced. The new data protection declaration then applies to your next visit.

The data protection declaration was created with the data protection declaration generator of activeMind AG and adapted to our conditions at the relevant points and supplemented by individual passages.

OKR Generator

By using the Service OKR Generator on workpath.com,
You agree
a) that your data subjected to this Service is processed by Workpath GmbH (Germany) and Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA and its subsidiaries;
b) that You comply with the terms and conditions and the additional terms available here:
https://azure.microsoft.com/en-us/support/legal/
https://azure.microsoft.com/en-us/support/legal/preview-supplemental-terms/
and c) that You will not subject personal or confidential data to this Service.

ROI Calculator

By using the Service ROI Generator on workpath.com,
You agree
a) that your data subjected to this Service is processed by Workpath GmbH (Germany) and Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723 USA as well as by PDFShift S.A.S. Software, Inc. 2023. 128 rue la boétie, 2nd floor, 75008 PARIS, France, and their respective subsidiaries;
b)  and c) that You will not subject  confidential data to this Service.

Data protection information in accordance with the General Data Protection Regulation ("GDPR")

On https://company.workpath.com/ according to Art. 13 ff GDPR (full GDPR text available on https://gdpr-info.eu/): 

Who is responsible for processing my data?  
Workpath (https://www.workpath.com/de/impressum) provides a Software as a Services solution (hereinafter the "Software") to your employer under this website and processes, among others, your personal data in the context of a so-called commissioned processing pursuant to Article 28(3) of the GDPR in order to fulfill the software usage agreement concluded with your employer. The responsible party is your employer, unless Workpath processes data for its own purposes. 

Contact Information:
Workpath GmbH ("Workpath" or "We").
Ridlerstraße 39
80339 Munich
Germany
get-started@workpath.com 

Managing Director: Johannes Müller
Registered office of the company: Munich
Registry court: Munich Local Court, HRB 230902.

Data protection officer of the Workpath GmbH
Data protection officer of Workpath GmbH
PROLIANCE GmbH
www.datenschutzexperte.de
Leopoldstr. 21
80802 Munich
datenschutzbeauftragter@datenschutzexperte.de

When contacting the Data Protection Officer, please state the company to which your enquiry relates. Please refrain from enclosing sensitive information such as a copy of an identity card with your enquiry.

The responsible body within the meaning of the data protection laws is
Workpath GmbH
Ridlerstraße 39
80339 Munich
Germany
Managing Director: Johannes Müller
Seat of the company: Munich, register court: Munich Local Court, HRB 230902

What data and data categories are used and where do they come from?
We process the following personal data that we receive from your employer as part of our business relationship:

  • Name
  • Email address
  • System language
  • Profile picture (optional)
  • Supervisor (optional)
  • Position (optional)
  • Department (optional)
  • Location

What security measures has Workpath implemented to protect my data?
Workpath will protect your personal data well. We have implemented appropriate physical, administrative and technical safeguards to protect your personal data from unauthorized access, use and disclosure. Details of this can be found in our Workpath Security Addendum, which is available here: https://www.workpath.com/security-addendum.  Personal data is always encrypted in this process when transmitted over the Internet and stored in a database. Workpath Software can generally only be accessed via secure HTTPS access.

For what purposes is the personal data processed?
The processing of personal data by Workpath is necessary to provide the services contractually agreed with your employer, in particular the provision of the Software. In addition, Workpath processes personal data for its own purposes to improve the use of the Software, if you consent to this.

What is the legal basis for the processing?
The legal basis for Workpath's commissioned processing is the agreement with your employer on the use of the Software. Your employer processes this data as part of your employment or other contractual relationship between you and your employer.Data processing by Workpath for its own purposes is based on your consent.

Does Workpath use so-called "cookies"?
A cookie is a piece of textual information that can be stored in the browser on the user's device (computer, laptop, smartphone, tablet, etc.) in relation to a visited website. Workpath uses such cookies to provide the services agreed with your employer ("Functional Cookie") and to improve your experience of using the Software ("Non-Functional Cookie").

Overview of cookies used by Workpath:

Name of the Cookie? Functional cookie?
= Is the cookie technically essential?
If "functional cookie", why is it technically essential? TTL/time to live of the Cookie Does a third party set the cookie?
Which one?
workpath_account Yes Session Cookie Bound to browser session No
_pendo_* Yes Provision of user guides, popups and other UI elements which are part of the product 100 days Pendo

In addition, the following further data processing takes place for technical reasons with regard to the security of the product:

Access logs ("Server logs")
General log data, so-called server logs, are automatically recorded with each access as well as with significant activities within the Software. These data are usually pseudonyms and therefore do not allow any conclusions to be drawn about a natural person.Without this data, it would not be technically possible in part to deliver and display the contents of the Software. In addition, the processing of this data is mandatory for security reasons, in particular for access, input and transfer and storage control. Furthermore, the anonymous information can be used for statistical purposes as well as for the optimization of the offer and the technology. In addition, the log files can be subsequently controlled and evaluated in the event of suspicion of illegal use of the Software. Data such as the domain name of the website, the web browser and web browser version, the operating system, the IP address and the time stamp of access to the Software are generally recorded. The scope of this logging does not exceed the usual scope of any other website on the Internet.The storage period of these access logs is up to 30 days. 

Error logs (“error logs”)
For the purpose of error identification and correction, so-called error logs are created. This is absolutely necessary in order to be able to react to possible problems in the presentation and implementation of content as promptly as possible (legitimate interest). These data are usually pseudonyms and therefore do not allow any conclusions to be drawn about a natural person. When an error message occurs, general data such as the domain name of the website, the web browser and web browser version, the operating system, the IP address and the time stamp when the corresponding error message or specification occurred are recorded.The storage period of these error logs is up to 90 days. 

Activity logs ("audit logs")
Log data, so-called audit logs, are automatically recorded for documentary evidence of security-relevant activities (in particular access, modification and deletion actions).The processing of this data is mandatory for security reasons, in particular for access, input, transfer and storage control. In addition, the log files can be subsequently checked and evaluated if there is any suspicion of unlawful use of the Software. General data such as the type of activity, the ID of the person performing the activity, the ID of the object of the activity, the client, the IP address and the timestamp of the execution of the activity are recorded.The storage period of these activity logs is 360 days. 

Saving data in local memory
In some cases, data is also stored in the so-called local memory within the Software, i.e. the memory capacity of your browser is used. In principle, this data is used to ensure security when visiting a website or Software ("absolutely necessary"), to implement certain functionalities such as standard language settings ("functional") or to improve the user experience or performance on the website ("performance").Within the Software, only strictly necessary and functional data is stored in the Local Storage, in particular to identify the User and to ensure security. The use of the local memory is absolutely necessary for the provision of our services and thus for the fulfillment of the contract with your employer.The storage period ends with the termination of the Software session. 

Who receives your personal data?
Workpath processes your data in the course of providing the services agreed with your employer. At Workpath, only employees are given access to your data to the extent necessary in the course of their employment.In order to provide and continuously improve our services, Workpath uses third party service providers, known as sub-processors, who are subject to Workpath's control and instructions and with whom sub-processing agreements are in place. We have selected these third party service providers carefully and in accordance with the provisions of the GDPR. An overview of the current sub-processors, including so-called "sub-processors", agreed with your employer can be viewed here: https://www.workpath.com/subprocessors. If your employer has agreed with Workpath, we may a) only use the sub-processor Pendo with a so-called tokenization solution without using your email address, and/or b) not use the sub-processor Zendesk at all. 

Will my data be transferred to a third country outside the EU?
No, all processing operations by Workpath and sub-processors take place in the EU.

For how long will the personal data be processed?
Personal data will be processed for at least the duration of your employment relationship with your employer and will be deleted no later than 30 days after the termination of the contract between Workpath and your employer. Before that, your employer may delete or correct your personal data itself at any time.

What data protection rights can I assert as a data subject (e.g. rights to information)? 
You can assert all rights according to Art 15 ff GDPR against your employer or against Workpath, in particular your right to information, rectification, deletion, etc. You can reach Workpath for this purpose at the contact details provided above. Please note that to assert your data subject rights arising from processing for the purpose of employment, you should address your employer directly; however, Workpath will be happy to pass on incoming requests to your employer if necessary.

To which authority can I complain, if any?
The data protection supervisory authority responsible for Workpath is:
Bavarian State Office for Data Protection Supervision ("BayLDA").
Promenade 1891522 Ansbach
Phone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
E-mail: poststelle@lda.bayern.de 
Website: https://www.lda.bayern.de/  

You can find out the data protection authority responsible for your employer from your employer's data protection officer or you can find out here based on the federal state in which your employer is located:
https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

No automated decision making or profiling is performed by Workpath.

Final Provisions
Workpath reserves the right to amend this Privacy Policy at any time to ensure that it always complies with current legal requirements or to implement changes to the services provided to your employer in the Privacy Policy, e.g. when introducing new services. The new privacy policy, which you can access online here at any time, will then apply when you access the Software again.

Workpath GmbH
Version: December 2022
Workpath Legal Department