Preamble

At JOIN, the protection of your personal data has top priority, which is why we always use your data in compliance with the applicable data protection laws, in particular the Swiss Data Protection Act (hereinafter: “DPA”) and the EU General Data Protection Regulation (hereinafter: “GDPR”), as well as in accordance with these data protection provisions (hereinafter collectively: “applicable data protection laws”). With the following Privacy Policy, we want to inform you comprehensively about the data processing carried out through our offer and the use of our platform, pages, applications and services. Please read our privacy policy carefully. 

If you have any questions or comments regarding the processing of your personal data by us, you can contact us at any time at the e-mail address provided in section 2 (“Who is responsible for the processing of your personal data and how can you contact us?”).

We may provide you with additional privacy notices if we deem it appropriate. Such additional privacy statements supplement this Privacy Policy and must be read together with it.

1. Overview

The following privacy policy informs you about the nature and extent of the processing of personal data by JOIN Solutions AG, Eichenstrasse 2, 8808 Pfäffikon SZ (Schwyz), Switzerland (hereinafter: “JOIN”, “we”, “us” or “our”). Personal data is information that can be directly or indirectly attributed or assigned to a person. The processing of your personal data in the context of the use of our Platform and all related pages, applications, products and services (collectively, the “Offer”) is subject to this Privacy Policy.

These data protection provisions apply to the data processing of the JOIN offer, in particular via the platform https://join.com (hereinafter: “Platform”). 

Data processing by JOIN can be summarized essentially as follows:

• For the purpose of processing the contract or providing our platform, all data required for the fulfillment of the terms of use of or the service agreement with JOIN as well as for the further development of our offer will be processed. If external service providers are also involved in the processing of the contract, e.g. companies advertising jobs, optimization services, hosters, CRM tools, etc., your data will be passed on to them to the extent necessary in each case and in accordance with the applicable data protection laws.
• When you access our platform, various information is exchanged between your terminal device and our server. This may also include personal data. The information collected in this way is used, among other things, to analyze the use of our offer and to further optimize our offer.  
• If you contact us via e-mail, contact form or other means of contact, we have an existing business relationship with you or you register for an event or to receive advertising or a newsletter from us, JOIN processes your personal data to the extent necessary in each case to communicate with you and to send you this advertising / newsletter.

In accordance with the requirements of the applicable data protection laws, you have various rights that you can assert against us. These include the right to object to selected data processing, in particular data processing for advertising purposes, the right to receive information about your data processed by us or, in certain cases, the right to have your personal data stored by us deleted. You can find more information about your rights below in section 6 (“What rights do you have with regard to your personal data?”) of this Privacy Policy.

If you have any questions about our privacy policy, you are welcome to contact our Data Protection Officer directly at any time via the e-mail address provided in section 2 (“Who is responsible for processing your personal data and how can you contact us?”). We will always endeavor to answer your questions completely and promptly.

2. Who is responsible for processing your personal data and how can you contact us?

JOIN is responsible for the processing of your personal data in accordance with this Privacy Policy.

Our Data Protection Officer can be reached at the address: JOIN Solutions AG, Data Protection Department, Eichenstrasse 2, 8808 Pfäffikon SZ (Schwyz), Switzerland, or at [email protected].  

We have appointed the following company as our EU representative in accordance with Article 27 (1) of the GDPR in conjunction with Article 3 (2) of the GDPR within the European Union: Fux:Legal, Krausnickstrasse 10, 10115 Berlin, Germany, Data Protection Department, also reachable at [email protected].

3. Why and on what legal basis do we process your personal data?

3.1 Visit of our website

If you visit our website, in particular our platform, information is automatically sent to our servers by the platform and the browser used on your end device and temporarily stored in a so-called log file. The following information is collected without your intervention and stored in the log file until automatic or manual deletion:

• the IP address of the device used,
• the device used,
• the date and time of access,
• the name and URL of the file accessed, the website from which the access was made (referrer URL),
• the unique identifier of the browser you are using,
• and the name of your Internet provider.

The processing of this data is based on our legitimate interest pursuant to Art. 6 (1) f) GDPR. Our legitimate interest follows from the purposes of data collection listed below. At this point, we would like to point out that it is not possible for us to draw any conclusions about your identity from this collected data, nor will we do so. The IP address of your terminal device and the other data listed above are used by us for the following purposes:

• Ensuring smooth connection establishment and functionality of the platform,
• Ensuring a comfortable use of our offer, 
• Evaluation of system security and stability, and 
• other administrative purposes.

Furthermore, we use cookies, tracking tools, targeting methods, and interfaces to other services, such as social media platforms or job boards, for our offer. The exact procedures involved and how your data is used for this purpose are explained in more detail below in section 3.5 (“Online presence and website optimization”) of this privacy policy and in our cookie banner.

3.2 Conclusion, implementation or termination of the terms of use for applicants / candidates

We see our offering as an innovative job placement platform. Our declared goal is to be able to offer every user the jobs that are perfectly suited to him or her. If you register on our platform by creating a user login (consisting of your basic profile as well as your non-deleted pending or completed applications) for yourself, we use your data to fulfill this purpose, namely 

• To help you apply for a vacancy through our platform (see below section 3.2.2, “Data processing when applying for a specific job”), and 
• In particular, to offer you jobs that match your requirements profile and your supposed personal interests and needs as specifically as possible and accordingly not to bother you with useless job offers (see section 3.2.3 below, “Data processing for the transmission of vacant job offers”). For this purpose, we categorize and add further information to your user login. For this purpose, we use statistical information as well as information about you (e.g., basic data of your user login and your undeleted pending or completed application documents), data from your previous application processes via JOIN, as well as publicly accessible data about you to increase the placement rate.

The legal basis for the purposes described above is our fulfillment of the contract with you pursuant to Art. 6 (1) lit. b) GDPR. If your consent is required for this data processing pursuant to Art. 6 (1) lit. a) or Art. 9 (2) lit. a) GDPR, we will obtain this explicitly from you before collecting your personal data.

You have the option to adjust or delete the settings and data in your user login and the respective application process at any time. Please note that if you do not provide the data necessary for the fulfillment of the purpose, you may no longer be able to make full use of our services.

Below you will find a detailed list of the processing purposes and the categories of data that we process to fulfill our obligations to you, as long as you have a usage login with us or you have not terminated your contractual relationship with us:

3.2.1 Data processing during the creation and use of a user login

To create and manage a user login, we need and process the following data from you:

• E-mail address (mandatory for the creation of the user login), 
• Contact details,
• First name, last name (mandatory for the creation of the user login),
• Curriculum vitae, if applicable,
• Testimonials, if applicable, 
• the data you have submitted or entered yourself and generated through the use of our offer, such as your cover letter or letter of application, the stated qualifications, work experience, preferences, diplomas, certificates, further education, etc.

3.2.2. Data processing when applying for a specific job

If you apply for a specific advertised position via our platform, we will then process and transmit the following data to the advertising company:

• E-mail address, 
• Contact details,
• First name, last name,
• Curriculum vitae, if applicable,
• Testimonials, if applicable, 
• the data that you yourself provide or enter and that is generated through the use of our service, such as your cover letter or letter of application, the qualifications, work experience, preferences, publicly available profiles, diplomas, certificates, further education, the answers to questions that a company asks in connection with a job application, etc.

In order to enable you to apply for specific advertised jobs via our platform and to manage your application process, as well as to be able to offer you suitable jobs, we also process your personal data for sending information, confirmation or feedback emails. We may send these emails directly to you or on behalf of and in the name of companies to which you have applied. If you apply for a specific advertised position, we will transmit your data, in particular your application documents and related information, to the advertising company. The advertising company can then view your user login.

3.2.3. Data processing for the transmission of vacant job offers (“proposal function”)

We use the data of your user login on the basis of Art. 6 (1) lit. b) GDPR to offer you job offers that are as attractive as possible and correspond to your actual or presumed personal interests and/or needs, without bothering you with unsuitable offers. In order to carry out this analysis and forward appropriate job offers to you, we analyze your personal data and match it with the requirements of vacant job offers. As soon as a new vacant position is published on our platform, we process the following data to check whether it matches your requirements profile and whether we should forward this job offer to you:

• Curriculum vitae, if applicable,
• Testimonials, if applicable, 
• all data submitted or entered by you, such as a cover letter or application letter, the qualifications indicated, work experience, preferences, etc.,
• publicly accessible data about your person,
• data generated through your use of JOIN, such as metadata this includes, among other things, start date or salary preferences, which are communicated through our platform,
• Data generated through interactions with your JOIN profile, including your applications, such as answers to questions a company asks in connection with an application, your undeleted application materials, contact with companies or JOIN, your notes related to your pending or completed applications, information about how far you have progressed in the application process, etc.

If the matching process described above shows that you are likely to be interested in the vacancy, we will use your email address, contact information or contact you via our platform to make you aware of this vacancy. You can then decide for yourself whether you would like to apply for this position. If you do not wish to receive such offers in the future or if you wish to revoke your consent to the automatic transmission of your profile data to advertising companies, you can unsubscribe from these notifications or revoke your consent at any time. To do so, either use the respective unsubscribe button in the e-mail sent to you or send us a short note by e-mail to the e-mail address given in section 2 (“Who is responsible for processing your personal data and how can you contact us?”). Please note that you may no longer be able to make full use of our services, in particular the transmission of job offers, if you unsubscribe.

3.3 Conclusion, execution or termination of the service agreement for companies / corporate customers

We see our offering as an innovative job placement platform. Our goal is to offer our customers a platform on which they can, among other things, post job ads and receive and manage application data. Thus, you as well as the company you work for have to register with us in order to 

• to place job advertisements on our platform (incl. multiposting), 
• recruit new employees, interns or other staff, 
• Receive and manage applications for open positions, or
• to use our service to analyze the JOIN profiles of registered candidates and suggest suitable job advertisements to them.

In order to provide these services, we process your personal data that you provide to us via the platform.

The legal basis for the purposes described above is our fulfillment of the contract with you or your organization pursuant to Art. 6 (1) lit. b) GDPR. If your consent is required for this data processing pursuant to Art. 6 (1) lit. a) or Art. 9. (2) lit. a) GDPR, we will obtain this explicitly from you before collecting your personal data. 

You have the option to adjust or delete the settings and data in your employee login and the company account / company profile, the applicant management tool and generally in our platform at any time. Please note that if you do not provide us with the data necessary to fulfill the aforementioned purposes, you may no longer be able to make full use of our services.

Below you will find a detailed list of the data categories that we process to fulfill our obligations to you, as long as you have an employee login or your company has a company account / company profile with us or the service agreement is not terminated:

3.3.1 Data processing during creation and use of a corporate account

To use our platform, you and the company for which you work must register with us and create a company account. After that, other employees from your organization can also register and use our platform or our offer (see below section 3.3.2, “Data processing when creating employee login”). To create and manage a company account, we need and process the following data from you and your company:

• E-mail address (mandatory for the creation of the user account),
• Contact details (mandatory for the creation of the user account),
• First name, last name (mandatory for the creation of the user account),
• Information about the company you work for, such as company name, address of the company, contact details of the company’s representatives, etc. (mandatory for the creation of the company account).

During the first sign-up, we use the Data Enrichment Tool Waterfall, a service of Waterfall Data llc., 651 N Broad St, Middletown, DE 19709, USA (“Waterfall“), on the basis of Art. 6 para. 1 lit. b) GDPR. Thus, we transfer the data entered by the user, such as name, e-mail address and company name, to Waterfall’s servers, which are stored there.

For the secure transfer of your data to Waterfall abroad, we have obtained contractual guarantees by means of standard contractual clauses in accordance with section 4 (“Recipients of your personal data outside Switzerland or the EU”) of these data protection provisions. Additional information about Waterfall and data protection at Waterfall can be found in Waterfall’s privacy policy and in the further explanations on the GDPR. If you have any questions, you can also contact Waterfall’s data protection officer directly:

3.3.2 Data processing when creating employee logins

Once the company account is created, you can be invited as an additional employee to register on our platform in connection with your company account and create your own login for creating and posting job ads, managing applications or contacting candidates. In this context, we need and process the following personal data:

• E-mail address (mandatory for the creation of the employee user account),
• First name, last name (mandatory for the creation of the employee user account), 
• Contact details,
• Data about your role in the company, such as position or title.

3.3.3 Data processing during creation of job advertisements (incl. multiposting) and company profile

If you create a job advertisement for a vacant position in your company on our platform and let us manage it or create a company profile, we process the following data of you, employees of your company and your company:

• E-mail address and any other contact details of the person responsible for the job advertisement in your company,
• Contact information of the person who will receive the applications,
• All the information about the company that you include in the company profile, such as company name, address of the company, contact details of the company representatives, number of employees, turnover, key figures, key employees, texts, images, graphics and links, logos etc,
• Any other personal data or other information that you include in the job description (e.g. job title, department, salary details, contact details of the potential supervisor, requirements profile for the job, information about the company, etc.),
• data generated by your use of JOIN, such as metadata, which includes information about how long the ad should be online, where it should be displayed, how often an ad is clicked, how many applications you receive for the ad, etc.

This personal data is processed so that we can manage the job advertisements on behalf of you and your company (including multiposting) and so that your company can create a company profile on our platform. The job advertisements that we post and manage for you are usually publicly accessible.

We offer our customers the option of managing the job advertisements to be created via our platform using their HR or application management tool and setting up an interface between the systems for this purpose. Applicant data can thus be migrated to the providers’ platforms to ensure a smooth application process, provided that the customer has previously consented to this data transfer. The migration takes place on the basis of Art. 6 para. 1 lit. a) or lit. b) GDPR. As data controllers, the customers guarantee the permissibility of this data processing.

3.3.4 Data processing for the management of the application process

If a candidate applies for an advertised vacancy in your company, we process the following personal data on the basis of Art. 6. (1) lit. b) GDPR for the purpose of forwarding the application to you and managing the application process:

• Contact details of the candidate and the person responsible for the application process in your company,
• all documents that the candidate submits to us as part of the application through the platform and that we forward to you,
• Any information related to the application process that is captured on our Platform, such as messages you send through our Platform, information about the application process and a candidate’s progress in the application process that is captured on our Platform, or questions asked as part of the application process that are captured on our Platform, etc.,
• publicly available data about your company,
• data generated by your use of JOIN, such as metadata. These include information about how long the application process takes, how many candidates have applied, how far a candidate has progressed in the application process, etc.,
• Through interactions with your JOIN profile including data generated by the applicant management tool, such as answering questions you ask applicants, your self-recorded and undeleted data in the applicant management tool, contacting candidates or JOIN, etc.

This personal data is processed so that you can use our platform to process and manage the application process.

3.3.5. Data processing for finding perfect candidates (“suggestion function”)

To help you and your company find the perfect candidate for a job you have advertised, we analyze personal data of candidates registered on our platform and match them with the requirements of vacant job offers. In order to suggest suitable candidates for jobs you have advertised, we process the following data:

• Data about your company, such as company name, company address, contact details of company representatives, 
• Data in the company profile, such as company name, address of the company, contact details of the company’s representatives, number of employees, turnover, key figures, key employees, texts, images, graphics and links, logos, etc.,
• Information in the job description, such as job title, department, salary details, contact details of the potential supervisor, job requirement profile, information about the company, etc…,
• publicly available data about your company,
• data generated by your use of JOIN, such as metadata. This includes, among other things, information about how long the application process takes, how many candidates have applied, how a candidate application process came, information about how long the ad should be online, where it should be displayed, how often an ad is clicked, how many applications you receive to the ad, etc…,
• Through interactions with your JOIN profile including data generated by the applicant management tool, such as answering questions you ask applicants, your self-recorded and undeleted data in the applicant management tool, contacting candidates or JOIN, etc.

Once we have identified a candidate who may have a likely interest in the vacant position, we forward the advertised position to him or her so that he or she can apply to you and your company. In the process, all personal data contained in the job description, including the contact details provided, will be forwarded by the person responsible in your company. An application after being contacted by us is completely up to the candidate and we cannot guarantee that he or she will act on it. If a candidate has agreed that we forward his contact data directly to you and your company in case of a probable interest, you can contact him directly yourself in case of interest. 

3.3.6. Data processing for invoicing

If you use one of our chargeable services or products (“chargeable services”), we process the following personal data of you on the basis of Art. 6(1) lit.b) and lit. c) GDPR in order to invoice or process any other costs:

• Your contact information, such as (billing) address, phone number, email address, last name and first name,
• Information about the company where you work, such as company name, company address, contact details of company representatives,
• Payment information, such as bank account details.

3.4 User and customer support

3.4.1 Intercom

To process service, support and other user requests, we use the support tool of Intercom Inc., 55 2nd Street, 4th Floor, San Francisco, CA 94105, USA (“Intercom”) as part of our contractual obligations and services pursuant to Art. 6 (1) b) GDPR. If you submit a support request via one of our channels (e.g. our contact form, live chat, email, etc.), the following data – depending on the content and selected contact channel – will be processed via Intercom’s servers:

• The data you entered,
• Name,
• E-mail address,
• Browser information,
• IP address,
• Current page you are on at the time of your request,
• Timestamps.

For the secure transfer of your data to Intercom abroad, we have obtained contractual guarantees by means of standard contractual clauses in accordance with section 4 (“Recipients of your personal data outside Switzerland or the EU”) of this Privacy Policy. Additional information on data processing by Intercom can be found in Intercom‘s Privacy Policy. If you have any questions, you can also contact Intercom’s data protection officer directly at [email protected].

3.4.2 Mailchimp and Mandrill

For the processing of service, support and other user requests as well as for the sending of confirmation emails, e.g. for new registrations on our platform, we use the mailing tool MailChimp as well as the associated interface Mandrill, a service of the list provider The Rocket Science Group, LLC, 512 Means St., Suite 404 Atlanta, GA 30318, USA (“MailChimp”) as part of our contractual obligations and services according to Art. 6  (1) lit. b) GDPR. When registering for our platform, the so-called double opt-in process is used, i.e. you will receive an email after registration in which you must explicitly confirm your registration again. Only then will your account be activated for you. In this case, and for the purpose of delivering job offers to our users, the following data will be processed via MailChimp’s servers:

• The data you entered,
• Name,
• E-mail address,
• Browser information,
• IP address,
• Data on interactions with emails from JOIN.

For the secure transfer of your data to Intercom abroad, we have obtained contractual guarantees by means of standard contractual clauses in accordance with section 4 (“Recipients of your personal data outside of Switzerland or the EU”) of this Privacy Policy. Additional information about MailChimp and data protection at MailChimp can be found in the MailChimp privacy policy and in the further explanations on the GDPR. If you have any questions, you can also contact MailChimp’s data protection officer directly: [email protected].

3.4.3 Salesforce

To manage our customer data, we use the CRM platform Salesforce, a service of salesforce.com Inc, The Landmark One Market Suite 300, San Francisco, CA 94105, USA (hereinafter: “Salesforce”). This helps us to record customer data, to communicate with the customer, to document this contact, and to create offers according to the customer’s wishes. If you have contacted us, e.g. via the questionnaire, the following data will be processed via the Salesforce servers:

• Name,
• E-mail address,
• Customer master data,
• Data on interactions with emails.

This processing is based on Art. 6 (1) lit. b) GDPR and serves to improve our services and customer support. The processing of personal data by Salesforce is based on the binding internal data protection regulations of Salesforce pursuant to Art. 46 (2b), 47 GDPR (so-called Corporate Binding Rules) as well as the standard data protection clauses of the European Commission pursuant to Art. 46 (2c) GDPR. Both sets of rules are anchored in the Salesforce Data Processing Addendum, which we have concluded with Salesforce. In addition, Salesforce Commerce Cloud is certified by reliable security standards, including PCI-DSS, SOC2, ISO 27001.

Additional information about Salesforce and data protection at Salesforce can be found in Salesforce’s privacy policy. You can object to this processing at any time. To do so, please use the contact options of our data protection officer. You can find additional information on data processing by Salesforce in their privacy policy. You can also contact Salesforce’s data protection officer directly at [email protected] or [email protected].

3.4.4 Customer.io

To send system messages, we also use the shipping service provider Customer.io, provided by Peaberry Software Inc, 921 SW Washington Street, Suite 820, Portland, Oregon, 97205 (“Customer.io” or “Shipping Service Provider”) as part of our contractual obligations and services under Art. 6 (1b) GDPR. 

In this context, the following data about you may be processed:

• Name, address, email address, phone number, other contact information, 
• Company name, title,
• Customer History,
• IP addresses,
• Personal Data relating to you that JOIN may enter or upload to the CRM Tool from time to time.

Your data may be sent to Custiomer.io and stored there on servers of Customer.io, which may also be located outside of Switzerland and the EU, such as the USA. The delivery service provider may use your data in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. for the technical optimization of the delivery and the presentation of the e-mails or for statistical purposes. 

However, the service provider does not use your data to write to you directly or to pass your data on to third parties. For the secure transfer of your data to the shipping service provider abroad, we have obtained contractual guarantees by means of standard contractual clauses in accordance with section 4 (“Recipients of your personal data outside Switzerland or the EU”) of this Privacy Policy. Additional information on data processing by Custiomer.io can be found in their privacy policy. If you have any questions, you can also contact Customer.io directly at [email protected] or [email protected]. 

3.4.5 FrontApp

In order to organize and process our customer support in the best possible way, we use the software of FrontApp Inc, 550 15th St., CA 94103 San Francisco, USA, (“FrontApp”) as part of our contractual obligations and services according to Art. 6 (1) lit. b) GDPR. FrontApp channels all customer requests in one application and helps us organize customer requests with flags (e.g., processed or resolved) to resolve your request as quickly as possible.

In this context, the following data about you may be processed:

• Name, address, email address, phone number, other contact information, 
• Company name, title,
• Customer History,
• Means of payment,
• IP addresses,
• Personal Data relating to you that JOIN may enter or upload to the CRM Tool from time to time.

For the secure transfer of your data to the shipping service provider abroad, we have taken appropriate safeguards in accordance with section 4 (“Recipients of your personal data outside Switzerland or the EU”) of this Privacy Policy. Additional information about data processing by FrontApp can be found in their privacy policy. If you have any questions, you can also contact FrontApp directly at [email protected].

3.4.6 Appcues

For a smooth, personalized user onboarding process, we use the services of Appcues Inc, 54 Canal St 6th Floor, Boston, MA 02114, USA (“Appcues”) as part of our contractual obligations and services under Art. 6 (1b) GDPR. Appcues is a customer experience software service. We use Appcues to provide you with targeted information about our services at specific points. In order to do this in a meaningful way, we need certain information about you:

• User profile data,
• Name,
• Timestamp,
• User settings,
• Browser information.

Your data may be sent to Custiomer.io and stored there on Customer.io servers, which may also be located outside of Switzerland and the EU, such as the USA. For the secure transfer of your data to the service provider abroad, we have obtained contractual guarantees by means of standard contractual clauses in accordance with section 4 (“Recipients of your personal data outside Switzerland or the EU”) of this Privacy Policy. Additional information about data processing by Appcues can be found in their privacy policy. If you have any questions, you can also contact Appcues directly at [email protected].

3.5 Online presence and website optimization

We will not sell or rent your information to third parties for their marketing purposes without your express consent. Only in order to provide you with the best possible offer, to improve the quality of our offer from time to time and to protect the interests of our users, we will share certain data with third parties under certain circumstances; however, the sharing is always subject to strict limitations, which are described in more detail below:

3.5.1 Cookies – General information

We use so-called cookies on our website. Cookies are small files that are created by your browser and stored on your device (laptop, tablet, smartphone, etc.) when you use our services. The Cookies used do not cause any damage to your end device and do not contain viruses, Trojans or other malware. In the cookie, information is stored that arises in each case in connection with the specific end device used. This does not mean, however, that we gain direct knowledge of your identity. The use of cookies serves on the one hand to make the use of our offer more pleasant for you. We use so-called session cookies to recognize that you have already visited individual pages of our website or that you have already logged in with your user account. If you use our offer again at a later time, the cookie automatically recognizes that you have already been with us and which entries and settings you have made so that you do not have to enter them again. In addition, we also use temporary cookies for the purpose of user-friendliness. These are automatically deleted after you leave our website. 

If you already have a user account and are logged in, the information stored in the cookies will be assigned to your user account.

On the other hand, we use cookies to statistically record and analyze the use of our offers and to evaluate them for the purpose of optimizing them for you, as well as to display information tailored specifically to you, such as current job offers. These cookies enable us to automatically recognize when you visit our site again that you have already been with us or whether you have come to us via a job advertisement placed by us with third-party providers. These cookies are automatically deleted after a defined period of time. 

Without your explicit consent, we do not use cookies beyond what is necessary for the optimal display and functionality of our site. You can manage or withdraw your consent at any time free of charge and easily manage or withdraw your consent here.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, the complete deactivation of cookies can lead to the fact that not all functions of our platform are available to you. The storage period of the cookies depends on their purpose and is not the same for all.

3.5.2 Google Analytics

For the purpose of demand-oriented design and continuous optimization of our platform, we use based on Art. 6 (1) lit. a) GDPR in conjunction with § 25 Abs.1 S.1 TTDSG the analysis service Google Analytics of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google creates pseudonymized usage profiles using cookies. The lifetime of these cookies is three months. The information generated by the cookie about your use of our platform such as 

• Browser type/version,
• operating system used,
• the device you are using,
• Referrer URL (the previously visited page),
• Host name of the accessing computer (IP address), 
• Time of the server request, 
• Demographic data

are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the offers, to compile reports on the activities and to provide other services associated with the use of the offer for the purposes of market research and demand-oriented design. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (so-called IP masking). You can prevent the collection of data generated by the cookie and related to your use of our offer (including your IP address) as well as the processing of this data by Google and object to further processing via the cookie by downloading this browser add-on. You can object to the use of the cookie at any time with effect for the future by clicking here. On mobile devices we recommend the use of the private mode’. For more information on privacy in connection with Google Analytics, please visit the Google Analytics website. If you have a Google account and you are logged in there when you visit our site, Google may merge and store the data collected on our site with the data Google already has about you and use it for its own purposes.

3.5.3 Bing Ads

For the purpose of recognizing whether someone has clicked on an ad from us, been redirected to our website and reached a previously determined target page (“conversion site”), we use based on Art. 6 (1) lit. a) GDPR in conjunction with. § 25 Abs.1 S.1 TTDSG, we use technologies from Bing Ads (bingads.microsoft.com) on the website, which are provided and operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). Microsoft sets a cookie on your device if you have accessed our website via a Microsoft Bing ad. The lifetime of these cookies is one year. 

We only learn the total number of users who clicked on a Bing ad and were then redirected to the conversion site. Microsoft collects, processes and uses information via the cookie, from which usage profiles are created using pseudonyms. These usage profiles are used to analyze visitor behavior and are used to display advertisements. No personal information about the identity of the user is processed. The information generated by the cookie such as 

• Browser type/version,
• operating system used,
• the device you are using,
• Referrer URL (the previously visited page),
• Host name of the accessing computer (IP address), 
• Time of the server request, 
• Demographic data

will be transmitted to and stored by Microsoft on servers in the United States or Europe. If you do not want Microsoft to use information about your behavior as explained above, you can prevent the collection of data generated by the cookie and related to your use of the website, as well as the processing of this data by Microsoft, by declaring your objection here. For more information about privacy and cookies used by Microsoft and Bing Ads, see the privacy policy on the Microsoft website.

3.5.4 Hotjar

For the purpose of demand-oriented design and continuous optimization of our platform, we use the web analytics service of Hotjar Ltd, Elia Zammit Street, St Julians STJ 1000, Malta (“Hotjar”) on the basis of Art. 6 (1) lit. a) GDPR in conjunction with § 25 Abs.1 S.1 TTDSG the web analytics service of Hotjar Ltd, Elia Zammit Street 3, St Julians STJ 1000, Malta (“Hotjar”). Hotjar is used to create so-called heat maps, i.e. statistical overviews of mouse movements and clicks on our platform. This allows us to identify frequently used features of our platform and further improve it. Hotjar uses a cookie to analyze our platform in terms of user behavior. The lifetime of these cookies is one year. The information generated by the cookie about your use of our platform like 

• Mouse movements and clicks,
• Shortened IP address,
• device used, especially screen size
• operating system used,
• Browser type/version,
• Referrer URL (the previously visited page),
• geographical origin,
• Resolution and type of device,
• Time of the server request, 

are transferred to a server of Hotjar and stored there. However, your IP address is shortened before the usage statistics are analyzed, so that no conclusions can be drawn about your identity. The aforementioned information is therefore not personal and will not be passed on to third parties by us or by Hotjar. The data entered in form fields on our website are hidden by us for data protection reasons and are not collected by Hotjar. You can object to this data processing at any time by using the so-called Do-Not-Track function of your browser or by clicking this opt-out link. You can find instructions for the different browsers on the Hotjar website. You can find more information about Hotjar and the handling of personal data in the privacy policy of Hotjar.

3.5.5 Facebook Pixel

In order to use Facebook campaigns in a needs-based manner, to further optimize them, and to measure their conversion, we use an individual so-called visitor action pixel from Facebook Ireland Ltd. an individual so-called visitor action pixel from Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) on the basis of Art. 6 (1) lit. a) GDPR in conjunction with § 25 Abs.1 S.1 TTDSG. This pixel is integrated into the code of our platform. On the one hand, this allows us to ensure that the Facebook ads we initiate are only displayed to those Facebook users who have also shown an interest in our offer. In this way, we want to ensure that our Facebook ads correspond to the potential interest of the respective user and do not annoy him. On the other hand, this allows us to track the actions of Facebook users after they have seen or clicked on one of our Facebook ads. This helps us measure the conversion of the respective campaign for statistical, market research and billing purposes. The following information is processed during the deployment:

• Timestamp,
• URL,
• campaign-related information (especially specification of the impression, form field, activated button).

The data collected in this way is anonymous for us and therefore does not allow us to draw any conclusions about the identity of the respective user. If you log into your Facebook account after activating the pixel or if you visit our website while logged in, it is possible that this data will be stored and processed by Facebook, which we would like to inform you about here. Facebook may link this data to your Facebook account and also use it for its own advertising purposes, in accordance with Facebook’s data usage policy: https://www.facebook.com/about/privacy/. You can find more information about the Facebook Pixel here. You may allow Facebook and its partners to serve ads on and off Facebook. You can opt out of this specific data processing at any time by adjusting your Facebook settings accordingly. Please be aware that the declared objection only applies to the respective device used. For more information, please see Facebook’s privacy policy and information about protecting your privacy. 

For the cases in which JOIN and Facebook are jointly responsible for the processing of your data collected and processed by Facebook Pixel on our website, we have concluded a corresponding contract with Facebook pursuant to Art. 26 GDPR. You can send a request directly to us at any time via the email address provided in section 2 (“Who is responsible for processing your personal data and how can you contact us?”) to receive more details about this contract.

3.5.6 Stripe payment processing service

If a company has decided to make use of our paid premium offers (see above section 3.3.6, “Data processing for invoicing”), we will, for the purpose of payment processing, either with the consent of the contact person or for the fulfillment of our contractual obligations pursuant to Art. 6 (1) lit. b) GDPR, forward data transmitted by the executing person, e.g. name and email address, to our payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland (“Stripe”). By using Stripe’s library, the information entered during the order process (e.g. address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) is not processed by us, but is transmitted directly to Stripe by the browser used. The data is used by Stripe exclusively for the execution and realization of the payment processing and is transmitted securely via the “SSL” encryption method. The lifetime of the cookies used by Stripe is one year. Stripe is certified according to PCI DSS. Stripe transfers, processes and stores personal data outside the EU, if applicable. You can find detailed information about Stripe’s privacy policy at this link.

3.5.7 Google Single Sign-In

In order to facilitate the registration process for our users, they are offered the option of registering an account via an existing Google account. The procedure is called Google Single-Sign-In (SSO) and is operated by Google Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This data processing serves the purpose of facilitating registration or logging in to our platform and then using our services. By using SSO, your web browser automatically establishes a direct connection with Google’s server. To register, you will be redirected to the Google page. There you can log in with your user data. This links your user account with Google to our service.

The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. a) GDPR or Art. 6 para. 1 p. 1 lit. b) GDPR.

If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, it is possible that Google will obtain and store your IP address and possibly other identifying features. For information on the type and scope of data processing, the purposes pursued by Google, your rights in this regard and settings options for protecting your personal data, please refer to Google’s privacy policy and terms of use.

Join’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

3.5.8 Cello

In order to provide our customer recommendation programme, we use Cello, a service of Powerplay GmbH, Philipp-Loewenfeld-Str. 19, 80339 Munich (hereinafter: “Cello”), on the basis of Art. 6 para. 1 lit. a) GDPR, which we have integrated into our websites for customer recommendation by means of Javascript. With the help of the services, customers can be recommended via various communication channels, such as e.g. sharing a link by e-mail, to recommend our platform to friends and business partners. For this purpose, the referrer enters master data in the mask provided for the recommendation and is then sent a link which he can share with interested parties for the purpose of recommendation. The recommendation is transmitted by Cello, whereby the referrer’s e-mail address, name and IP address are processed, and the e-mail address and IP address of the referrer (the recommended person). If the referrer accepts the recommendation, he receives a reward for the recommendation, which is sent by Cello. Here, the generated revenue is processed.

We have concluded a contract with Cello on commissioned processing in accordance with Art. 28 GDPR, in which Cello undertakes to process the data received only in accordance with our instructions and to comply with the EU level of data protection.

The processing of the aforementioned data is carried out via the servers in Cello on a voluntary basis and with the consent of the parties involved. The data will not be used for any other purpose and will not be disclosed to third parties without authorisation. No other data is collected or processed via Cello. For this purpose, please use the contact details of our data protection officer. Additional information about Cello and data protection can be found in the provider’s data protection declaration. If you have any questions, you can also contact Cello’s data protection officer directly: [email protected].

3.5.9 Testlify

Through our platform, we offer our customers the possibility to create individual assessments for the applicants of a vacant position. For the creation and implementation of these applicant assessments, we use Testlify, a tool of Testlify, Inc., 2823 Oakley Ave, Bensalem PA 19020, United States (“Testlify”), on the basis of Article 6 (1) (b) GDPR. If an assessment is created or conducted, the following data in particular will be processed via Testlify’s servers:

Assessment data
the data entered by you
Name
E-mail address
Browser information
IP address
Timestamps

Unless otherwise specified, the data collected in this way will be stored for 7 days. For the secure transfer of your data to Testlify abroad, we have obtained contractual guarantees by means of standard contractual clauses in accordance with section 4 (“Recipients of your personal data outside Switzerland or the EU”) of this Privacy Policy. Additional information on Testlify’s data processing can be found in the GDPR compliance section or the provider’s privacy policy. If you have any questions, you can also contact Testlify directly at [email protected].

3.5.10 Microsoft Clarity

We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

3.6 Further processing

Where anonymized data processing is not possible, we also process your personal data from sections 3.1 to 3.5 to run our business (e.g., to perform administrative and organizational processes), to monitor and analyze our offerings, and to improve our offerings to you. In addition, we use your personal data to promote and develop our business relationship with you, to identify services that may be of interest to you, to carry out business development activities, to send you publications and communications or to invite you to events. 

The legal basis for the purposes described above is our legitimate interest pursuant to Art. 6 (1) f) GDPR, provided that your interests, fundamental rights and freedoms do not prevail. You can object to this data processing at any time. To do so, please use the contact options of our data protection officer in section 2 (“Who is responsible for processing your personal data and how can you contact us?”) of this privacy policy. If your consent is required for the data processing described here in section 3.6 (“Further processing”) in accordance with Art. 6 (1) a) or Art. 9 (2) a) GDPR, we will obtain this explicitly from you when collecting your personal data. In addition, we process your personal data if we have a legal obligation to do so (Art. 6 para. 1 lit. c) GDPR).

4. With whom do we share your personal data?

Where necessary or appropriate for our services or to fulfill the purposes defined in this Privacy Policy, we may disclose to third parties (such as service providers, consultants, related parties, courts, authorities and others) in Switzerland, the EU or other countries your personal data that we collect, for example, in the course of providing our services, when you contact us or when you visit our site. 

In addition, we work with third parties who provide services to us and may share your personal information with those third parties in connection with the purposes set forth in this Privacy Policy, for example, banks, CRM tool providers, payment processing service providers, or IT providers who may have access to your personal information at our direction or in software support. 

Detailed information about the service providers we use in connection with user and customer support (see section 3.4, “User and customer support”) as well as our online presence and website optimization (see section 3.5, “Online presence and website optimization”) can be found in the corresponding sections of this privacy policy.

We may also disclose your personal information to third parties if:

• You have given your consent to do so, where required, or the organization for which you work has received your consent to do so, where required;
• we are required to do so by legal, regulatory or business obligations;
• this is necessary in connection with a company sale, merger, restructuring, dissolution or similar events, as well as in the event of bankruptcy, insolvency or similar events;
• this is necessary in connection with legal proceedings, or to assert or defend claims.

5. Are the recipients of your personal data located outside of Switzerland or the EU?

We may also transfer your personal data to recipients located outside of Switzerland, the European Union (“EU”) or the European Economic Area (“EEA”). This applies in particular to the aforementioned processing to analysis or targeting technologies, which may result in a transfer of data to the servers of the service providers. Other recipients may be affiliated service providers that we need to provide our services, e.g. hosters, CRM tools, analytics service providers, job posting portals for multi-posting or tendering companies. These servers may be located outside of Switzerland, the EU or the EEA, in particular in the USA. 

We take great care to ensure that our service providers and other recipients of your data meet data protection standards that are equivalent to those of the DPA and the GDPR and that the applicable guidelines are adhered to. For example, we only transfer your data to recipients that are located in a country that has been recognized by the competent authority (in Switzerland, the Swiss Federal Data Protection and Information Commissioner (or the Federal Council) and in the EU, the European Commission) as a country with adequate data protection. If a recipient is located in a country that is not recognized as adequate, such as the U.S., we take further protective measures in accordance with applicable data protection laws or have these recipients provide us with appropriate contractual guarantees that ensure compliance with these Swiss and EU standards and the enforcement of data subject rights, for example, based on so-called standard contractual clauses of the EU Commission or the FDPIC.

6. How long do we keep your personal data?

In principle, your personal data will only be processed and stored by us for as long as it is required for the purpose for which it was collected (see in detail section 3, “Why and on what legal basis do we process your personal data and with whom do we share it?”) or we are legally obliged to do so.

Therefore, unless otherwise stated in this Privacy Policy, among other things:

• Personal data processed for the purpose of fulfilling a contract concluded between JOIN and you will be stored at least until the complete fulfillment of this contract.
• Personal data processed to safeguard the legitimate interests of JOIN (e.g. as part of the provision of our site, for user and customer support, for the further development of our offer, etc.) will be retained for as long as is necessary to fulfill these purposes.
• In addition, JOIN is permitted to store personal data for a longer period of time if you have consented, as long as the consent is not revoked, or if this is necessary to fulfill a legal (storage) obligation (for example, accounting regulations or tax law) or by order of an authority or in the context of a procedure.

After expiration of the retention period (usually six to ten years after the end of the contract), your personal data will be deleted, unless JOIN has a legitimate interest to keep your data.

7. What rights do you have in relation to your personal data?

7.1 Overview

You may exercise various rights with respect to your data processed by JOIN.

Specifically, you have the right to do the following:

• Receive information regarding the processed data. You have the right to know whether data is processed by JOIN, to receive information about individual aspects of the processing and to receive a copy of the data.
• In the case of transfers of your data abroad, the right of access or reference to the appropriate or adequate safeguards and how to obtain a copy of them or where they are available,
• Verify and have it corrected. You have the right to verify the accuracy of your data and request that it be updated or corrected.
• Request restriction of processing. You have the right to restrict the processing of your data under certain circumstances.
• Request deletion or other removal of the personal data. You have the right to request the deletion of your data under certain circumstances.
• You have the right to receive your data and have it transferred to another person responsible. You have the right to receive your data in a structured, common and machine-readable format and, if technically possible, to have it transferred to another controller without hindrance.

If you have consented to the processing of your personal data for a specific purpose, you may withdraw your consent for that specific processing at any time. If you inform us that you withdraw your consent, we will no longer process your personal data for these specific purposes, unless there is another legitimate interest.

You can exercise your rights by e-mail in accordance with section 2 (“Who is responsible for processing your personal data and how can you contact us?”) of this Privacy Policy directly to our Data Protection Officer. We have the right, in such a case, to request information from you to verify your identity. Please note that the granting of these rights may be denied or limited in part for legal reasons or based on applicable data protection laws. We will inform you of the reasons for our decision if legally required or permitted.

If you are of the opinion that we have not handled your request or concern to your satisfaction, or that we are not processing your personal data in a data protection compliant manner, you can also contact the competent supervisory authority (so-called right of complaint); in Switzerland, the Federal Data Protection and Information Commissioner.

7.2 Right of objection

The general right to object applies to all processing purposes described in this Privacy Policy that are processed on the basis of our legitimate interest pursuant to Art. 6 (1) (f) GDPR. Unlike the specific right of objection directed at data processing for promotional purposes (compare above), we are only obliged under the GDPR to implement such a general objection if you provide us with reasons of overriding importance for doing so (e.g. a possible risk to life or health). However, we may continue to process your personal data if we can demonstrate a legitimate interest that outweighs your interests, fundamental freedoms and fundamental rights.

In addition, it is possible to contact the supervisory authority responsible for this case, the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstrasse 219, 10969 Berlin.

8. How do we protect your data?

We use the highest standards of information security for our infrastructure and the processing of your data. For example, we use protective mechanisms for computers, such as firewalls and data encryption. Physical access controls apply to our buildings and data. Access to our customers’ personal data is restricted to those employees who need it to perform their jobs.

All data transmitted by you personally, including your payment data, will also be transmitted using the generally accepted and secure standard SSL (Secure Socket Layer). SSL is a secure and proven standard that is also used, for example, in online banking. You can recognize a secure SSL connection by the s appended to http (i.e. https://…) in the address bar of your browser or by the lock symbol in the lower area of the browser.

We also use appropriate technical and organizational security measures to protect your personal data stored with us against manipulation, partial or complete loss and against unauthorized access by third parties. Our security measures are continuously monitored in accordance with technological developments, regularly adapted to the respective risk and improved if necessary.

9. Privacy Policy update

We reserve the right to update and amend this Privacy Policy from time to time to reflect changes in the way we process your personal data or changes in legal requirements. 

Any changes we make to our privacy policy in the future will be posted on our website. Please check regularly for updates or changes to our privacy policy.