Last Update: 08/2023
We New Work SE as operator of onlyfy ((hereinafter referred to as “we,” “us,”, “onlyfy“) inform you about
- what data we process from visitors to the website,
- what data we process from prospective customers,
- what data we process from applicants,
- what data we process from customers and other business partners,
- what cookies are used in the Prescreen applicant tracking tool. (4 b)
Who is responsible for data processing?
New Work SE is responsible for data processing within the meaning of data protection law. Our contact details are: Am Strandkai 1, 20457 Hamburg, Germany
Our data protection officer
Our data protection officer is Christian Schmidt, Strandkai 1, 20457 Hamburg, Germany,
Our website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the inquiries you send to us. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the padlock symbol in your browser address bar. If SSL encryption is activated, the data that you transmit to us cannot be read by third parties.
Your data protection rights
Right to withdraw:
You may withdraw your consent for the processing of your personal data at any time effective for the future. This shall not affect the lawfulness of processing that has taken place until your withdrawal.
Right of access:
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed. If this is the case, you shall have a right of access to this personal data as well as to further information, e.g. the purposes of the processing, the categories of personal data processed, the recipients, and the envisaged period for which the personal data will be stored and/or the criteria used to determine that period.
Right to rectification:
You have the right to obtain rectification of inaccurate data without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data.
Right to erasure:
You have the right to request that we delete personal data concerning you immediately if one of the following reasons applies: the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; You revoke your consent on which the processing was based in accordance with Art. 6 Paragraph 1 Letter a or Art. 9 Paragraph 2 Letter a EU GDPR and there is no other legal basis for the processing; You object to the processing in accordance with Art. 21 (1) EU GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 (2) EU GDPR; the personal data have been unlawfully processed; the erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject. Upon your request, we are obliged to delete the relevant data immediately. The legality of the processing carried out on the basis of the consent until the revocation remains unaffected.
Right to restriction of processing:
You are entitled to request a restriction in the processing of your personal data if the accuracy of the personal data is disputed by you, for a period of time that enables the person responsible to verify the accuracy of the personal data. If the processing is unlawful and you refuse to delete the personal data and instead request that we restrict the use of the personal data, we will comply with the request. The processing is also restricted if we no longer need your personal data for processing purposes, but you need them to assert, exercise or defend your own legal claims, or you object to the processing in accordance with Art. 21 Para. 1 EU- DSGVO have filed as long as it is not yet clear whether the legitimate reasons of the person responsible outweigh your reasons. You will be informed by us before the restriction is lifted.
Right to data portability:
You have the right to receive the personal data that you have provided to us in a structured, common and machine-readable format. You also have the right to transmit this data to another person in charge without hindrance from us, to whom the personal data was provided. The prerequisite is that a) the processing is based on consent pursuant to Art. 6 Para. 1 Letter a) EU GDPR or Art. 9 Para. 2 Letter a) EU GDPR or on a contract pursuant to Art. 6 Para. 1 Letter b) EU-DSGVO and b) the processing is carried out using automated procedures. When exercising the right
Our website uses transient and persistent cookies:
Transient cookies are automatically erased when you close your browser. They include in particular session cookies. These store a session ID with which different requests from your browser can be assigned to the common session. This means that your computer can be recognised again when you return to our website. The session cookies are erased when you log out or close the browser.
Persistent cookies are automatically erased after a specified period of time which can differ depending on the cookie. The period of time that the individual cookies are stored can be found in the list below.
Our website uses first-party cookies and third-party cookies
Access to your consent settings:
Within the scope of consent management (cookie banner), we give you the option of deciding whether cookies should be set as part of our offering in accordance with your specifications. You have the option of changing the decision made there at any time, and of providing or withdrawing your consent at a later date.
Your cookie History:
Change cookie settings
The legal basis for processing personal data using cookies as required for technical reasons is Article 6 (1) (f) GDPR. Otherwise, we base processing on Article 6 (1) (1) (a) GDPR (“Consent”).
Usage data and logfiles
When you use our website solely for informational purposes, i.e. if you do not register or otherwise provide us with information, our system automatically records data and information that your browser sends to our server (usage data):
- IP address,
- date and time of the request,
- time zone difference to Greenwich Mean Time (GMT),
- content of the request (actual page),
- access status/HTTP status code,
- quantity of data transferred in each case,
- website from which the request originates,
- operating system and its interface,
- language and version of the browser software.
The data is temporarily stored in our system’s log files. This data is not stored together with other personal data.
The legal basis for temporarily storing the data is Article 6 (1) (f) GDPR.
Temporary storage of data by the system is necessary in order for us to provide our website to you. The user’s IP address in particular must remain stored for the duration of the session for this purpose.
The data is stored in log files in order to ensure the functionality of the website. The data is also used to ensure that our information technology systems stay secure. These purposes also represent our legitimate interest in data processing in accordance with Article 6 (1) (f) GDPR.
The data will be erased once it is no longer required to achieve the purpose for which it was collected. This is the case once the respective session has ended where data is collected for the purposes of providing the website. This is the case after 14 days at the latest where data is stored in log files.
The collection of data for provision of the website and storage of data in log files are mandatory for the purposes of operating the website. The visitor to the website therefore has no right to object in this case.
Overview of our cookies
Essential cookies enable basic functions and are necessary for the website to function properly.
|Purpose||This list represents the purposes of data collection and processing. Consent is only valid for the stated purposes. The data collected cannot be used or stored for any other purpose than the one listed below.
Provision and functionality of the prescreen.io website
- PHPSESSID: provision and loading of the website
- pll_language: language settings
Legal basis: Art. 6 Paragraph 1 lit. f GDPR|
|Cookie name||PHPSESSID, wp-wpml_current_language|
|Cookie running time||Session|
|Provider||onlyfy, legal notice|
|Purpose||Speichert die Einstellungen der Besucher, die in der Cookie Box von Borlabs Cookie ausgewählt wurden.
Borlabs Cookie verarbeitet keinerlei personenbezogenen Daten.|
|Cookie running time||1 Jahr|
Provision of our services
In order to provide our services, in particular to always adapt our products and services to the needs of the users, we need tracking technologies.
Adobe Digital Analytics
|Name||Adobe Digital Analytics|
|Purpose||We use the tracking tool Adobe Digital Analytics. Tracking is pseudonymous, i.e. we cannot draw any direct personal conclusions from the information we have received via tracking. The cookies that are used for the web analysis process contain an identification number with which the browser of your end device can be identified. We have concluded an order data processing contract with the provider: Your IP addresses will be made unrecognizable immediately after collection.
Tracking using Adobe Digital Analytics can be prevented at any time if the following link is accessed and participation in the web analysis process is excluded ("opt-out"): https://nats.xing.com/optout.html?popup=1
The prevention takes place by setting a cookie on the end device. If the cookie is deleted or different computers or web browsers are used, the prevention must be set up again.|
|Cookie running time||13 Month|
Optimization of advertising
|Purpose||Mouseflow is a website analytics tool that provides session replay, heatmaps, funnels, form analytics, feedback campaigns, and similar features/functionality. Mouseflow may record your clicks, mouse movements, scrolling, form fills (keystrokes) in non-excluded fields, pages visited and content, time on site, browser, operating system, device type (desktop/tablet/phone), screen resolution, visitor type (first time/returning), referrer, anonymized IP address, location (city/country), language, and similar meta data. Mouseflow does not collect any information on pages where it is not installed, nor does it track or collect information outside your web browser. If you'd like to opt-out, you can do so at https://mouseflow.com/opt-out. If you'd like to obtain a copy of your data, make a correction, or have it erased, please contact us first or, as a secondary option, contact Mouseflow at firstname.lastname@example.org.
For more information on Mouseflow and GDPR, visit https://mouseflow.com/gdpr/.|
|Cookie running time||3 Month|
|Provider||Virtual Minds GmbH|
• Store and/or retrieve information on a device
• Selection of simple ads
• Create a personalized ad profile
• Select personalized ads
• Measure ad performance
• Use market research to gain insights into audiences
• Develop and improve products|
• Store and/or retrieve information on a device
• Selection of simple ads
• Create a personalized ad profile
• Select personalized ads
• Measure ad performance
• Use market research to gain insights into audiences
• Develop and improve products|
|Purpose||In order to be able to show you personal tips and information, we use the "Braze" service to collect your usage data in some places.
You can allow or prevent this data collection. We recommend that you allow them because this allows us to offer you particularly relevant tips and information (e.g. on changes to the functionalities you use or current billing information).|
|Provider||Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland|
|Purpose||We use the remarketing function within the Google Ads service. Remarketing allows website visitors to be addressed on other websites that have already interacted with our website. Our offers and recommendations are delivered when a user visits a Google website or a website in the Google advertising network (Google Search, YouTube, Google Display). In this way we can make you special offers that are tailored to your interests.
|Cookie running time||2 Jahre|
|Provider||Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin, Ireland 18, D18 P521|
|Purpose||On our website we use technologies from Bing Ads, which are provided and operated by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin, Ireland 18, D18 P521 (“Microsoft”). Microsoft places a cookie on your device if you have reached our website via a Microsoft Bing ad. In this way, Microsoft and we can recognize that someone clicked on an ad, was redirected to our website and reached a previously determined target page (“conversion site”). We only find out the total number of users who clicked on a Bing ad and were then redirected to the conversion site.
Microsoft uses the cookie to collect information from which usage profiles are created using pseudonyms. These usage profiles are used to analyze visitor behavior and are used to display advertisements. No personal information about the identity of the user is processed.
If you do not want information about your behavior to be used by Microsoft, you can deactivate the required setting of a cookie as described above under "Cookies" by changing the browser settings. In addition, you can prevent the collection of the data generated by the cookie and relating to your use of the website and the processing of this data by Microsoft by deactivating the "Show personalized advertising in the browser" button.
The legal basis for data processing for the use of Bing Ads is the consent of the website visitor in accordance with Art. 6 Para. 1 lit. a GDPR. For cases in which personal data is transferred to the USA, Microsoft has submitted to the Standard Contractual Clauses (SCCs). Further information on data protection and the cookies used by Microsoft and Bing Ads can be found here. |
|Cookie running time||1 Year|
|Provider||Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland|
|Purpose||In addition to the methods mentioned above, we use the so-called Facebook pixel of the social network Facebook, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
With the help of the Facebook pixel, Facebook is on the one hand able to determine the visitors to our website as a target group for the presentation of advertisements (so-called Facebook ads). Accordingly, we use the Facebook pixel to show the Facebook (or Instagram) ads placed by us only to Facebook (or Instagram) users who have also shown an interest in our website or who have certain characteristics (e.g. interests on certain topics or products, which are determined based on the websites visited) that we transmit to Facebook (so-called custom audiences).
With the help of the Facebook pixel, we can also understand the effectiveness of the Facebook advertisements for statistical and market research purposes by seeing whether website visitors have been redirected to our website after clicking on a Facebook advertisement (so-called "conversion").
The Facebook pixel is directly integrated by Facebook when you visit our website and saves a cookie on your device. If you then log in to Facebook or visit Facebook while logged in, your visit to our website will be noted in your profile. We cannot draw any conclusions about the identity of the website visitors with the data collected. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and can be used by Facebook for its own market research and advertising purposes.
The legal basis for data processing for the use of Facebook Custom Audiences is the consent of the website visitor in accordance with Art. 6 Para. 1 lit. a GDPR. You can find the Facebook data protection declaration here. |
|Cookie running time||Sitzung / 1 Jahr|
|Provider||LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Irland|
|Purpose||In order to collect information on how visitors use our website, we also use a service from LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”).
This information is also used to be able to show you interest-specific and relevant offers and recommendations on other websites after you have found out about certain services, information and offers on our website. This information is stored in a cookie and is used to make you special offers that are tailored to your interests (“retargeting”).
|Host(s)||.ads.linkedin.com, .linkedin.com, .www.linkedin.com|
|Cookie name||JSESSIONID, PLAY_LANG, PLAY_SESSION, UserMatchHistory, bcookie, g_state, lang, lidc, lissc, liveagent_oref, liveagent_ptid, liveagent_sid, liveagent_vc, spectroscopyId|
|Cookie running time||6 Monate|
Information for prospective customers and interested parties who send us data as part of a query
If you use our contact form to obtain advice from our e-recruiting specialists, we collect the data you enter there (first and last name, e-mail address, telephone number, company, any personal information from the optional message to us). Data that you send to us this way will be processed by us electronically in our system (see section “Data processing systems”) for the purposes of answering and processing your query. We invoke Article 6 (1) (b) GDPR as the legal basis for this (implementation of pre-contractual steps for product queries).
If you communicate with us via e-mail, e.g. via email@example.com, you transmit data such as your sender address, information contained in the content or your signature (e.g. your position and contact details), general data such as the time of dispatch, and specific data which you may send in an attachment (e.g. your CV in the case of applications). Data that you send to us this way will also be processed electronically in our system (see section “Data processing systems”) for the purposes of answering and processing your query. We provide this channel of communication to enable you to contact us quickly by electronic means. The legal basis in these cases is Article 6 (1) (f) GDPR. Our legitimate interest is to ensure an efficient and effective service.
If you speak with one of our employees by telephone, we record certain traffic and communication data, such as the telephone number used or the duration of the call. Our employees are also required to record the content of the conversation briefly in our system (see section “Data processing systems”). The legal basis in these cases is Article 6 (1) (f) GDPR. The purpose and our legitimate interest in this data processing is to provide a more efficient service (e.g. to forward information regarding your matter within the company and to be able to give you the best possible advice when you call us again).
If you contact us by post, we collect details on your sender address and the content of the document. The documents you send are also stored digitally in some cases for faster processing. We also invoke Article 6 (1) (f) GDPR as the legal basis for this.
Via personal contact, e.g. at trade fairs
You may also contact us at events, presentations, or trade fairs and leave your details with us there, e.g. in the form of a business card. We digitise the data collected this way by transferring it to our CRM system (see section “Data processing systems”). The associated content of the discussion may be logged in a report. We invoke Article 6 (1) (b) or Article 6 (1) (f) GDPR as the legal basis for this. Our legitimate interest is in being able to give you the best possible advice in any subsequent discussions.
Contact for the purposes of downloading whitepapers, case studies, and webinars
You must register with us before you can receive free downloads via e-mail. We collect the data you enter there (first and last name, e-mail address, telephone number, company, any personal information from the optional message to us). Data that you send to us this way will be processed by us electronically in our system (see section “Data processing systems”) for the purposes of processing your query. We use this data to send you the requested download via e-mail. In return for this free service, we may contact you via e-mail or telephone to provide you with information about our products and services. We invoke Article 6 (1) (b) GDPR as the legal basis for this.
Review and enhancement of data
In order to be able to answer queries in the best possible way and to verify and update our database, we may supplement personal data through research and enhancements (e.g. by adding a salutation to a letter or allocating a position or department). We will only use publicly accessible sources as our sources for this. The legal basis for this data processing is Article 6 (1) (f) GDPR.
Duration of the storage
We will store your data for as long as required to process a request. This does not apply to data that we are not yet allowed to erase due to our statutory obligations (e.g. documents that must be kept in accordance with tax or commercial law), and data that is required to safeguard legitimate interests, e.g. to assert claims.
Our website gives you the option of subscribing to our newsletter, which provides regular updates on news from the Prescreen HR magazine, events, and information regarding Prescreen’s services and products.
We use the double-opt-in process for registrations to our newsletter. This means that once you have registered, we will send an e-mail to the e-mail address you provide in which we ask you to confirm that you wish to receive the newsletter. If the e-mail address is not confirmed within one week, it will be automatically erased. We also store your IP address and the times of the registration and confirmation. The purpose of this procedure is to ensure that there is evidence of your registration, and to resolve any potential misuse of your personal data.
The legal basis is Article 6 (1) (1) (f) GDPR to the extent that we store data in order to ensure that there is evidence of your registration, and to resolve any potential misuse of your personal data. We store your e-mail address with your consent. The legal basis is Article 6 (1) (1) (a) GDPR.
You may withdraw your consent to receive the newsletter and cancel the newsletter at any time. You can exercise your right to withdraw by clicking on the link provided in each newsletter e-mail, by sending an e-mail to firstname.lastname@example.org, or by sending a message to the contact details provided in the Legal Notice.
Information for customers and other business partners
In the case of customers and other business partners, we process personal data primarily for the initiation, establishment, and processing of contractual and pre-contractual relationships.
We collect the following information in particular for this:
- work contact information, such as name, work contact address, work telephone number or e-mail address;
- payment information, such as information required for processing payments or for fraud prevention, including credit card information and card verification numbers;
- information collected from publicly available sources, information databases or credit rating agencies;
- other personal data, the processing of which is necessary for the initiation, handling, and administration of (contractual) business relations, and in order to maintain business relations, or which is provided voluntarily by you, such as orders placed, order details, queries or project details, correspondence, and other data regarding the cooperation.
Data processing is necessary in accordance with Article 6 (1) (b) GDPR for steps prior to entering into a contract, proper implementation of the contractual relationship, reciprocal fulfilment of the obligations from the contractual relationship, and to terminate the contractual relationship.
If necessary, we may process your data beyond the actual fulfilment of the contract in order to safeguard legitimate interests, e.g. for the assertion of legal claims and as a defence in legal disputes. The legal basis in these cases is Article 6 (1) (f) GDPR.
In addition, we process personal data for the purposes of fulfilling statutory retention obligations (e.g. under commercial and tax law) in accordance with Article 6 (1) (c) GDPR.
We also process the data stated above in order to carry out customer surveys, marketing campaigns, market analyses, competitions, or similar campaigns and events. The legal basis in these cases is Article 6 (1) (f) GDPR. You have the right to object to processing (in particular to the sending of direct marketing).
Your personal data will be erased provided that this is no longer required to fulfil the purpose of the storage, and no legal retention obligations or the assertion of legal claims prevent it from being erased.
Data processing systems / service providers used
We commission service providers for the following services: contract management, newsletter distribution, customer feedback/satisfaction surveys, webinar and web meeting hosting, support request processing, ticket system, e-mail system, ERP software, CRM system.
If we provide data to service providers, e.g. for processing, they may only use said data to carry out their duties. We meticulously screen and select service providers who are contractually bound to follow our instructions and have suitable technical and organisational measures in place to protect the rights of data subjects. The legal basis for this processing of personal data are Article 6 (1) a) (separate consent) of the EU GDPR, Article 6 (1) b) (processing necessary for the performance of a contract) of the EU GDPR, Article 6 (1) f) (processing based on the weighing of interests) of the EU GDPR, and Article 6 (1) c) (processing necessary for compliance with a legal obligation) of the EU GDPR.
Our legitimate interest is to receive efficient support from these service providers while reducing the level of in-house resources needed to provide data processing systems.
Data is transferred to third countries, but only in compliance with the legally regulated conditions of admissibility.
If the transfer of data to a third country is not for the performance of our contract with you, if we do not have your consent, if the transfer is not necessary for the establishment, exercise or defence of legal claims, and if no other exemption applies, we will only transfer your data to a third country if an adequacy decision pursuant to Article 45 EU GDPR or if appropriate safeguards pursuant to Article 46 EU GDPR are available.
As a rule, we provide appropriate safeguards in accordance with Article 46 EU GDPR as well as an adequate level of data protection.
Copies of the EU standard data protection clauses are available on the European Commission website.
Automated decision making including profiling
A decision-making based solely on automated processing – including profiling – does not take place.