Privacy policy
The website is operated independently by fairplaid GmbH (hereinafter: “We”).
Address:
fairplaid GmbH
Adalbertstraße 20
10997 Berlin
Phone: +49 (0)30 75439336 0
Email: hello@fairplaid.com
Web:www.fairplaid.com
Name and address of the external data protection officer:
Wolfgang Matzke
KLW GmbH
Edisonstraße 21
74076 Heilbronn
Tel. +49 7131 38 534-0
E-mail: datenschutz@klw.de
Web: www.klw.de
1. data protection at a glance
General information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. Detailed information on the subject of data protection can be found in our data protection declaration listed below this text.
Data collection on this website
Who is responsible for data collection on this website? Data processing on this website is carried out by the website operator. You can find the operator’s contact information in the “Information on the Data Controller” section of this Privacy Policy.
How do we collect your data? We collect your data, on the one hand, when you provide it to us. This may include, for example, data you enter into a contact form. Other data is collected automatically or with your consent by our IT systems when you visit the website. This primarily consists of technical data (e.g., internet browser, operating system, or time of page view). This data is collected automatically as soon as you enter this website.
What do we use your data for? Some of the data is collected to ensure that the website functions properly. Other data may be used to analyze your user behavior.
What rights do you have regarding your data? You have the right at any time to receive, free of charge, information about the source, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you may revoke this consent at any time with future effect. Furthermore, under certain circumstances, you have the right to request the restriction of the processing of your personal data. You also have the right to file a complaint with the competent supervisory authority. You may contact us at any time regarding this matter or any other questions about data protection.
Analytics tools and third-party tools
When you visit this website, your browsing behavior may be analyzed for statistical purposes. This is primarily done using so-called analytics tools. You can find detailed information about these analytics tools in the privacy policy below.
2. General Information and Mandatory Disclosures
Data protection
The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with applicable data protection laws and this Privacy Policy. When you use this website, various types of personal data are collected. Personal data is information that can be used to identify you personally. This privacy policy explains what data we collect and how we use it. It also explains how and for what purpose this is done. Please note that data transmission over the Internet (e.g., when communicating via email) may be subject to security vulnerabilities. It is not possible to completely protect data from access by third parties.
Note on the responsible body
The entity responsible for data processing on this website is: fairplaid GmbH Sophienstraße 26 70178 Stuttgart Phone: +49 (0) 711 2172 597 0 Email: hello(at)fairplaid.com
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).
Contact form and e-mail contact
A contact form can be used on our website to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are
First name
Surname
e-mail
Message
When the message is sent, the following data is also stored: the user’s IP address, and the date and time of submission. By clicking the “Send” button, you consent to the processing of your data for the purpose of handling your message. Alternatively, you may contact us via the provided email address. In this case, the user’s personal data transmitted via email will be stored. In this context, the data will not be disclosed to third parties. The data will be used exclusively for the purpose of handling the conversation.
Purpose of Data Processing and Legal Basis We process the personal data entered in the contact form solely for the purpose of responding to your inquiry. If you contact us via email, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the submission process serves to prevent misuse of the contact form and to ensure the security of our IT systems. The legal basis for processing the data is Article 6(1)(a) of the GDPR, provided the user has given consent. The legal basis for processing data transmitted when sending an email is Article 6(1)(f) of the GDPR. If the contact is aimed at concluding a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR.
Duration of Storage The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected and there is no legal retention period that prevents this. For personal data sent via email or the contact form, this is the case once the respective conversation with the user has ended. The conversation is considered concluded when it can be inferred from the circumstances that the matter in question has been definitively resolved. The personal data additionally collected during the submission process will be deleted no later than 14 days after submission.
Right to Object and Right to Erasure The user has the right to withdraw their consent to the processing of their personal data at any time. If the user contacts us via email, they may object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of the contact will be deleted in this case.
Sharing of Data We will not share your personal data with third parties for any purpose other than those listed below. We will only share your personal data with third parties if:
you have given your explicit consent pursuant to Article 6(1)(a) of the GDPR,
in the event that there is a legal obligation to disclose information pursuant to Article 6(1)(c) of the GDPR, as well as
this is permitted by law and is necessary for the performance of contractual relationships with you pursuant to Article 6(1)(b) of the GDPR.
Data protection information for applicants
Our handling of your data and your rights Information in accordance with Art. 13, 14 of the General Data Protection Regulation (GDPR) This privacy policy provides you with information on how fairplaid GmbH handles information that it receives through your application. In accordance with Art. 13 para. 1 and para. 2 GDPR, as well as Art. 14 para. 1 and 2 GDPR (EU General Data Protection Regulation), we hereby inform you that we will only process the data collected from you as part of the application process for the position you have applied for. The provision of your data is necessary for the possible conclusion of a contract. Your data will also be processed further if a contract is concluded.
Scope and Purpose of Data Processing We process the data you provide to us when you apply for an advertised position or submit a speculative application (personal data, contact information, educational background, professional history, cover letter, resume, headshot, and references). We require this data to process your application.
Legal basis for processing: Data processing for the purposes of the employment relationship – Section 26 BDSG: Your personal data is processed for the purpose of selecting candidates to fill open positions, i.e., to initiate an employment contract. The legal basis is Section 26(1) of the Federal Data Protection Act (BDSG). Consent – Article 6(1)(a) GDPR, Section 26(2) BDSG: If you have voluntarily given us your consent to process certain personal data, then this consent forms the legal basis. You have the right to withdraw your consent at any time with future effect (by email to bewerbung@fairplaid.com). Data processing based on legitimate interest – Article 6(1)(f) GDPR: In certain cases, we process your data to safeguard a legitimate interest of ours or of third parties, e.g., to assert, exercise, or defend legal claims.
Recipients of personal data Your data will be shared exclusively with the Human Resources staff responsible for the application process, as well as with employees in the relevant departments.
Retention Period We generally store your data only for as long as we need it for the application process. Unless you have given consent for further processing of your data, your application data will be stored for six months after the process is completed and then deleted. If you have given consent, we will store your data until you revoke it, but for no longer than 24 months.
Automated decision-making; profiling Your personal data will not be used for automated decision-making or profiling.
Your Rights as a Data Subject You have the right to request information about whether we have stored any personal data about you. In addition, you have the right to rectification, erasure, restriction of processing, data portability, and objection. You also have the right to lodge a complaint with the competent data protection supervisory authority. To exercise your rights, please contact us by email at bewerbung@fairplaid.com.
General information on the legal basis for data processing on this website
If you have consented to the processing of your data, we process your personal data on the basis of Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR. In the event of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Article 49(1)(a) of the GDPR. If you have consented to the storage of cookies or to access to information on your device (e.g., via device fingerprinting), data processing is additionally carried out on the basis of Section 25(1) TDDDG. Consent may be revoked at any time. If your data is necessary for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Article 6(1)(b) of the GDPR. Furthermore, we process your data if it is necessary to comply with a legal obligation on the basis of Article 6(1)(c) of the GDPR. Data processing may also be carried out on the basis of our legitimate interest pursuant to Article 6(1)(f) of the GDPR.
Recipients of personal data
As part of our business operations, we collaborate with various external parties. In some cases, this requires the transfer of personal data to these external parties. We only disclose personal data to external parties if this is necessary for the performance of a contract, if we are legally obligated to do so, if we have a legitimate interest in the disclosure pursuant to Article 6(1)(f) of the GDPR, or if another legal basis permits the disclosure of data. When using data processors, we only transfer our customers’ personal data on the basis of a valid data processing agreement.
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can withdraw your consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to object to the collection of data in special cases and to direct marketing (Art. 21 GDPR)
If data processing is based on Article 6(1)(e) or (f) of the GDPR, you have the right at any time to object to the processing of your personal data on grounds relating to your particular situation; this also applies to profiling based on these provisions. If you object, we will no longer process your personal data in question unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims (objection under Article 21(1) of the GDPR). If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes.
Right to file a complaint with the competent supervisory authority
In the event of a breach of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place where the alleged breach occurred.
Right to data portability
You have the right to receive data that we process automatically based on your consent or in fulfillment of a contract, either directly or through a third party, in a commonly used, machine-readable format.
Information, correction and deletion
In accordance with applicable legal provisions, you have the right at any time to receive, free of charge, information about your stored personal data, its source and recipients, and the purpose of the data processing, as well as the right to have this data corrected or deleted, if applicable.
Right to restriction of processing
You have the right to request that the processing of your personal data be restricted. The right to restriction of processing applies if you contest the accuracy of your personal data stored by us, if the processing was or is unlawful, if we no longer need the data but you need it to exercise legal claims, or if you have lodged an objection pursuant to Article 21(1) of the GDPR.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential information. You can tell that the connection is encrypted because the address bar in your browser changes from “http://” to “https://” and because of the padlock icon in your browser’s address bar.
3. Hosting
We host the content of our website with the following provider:
The provider of Squarespace is Squarespace Ireland Ltd., Le Pole House, Great Ship Street, Dublin 8, Ireland (hereinafter “Squarespace”). Squarespace is a tool for creating and hosting websites. When you visit our website, your data is processed on Squarespace’s servers. In this process, personal data may also be transferred to Squarespace’s parent company, Squarespace Inc., 8 Clarkson St, New York, NY 10014, USA. Squarespace also stores cookies that are necessary for displaying the site and ensuring security (essential cookies).
The use of Squarespace is based on Article 6(1)(f) of the GDPR. We have a legitimate interest in ensuring that our website is displayed as reliably as possible. If consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG.
Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. For more details, please visit: https://support.squarespace.com/hc/de/articles/360000851908-DSGVO-und-Squarespace. The company is certified under the “EU-US Data Privacy Framework” (DPF). For further information, please contact the provider via the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnjcAAC&status=Active.
Data Processing We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law that ensures the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
4. data collection on this website
Cookies
Our website uses so-called “cookies.” Cookies are small data packets that do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser deletes them automatically. Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain third-party services within websites (e.g., cookies for processing payment services). Cookies serve various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies may be used to analyze user behavior or for advertising purposes. Cookies that are necessary for the execution of the electronic communication process, for providing certain functions you have requested, or for optimizing the website (necessary cookies) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG); consent may be revoked at any time. You can configure your browser to notify you when cookies are set and to allow cookies only on a case-by-case basis, to exclude the acceptance of cookies for specific cases or generally, and to enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website. You can find out which cookies and services are used on this website in this privacy policy.
5th Newsletter
Newsletter information
If you would like to subscribe to the newsletter offered on the website, we need your email address as well as information that allows us to verify that you are the owner of the provided email address and that you consent to receiving the newsletter. No other data is collected, or is collected only on a voluntary basis. We use this data exclusively for sending the requested information and do not share it with third parties. The processing of the data entered in the newsletter registration form is based solely on your consent (Art. 6(1)(a) GDPR). You may revoke your consent at any time, for example via the “Unsubscribe” link in the newsletter. The lawfulness of data processing operations that have already taken place remains unaffected by the revocation. The data you provide to us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter, and will be deleted from the newsletter distribution list after you unsubscribe or once the purpose for which it was collected no longer applies. We reserve the right to delete or block email addresses from our newsletter distribution list at our discretion within the scope of our legitimate interest pursuant to Art. 6(1)(f) GDPR. After you unsubscribe from the newsletter distribution list, your email address may be stored by us or the newsletter service provider on a blacklist, if necessary, to prevent future mailings (legitimate interest within the meaning of Article 6(1)(f) of the GDPR). Storage on the blacklist is not time-limited. You may object to this storage provided that your interests outweigh our legitimate interest. The data is transferred to the service provider Brevo GmbH (formerly: Sendinblue) for mailing purposes. A data processing agreement has been concluded with the service provider.
6. plugins and tools
Google Fonts
This site uses so-called Google Fonts, provided by Google, to ensure consistent font display. When you visit a page, your browser loads the necessary fonts into its cache to display text and fonts correctly. To do this, the browser you are using must connect to Google’s servers. As a result, Google becomes aware that this website has been accessed via your IP address. The use of Google Fonts is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in the uniform display of fonts on its website. If consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. If your browser does not support Google Fonts, a standard font from your computer will be used. The company is certified under the “EU-US Data Privacy Framework” (DPF). For more information about Google Fonts, visit https://developers.google.com/fonts/faq and Google’s Privacy Policy: https://policies.google.com/privacy?hl=de.
7. landing pages and other pages
Revocation - cancelation.fairplaid.com
When you submit the "FAIRPLAID Crowdfunding Revocation Support" form, we process the personal data entered for this purpose.
What data we collect and why
Identification and contact information: First and last name, email address – so that we can clearly identify you and inform you of the status of your request. Legal basis: Article 6(1)(b) of the GDPR (performance of a contract).
Transaction and project data: Support ID, project name, link to the project, amount of support – to uniquely identify your payment or contribution and process a proper refund. Legal basis: Article 6(1)(b) of the GDPR.
Free-text fields: Notes/Comments – to clarify specific questions or details regarding your withdrawal. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in providing efficient customer service).
Who Receives Your Data Internally, access is limited to the departments responsible for processing your cancellation. Externally, we only share data with payment service providers and banks to the extent necessary for processing the refund, as well as with tax and legal advisors when required by law. Data is not transferred to third countries unless it is strictly necessary for the performance of the contract.
How long we store your data We delete your data as soon as it is no longer needed for the purposes stated. However, retention requirements under commercial and tax law may extend up to 10 years (Section 147 of the German Fiscal Code, Section 257 of the German Commercial Code).
Required Information and Your Rights We need all marked required fields to process your request for withdrawal. You may request access to, correction of, deletion of, or restriction of the processing of your data at any time (hello@fairplaid.com). You also have the right to file a complaint with a data protection supervisory authority.
Data Security: Form submissions are transmitted using TLS encryption. Our hosting partner processes your data exclusively on our behalf (data processing on our behalf in accordance with Article 28 of the GDPR).
Crowdfunding project evaluation - evaluation.fairplaid.com
When you complete the multi-page questionnaire "EVALUATION CROWDFUNDING PROJECT" at evaluation.fairplaid.com, we process the personal data you enter there.
What data we collect and what we use it for
Contact and identification information: First name, last name, email address, phone number (optional) – to uniquely identify you and send you the evaluation results. Legal basis: Article 6(1)(b) of the GDPR.
Organizational, project, and financial data: To provide a realistic assessment of your project. Legal basis: Article 6(1)(b) of the GDPR.
Reach and communication channels: To assess the size of your community. Legal basis: Article 6(1)(b) of the GDPR.
Personal assessment of your network: Legal basis: Article 6(1)(f) of the GDPR (legitimate interest in providing tailored advice).
Recipients of the data and retention period Internally, access is limited to the teams responsible for consulting and evaluation. Externally, we only share data with service providers (processors pursuant to Article 28 of the GDPR). We retain your information for as long as it is necessary for evaluation and any subsequent project consulting, but for no longer than 12 months after the consulting services have been completed.
Your Rights and Data Security You have the right to access, correct, delete, and object to the processing of your data at any time (hello@fairplaid.com). The questionnaire is transmitted using TLS encryption.
8. Online meetings, conference calls, and webinars via Microsoft Teams
As part of our project work, we use “Microsoft Teams” and other Office 365 cloud services to conduct conference calls, online meetings, video conferences, webinars, and online training sessions. “Microsoft Teams” and Office 365 are services provided by Microsoft Corporation, which is headquartered in the United States. You can find Microsoft’s official privacy statement here: https://privacy.microsoft.com/de-de/privacystatement. To participate in online meetings, you can either install the Teams app or use the browser version directly.
What data is processed?
User information: First and last name, email address, password (if single sign-on is not used), profile picture (optional)
Meeting metadata: Topic, description (optional), participant IP addresses, device and hardware information
Recordings (optional): MP4 file (video, audio, presentations), M4A file (audio), and chat transcript (only with explicit prior consent)
Telephone data: incoming and outgoing phone numbers, country code, start and end of the call
Interactive content: chat messages, polls, questions, and file uploads (images, audio, video, Office documents)
Scope of Processing We use “Microsoft Teams” and Office 365 services. Recordings and minutes are only made after prior notice and with your consent. Meeting reports (metadata, call data, questions/polls) are stored for registered users until the end of the meeting plus one month.
Legal Basis, Data Processing, and Transfers to Third Countries For contract meetings, Article 6(1)(b) of the GDPR applies; otherwise, processing is based on Article 6(1)(f) of the GDPR (legitimate interest in ensuring smooth online meetings). We have entered into a data processing agreement (DPA) with Microsoft in accordance with Article 28 of the GDPR. This ensures that Microsoft processes personal data exclusively in accordance with our instructions and in compliance with the GDPR. Since personal data may be transferred to Microsoft’s parent company in the United States, we note that Microsoft is certified under the “EU-US Data Privacy Framework” (DPF). Additionally, the data transfer is based on the EU Commission’s Standard Contractual Clauses.
9. Customer Relationship Management (CRM) and Marketing with HubSpot
We use HubSpot on our website, a tool for digital marketing, customer relationship management (CRM), and customer communication. The service provider is the American company HubSpot, Inc., located at 25 First St, 2nd Floor, Cambridge, MA, USA. The company also has an office in Ireland at 1 Sir John Rogerson’s Quay, Dublin 2, Ireland.
HubSpot is an integrated software solution that we use to manage various aspects of our communications (including contact management, landing page creation, and forms). Processing is based on our legitimate interest in the efficient management of our customer relationships (Art. 6(1)(f) GDPR) or for the purpose of entering into or fulfilling a contract (Art. 6(1)(b) GDPR).
Data Processing in the United States and Standard Contractual Clauses HubSpot processes your data in the United States, among other places. Please note that HubSpot is certified under the EU-US Data Privacy Framework (DPF). This agreement between the European Union and the United States ensures compliance with European data protection standards when data is processed in the United States.
As an additional basis for data processing by recipients located in third countries, HubSpot uses so-called Standard Contractual Clauses (SCCs pursuant to Article 46(2) and (3) of the GDPR). Standard Contractual Clauses are model templates provided by the European Commission and are intended to further ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries. Through these clauses, HubSpot commits to adhering to European data protection standards when processing your relevant data. These clauses are based on an implementing decision by the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.
Data Processing Agreement (DPA) We have entered into a Data Processing Agreement (DPA) with HubSpot. The Data Processing Agreement, which complies with the Standard Contractual Clauses, can be found at https://legal.hubspot.com/dpa. You can learn more about the data processed through the use of HubSpot in the Privacy Policy at https://legal.hubspot.com/de/privacy-policy.
10. Initial contact and coaching via WhatsApp Business
We offer you the option to contact us via the WhatsApp messaging service or to take advantage of our coaching services. The provider is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, Ireland. For this communication, we use the "WhatsApp Business" API, which is integrated with our CRM system (HubSpot).
Initiating Contact: We will never contact you via WhatsApp without your request. Communication takes place only if you initiate it. By sending us your first message, you consent to the processing of your data (in particular your phone number, name, metadata, and chat content) for the purpose of handling your inquiry or conducting the coaching session. The legal basis for processing is, depending on the nature of the inquiry, Article 6(1)(b) of the GDPR (pre-contractual measures) or your consent pursuant to Article 6(1)(a) of the GDPR. You may revoke this consent at any time with future effect by notifying us via chat. Any processing that has taken place up to that point remains lawful.
Note on metadata and transfers to third countries: The content of messages is end-to-end encrypted and cannot be read by Meta. However, we expressly note that Meta collects, stores, and processes so-called metadata (e.g., information about when, how often, and from where you communicate with us, as well as device and IP information) on servers in the United States. Meta is certified under the “EU-US Data Privacy Framework” (DPF). Nevertheless, we have no influence over the exact scope and further use of the metadata by Meta. For more information, please see WhatsApp’s Privacy Policy: https://www.whatsapp.com/legal/privacy-policy