Privacy Policy
Thank you for visiting our website. In the following, we would like to inform you about the handling of your data according to Art. 13 of the General Data Protection Regulation (DSGVO).
1. Controller
diesdas.digital GmbH is responsible for the data processing described below in accordance with data protection regulations.
diesdas.digital GmbH
Oranienstr. 6
10997 Berlin
2. Processing of log files
When visiting our website, our web server automatically stores standardized information about your device and the browser used in a log file. We process this data to analyze server errors and potential misuse. In detail, this data record consists of
- Name of the requested website
- Date and time of the request,
- Amount of data transferred,
- Notification of successful retrieval
- IP address of the requesting device
- Specific address of the page requested
- Referrer URL (if applicable)
- Browser identification string
This data cannot be used to identify you personally. It is analyzed in anonymized form only. Log files are regularly deleted after seven days at the latest. The legal basis for this processing is our legitimate interest in accordance with Article 6(1)(f) GDPR.
2.1 SSL or TLS encryption
For security reasons and to protect the transmission of personal data and other confidential content (e.g., inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the “https://” URL prefix and the padlock icon in your browser’s address bar.
3. Hosting
We host our website with our contract processors:
Salesforce, Inc.
Salesforce Tower
415 Mission Street
3rd Floor
San Francisco
CA 94105
United States
and
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Ireland
4. Newsletter
You can subscribe to our newsletter on our website. The newsletter is sent via Buttondown, provided by Buttondown LLC, Seattle, USA—a privacy-friendly provider operating in accordance with the GDPR on our behalf. Buttondown stores the following information:
- IP address
- Open and click events
- Subscriber data (email address, name).
This data is used exclusively to operate the newsletter and is not shared with third parties or used for commercial purposes by Buttondown or Diesdas.
Processing is based on your consent (Article 6(1)(a) GDPR). You may revoke your consent at any time by clicking the unsubscribe link included in each email.
We have a data processing agreement with Buttondown under Article 28 GDPR. Since Buttondown is based in the USA, data transfers to third countries occur. Protection is ensured through EU Standard Contractual Clauses (SCC) pursuant to Article 46(2)(c) GDPR. However, as with all US-based services, access by authorities cannot be completely ruled out. We have implemented contractual safeguards to best protect your data.
More information can be found in Buttondown’s privacy policy.
5. Contact via e-mail
If you contact us by email, your inquiry and any resulting personal data (e.g., name, message content) will be stored and processed for the purpose of handling your request.
This is based on Article 6(1)(b) GDPR, if your inquiry is related to a contract or required for pre-contractual measures. In other cases, it is based on our legitimate interest (Article 6(1)(f) GDPR) or your consent (Article 6(1)(a) GDPR).
Your data will be retained until you request deletion, withdraw your consent, or the purpose for storage no longer applies. Legal retention obligations remain unaffected.
6. Event Planning
We use lu.ma, provided by Luma, Inc. (USA), for event registration and management.
When registering for an event, lu.ma processes personal data such as:
- Email address (mandatory)
- Name (if requested)
- Technical data (e.g., IP address, browser, usage behavior)
This processing is necessary to manage and run the event (Article 6(1)(b) GDPR). lu.ma provides the platform and processes data on our behalf and according to our instructions.
For paid events, Stripe is integrated as the payment processor, and necessary data will be passed to Stripe.
Since lu.ma is based in the USA, data may be transferred outside the EU. Protection is ensured through EU Standard Contractual Clauses (SCC). However, a residual risk remains that US authorities could access the data without effective legal remedies. We have implemented additional safeguards to protect your data.
More information: https://lu.ma/privacy-policy
7. Use of cookies & tracking tools
We use tracking technologies such as cookies on our website to measure and evaluate our website and to continuously improve our content. For the protection of our users and partners, we can also detect and prevent fraud and security risks.
Cookies are small text files used by websites to simplify and speed up the management of your visit to our website or are necessary to allow you to use and access secure areas of the website.
Depending on where a cookie comes from, we can first distinguish between so-called first-party cookies and third-party cookies:
- First-party cookies - cookies that are generated and stored locally by the website operator as the controller or by a processor commissioned by the operator. Only the operator has access to these cookies.
- Third-party cookies - cookies that are generated, set and accessed by third-party providers that are not acting as processors on behalf of the website operator.
Depending on the validity period, a distinction can also be made between so-called transient and persistent cookies:
- Transient cookies - cookies that are automatically deleted when you close the browser. These include, in particular, session cookies.
- Persistent cookies - cookies that remain stored on your terminal device for a specified period of time after you close the browser.
Depending on their nature and purpose, the user's consent may be required for the use of certain cookies. In this respect, cookies can then be differentiated according to whether the user's consent is mandatory for their use:
- Consent-free cookies - cookies that are absolutely necessary for the website operator, which has been expressly requested by the subscriber or user, to provide this service ("Absolutely Necessary Cookies").
- Consent-required cookies - cookies that are used for all purposes other than those mentioned above.
Insofar as your consent is required, we use these very cookies alone if you have given your consent in advance. The legal basis for processing personal data is regularly Art. 6 para. 1 lit. a DSGVO. When you call up our website, we display a so-called "cookie banner" in this regard, in which you can declare your consent to the use of cookies on the website by pressing a button.
We use cookies that are absolutely necessary on the basis of Art. 6 (1) lit. f DSGVO in the legitimate interest of ensuring the functionality of our website. These cookies cannot be disabled via the cookie banner of this website. However, you can generally manage and deactivate these cookies in your browser at any time.
Our website uses Cookiebot, a service provided by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark, as a consent management platform. Cookiebot helps us obtain, document, and manage your legally required consent for the use of certain cookies and similar technologies.
When you first visit our website, a cookie banner will appear, allowing you to set your individual preferences. You can change or withdraw your consent at any time by clicking the cookie icon in the bottom left corner of the screen and adjusting your settings in the dialog that appears.
For more information about Cookiebot, please visit: https://www.cookiebot.com/en/
You can object to data processing at any time with effect for the future by preventing the storage of cookies through the setting in your browser.
7.1 Use of Google Services for Web Analysis and Advertising
We use the following services by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. Data collected via these services is usually sent to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Data transfers rely on EU Standard Contractual Clauses. Where applicable, IP anonymization is enabled.
Only in exceptional cases will the full IP address be transmitted to a Google server and shortened there. Unless otherwise stated for the individual technologies, the data processing is based on an agreement concluded for the respective technology between jointly responsible parties in accordance with Art. 26 DSGVO. Further information on data processing by Google can be found in Google's privacy policy.
7.2 Google Analytics
For the purpose of website analysis, Google Analytics automatically collects and stores data (IP address, time of visit, device and browser information as well as information on your use of our website), from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. Your IP address will not be merged with other Google data. Data processing is carried out on the basis of an order processing agreement by Google.
7.3 Google Ads
For advertising purposes in Google search results as well as on third-party websites, the so-called Google Remarketing Cookie is set when you visit our website, which automatically enables interest-based advertising by collecting and processing data (IP address, time of visit, device and browser information as well as information on your use of our website) and by means of a pseudonymous CookieID and on the basis of the pages you visit. Any further data processing will only take place if you have activated the "personalised advertising" setting in your Google account. In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing.
For website analysis and event tracking, we measure your subsequent usage behaviour via Google Ads Conversion Tracking if you have reached our website via an advertisement from Google Ads. For this purpose, cookies may be used and data (IP address, time of visit, device and browser information as well as information about your use of our website based on events specified by us, such as visiting a website or subscribing to a newsletter) may be collected, from which usage profiles are created using pseudonyms.
7.4 MUX
Our website uses the “Mux” video service provided by Mux, Inc (1182 Market St. Suite 425, San Francisco, CA 94102, USA). Mux is a user experience real-time analysis platform (API, application programming interface) for the creation of videos by developers. If you have activated Java script in your browser and have not installed a Java script blocker, your browser may transmit personal data to Mux. You can find more information on the handling of user data in the Mux privacy policy at https://mux.com/privacy.
8. Online application
In the course of your online application by e-mail or via Homerun ((Homerun B.V., Amsterdam), we collect and process personal data for the purpose of handling the application process and for the implementation of pre-contractual measures. When you send an application, the following data may be transmitted:
- First and last name
- Date of birth
- Address
- Email address
- Phone number
- Cover letter
- CV and certificates
- Any other voluntarily provided personal data
Your data will initially be processed exclusively for the purpose of implementing and reviewing the application process. The legal basis for this results from Art. 88 (1) DSGVO in conjunction with Section 26 (1) Sentence 1 BDSG. As a rule, we do not require any special categories of personal data (e.g. information about a severe disability) as defined by Art. 9 DSGVO for the application process. However, if you voluntarily provide us with such data, the processing will be carried out on the legal basis of Art. 9 (2) b DSGVO in conjunction with Section 26 (3) BDSG.
If an employment relationship arises between you and us, we will process your data in accordance with Art. 88 DSGVO in conjunction with. § 26 BDSG in the following for the implementation of the employment relationship with you.
We store your personal data as long as this is necessary for the decision on your application. If you are not hired, your personal data or application documents will be deleted six months after the end of the application process, unless longer storage is legally required or permitted (e.g. for the assertion, exercise or defense of legal claims for the duration of a legal dispute, travel expense accounting, etc.). Afterwards, the data is only available to us as so-called metadata without direct personal reference for statistical evaluations (for example, proportion of women or men in applications, number of applications per period, etc.).
If an employment relationship is established following the application process, we will store your data for the duration of the employment relationship with you. However, you will receive further information about the processing of your data in the employment relationship as soon as the employment relationship with us begins.
With the consent of applicants, their personal data will be added to our talent pool in order to consider them for future suitable job opportunities. The data will be stored for a period of 24 months and used exclusively for the purpose of contacting them regarding new career opportunities. After this period, the data will be automatically deleted unless renewed consent for continued storage is provided.
Homerun provides us with the platform and stores the data on our behalf. This means that we remain responsible for your data, and Homerun may only process it according to our instructions.
For more information about data protection at Homerun, please refer to the Homerun: Privacy Statement.
9. Social media channels
We also promote presences on our website on the social networks listed below.
The integration takes place via a linked graphic of the respective network. The use of this linked graphic prevents the automatic establishment of a connection to the respective server of the social network when the website is called up.
This means that you will only be redirected to the service of the respective social network by clicking on the corresponding graphic. After the forwarding, information about you will be collected by the respective network. This is initially data such as IP address, date, time and page visited. It cannot be ruled out that the data collected in this way is processed in the USA.
If you are logged into your user account of the respective network during this time, the network operator may be able to assign the collected information to your personal account. If you interact, for example, via a "Share" button of the respective network, this information can also be stored in your personal user account and possibly published.
If you want to prevent the collected information from being directly assigned to your user account, you must log out before clicking on the graphic or configure the respective user account accordingly. For more information on the processing of your data, please refer to our social media notices.
10. Your Data Subject Rights
With regard to the data processing listed here, you are entitled to various data subject rights that are regulated in the GDPR.
10.1 Right to Information
Pursuant to Art. 15 EU-DSGVO, you have the right to request confirmation from us as to whether personal data relating to you is being processed. If this is the case, you have a right to information about this personal data and the information specified in Art. 15 (1) Hs. 2 EU-DSGVO. This includes in particular the purpose of the processing, the categories of data processed, the recipients to whom data has been or will be disclosed, as far as possible the planned duration of storage or the criteria for the duration of storage.
10.2 Right to Rectification
Pursuant to Art. 16 EU-DSGVO, you have the right to demand that we correct any inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.
10.3 Right to Erasure
Pursuant to Art. 17 EU-DSGVO, you have the right to demand that we delete personal data concerning you without undue delay. We are obliged to delete personal data without undue delay if one of the reasons set out in Art. 17 (1) EU-DSGVO applies. These reasons include, for example, that the data is no longer necessary for the purposes for which it was collected or otherwise processed.
10.4 Right to Restriction of Processing
Pursuant to Art. 18 EU-DSGVO, you have the right to demand that we restrict processing if one of the conditions listed in Art. 18 EU-DSGVO applies. This includes, for example, that you dispute the accuracy of the personal data. Then we may only process the data in a restricted manner for as long as it takes to verify the accuracy of the personal data.
10.5 Right to Data Portability
Pursuant to Art. 20 EU-DSGVO, you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You have the right to transfer this data to another responsible party i.e. another entity that processes data, without hindrance, provided that the original processing was based on consent or was necessary for the performance of a contract.
10.6 Right to Object
Pursuant to Art. 21 EU-DSGVO, you have the right to object at any time to the processing of personal data relating to you if such data is processed on the basis of Art. 6(1)(e) or (f) EU-DSGVO and there are grounds for doing so based on your personal situation. You may object to the processing of data for the purpose of direct marketing at any time. Personal data will then no longer be processed for this purpose. The right to object can be exercised by means of an informal declaration. A written statement or, optionally, an e-mail to the above contact address is sufficient.
10.7 Right to Withdraw Consent
Pursuant to Art. 7 (3) EU-DSGVO, you have the right to revoke your consent to processing at any time. The lawfulness of the processing carried out on the basis of the consent until the revocation is not affected. The right of revocation can be exercised by an informal declaration. A written declaration or, optionally, an e-mail to the above contact address is sufficient. You can withdraw your consent to the use of cookies via our banner, which is displayed when you call up our privacy policy.
10.8 Right to Complain to a Supervisory Authority
Pursuant to Art. 77 EU-DSGVO, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your place of work or the place of the alleged infringement, without prejudice to any other administrative or judicial remedy, if you are of the opinion that the processing of personal data concerning you violates this Regulation. In the present case, the competent supervisory authority is:
Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstr. 219
10969 Berlin
Tel.: +49 (0)30 13889-0
E-mail: [email protected]
11. Data Protection Officer
Our external data protection officer will be happy to provide you with information on the subject of data protection under the following contact details:
Ali Tschakari, LL.M.
Bitkom Servicegesellschaft mbH
Albrechtstrasse 10
10117 Berlin
E-mail: [email protected]
If you contact our data protection officer, please indicate the responsible office in the imprint.
12. Concluding provisions
diesdas.digital GmbH reserves the right to adapt this data protection declaration at any time so that it always complies with the current legal requirements or in order to implement changes to the services in the data protection declaration, e.g. when new services are introduced or changes are made to the website. The new data protection declaration will then apply to a renewed access to this website.
Last updated: June 2025.