Publisher and editors in charge of the internet portal within the
meaning of the German Telemedia Act (Telemediengesetz – TMG):
Experience One AG
Telephone: +49 711 25 35 99 60
Fax: +49 711 25 35 99 70
Executive: Kai Müller (Chairman)
Board: Michael Maedel (Chairman)
Managing Directors: Linda Stauffenberg, Urban Dausacker, Jens Fauth
Business location: Stuttgart Amtsgericht Stuttgart HRB 767342
tax ID: DE246431089
Publisher of this website is Experience One AG. Experience One AG is a limited liability company subject to German law (commercial register Amtsgericht Stuttgart HRB 720342) and is based in Stuttgart. If you have feedback on the design and layout or questions concerning the content of this website, please send an e-mail to firstname.lastname@example.org.
Experience One AG continually reviews and updates the information on this website. Despite these precautions, information may still have changed in the meantime. For this reason, Experience One AG assumes no liability, nor offers any guarantee with regard to the currency, correctness or completeness of the information provided. The same applies for all other websites accessed by way of hyperlinks. Experience One AG is not responsible for the content of websites accessed in this way. Experience One AG also reserves the right to change or add to the information provided at any time. The content and structure of these webpages is copyright protected. The reproduction of information or data, in particular the use of text, portions of text or images requires the prior written consent of Experience One AG.
The Experience One AG website may contain hyperlinks to websites belonging to third parties. These hyperlinks do not constitute any endorsement of the content found on these websites and are provided merely to simplify the website visitor’s experience when using the Internet. Experience One AG claims no ownership to these websites and assumes no liability whatsoever for the content or information found on them. The operators of the linked websites are solely responsible for the content of their websites, and users visit these websites at their own risk. If you notice that links found on our websites point to pages containing content that is in violation of the law, please notify us immediately. We will immediately remove these links from our website.
In all publications, Experience One AG strives to respect the copyrights covering graphics, audio documents, video sequences and text, to use graphics, audio documents, video sequences and text created by us or to use license-free graphics, audio documents, video sequences and text.
All brands and trademarks mentioned on the website and/or protected by third parties are fully subject to the provisions of the respective trademark laws and the rights of the respective copyright owners. It is not to be assumed that simply because a brand is mentioned, it is not legally protected by a third party. Experience One AG is the sole owner of the copyright for published items created by Experience One AG. Duplication or use of such items without the express prior consent of Experience One AG, in particular graphics, audio documents, video sequences and text in other electronic or printed publications, is prohibited.
The unauthorized use, in particular the unauthorized copying, reproduction, distribution of entire websites or individual contents is prohibited. The same applies for the unauthorized use of individual content items or entire webpages on the websites of other operators. Should Experience One AG grant other websites its express consent to link to its site, the Experience One AG website must be the sole element in the navigation window. In such cases information from the Experience One AG website must not be modified or tampered with.
The protection of our employees, customers, and partners as well as their data has a high priority for the management of Experience One.
The use of our website is basically possible without providing personal data. However, if you wish to use certain services, it may be necessary to process your personal data. If the processing of personal data is required and there is no legal basis for such processing, we generally seek the consent of the data subject.
The processing of personal data (e.g. name, address, e-mail address) is always in accordance with the General Data Protection Regulation (GDPR) and among others the German Federal Data Protection Act (BDSG) and the Telemedia Act (TMG).
Experience One, as controller, has implemented numerous measures to ensure the security of your data. Nevertheless, Internet-based data transmissions can in principle have security vulnerabilities so that absolute protection cannot be guaranteed. Therefore, you are free to provide personal information in alternative ways, such as by telephone.
22.214.171.124 Personal data
Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. IP-Address) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
126.96.36.199 Data Subject
Data subject is each identified or identifiable natural person whose personal data is processed by the controller.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means (e.g. electronical), such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;
188.8.131.52 Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future;
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;
Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information.
Controller means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
Processor means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller;
Recipient means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data as part of their duties shall not be regarded as recipients;
184.108.40.206 Third party
Third party means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons under the direct authority of the controller or processor, are authorized to process personal data (e.g. employees)
Consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
4.1.2 Name and address of the controller
Controller according to the applicable data protection regulations is:
Experience One AG
Tel.: +49 711 25 35 99 60
4.1.3 Contact data of data protection officer
The controller appointed a data protection officer according to the legal regulations. The data protection officer can be contacted at:
Tel.: +49 160 94 81 00 58
The data protection officer can be contacted directly by the data subject at any time with all questions and suggestions regarding data protection.
4.1.4 Legal basis of processing
If we obtain your consent for a specific processing purpose, this is based on Art. 6 par. 1 lit. a GDPR. If the processing of personal data is required to fulfill a contract where the data subject is party (for example, delivery of goods, contract of employment) or if this is for preparation of a contract (for example, inquiries about our services), the processing is based on Article 6 par. 1 lit. b GDPR.
If Experience One is subject to a legal obligation that requires processing, such as the fulfillment of tax obligations, the processing is based on Art. 6 par. 1 lit. c GDPR.
In rare cases, the processing of personal data may be required to protect vital interests of the data subject or any other natural person, for example if a visitor to our company were injured and subsequently provided his or her data to a doctor, hospital or other third party. In this case, the processing is based on Art. 6 par. 1 lit. d GDPR.
Most processingy are based on Art. 6 par. 1 lit. f GDPR. According to this, documented legitimate interests of Experience One (for example, disclosure of our services or knowledge of website visitors) are sufficient as a basis, unless the interests and fundamental rights freedoms of the person concerned prevail. These legitimate interests include, the performance of our business for the benefit of all our employees and our partners.
4.1.5 Purpose of processing
The collection of personal data via our website serves various purposes, for which external service providers are also used (see below). The main purposes (unless otherwise stated below) are:
Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. Through this, individual computers or the affected person can be identified, distinguished from others, and be recognized on re-visit. By using cookies, we can provide you with more user-friendly services that would not be possible without the cookie setting.
As an example, we can provide you with specific information and offers, or you do not have to log in again when you visit our site again. Another example is the shopping basket in the online shop. The online shop remembers the items that a customer has placed in the virtual shopping cart via a cookie.
The data subject can prevent the setting of cookies by our website at any time by means of a corresponding setting in the browser used and thus permanently contradict the setting of cookies. Furthermore, already set cookies can be deleted at any time via the browser. With deactivated cookies, not all functions of our website may be fully usable.
4.1.7 Collection of general data and information
When using this general data and information, Experience One does not draw conclusions about the data subject. Rather, the data is needed to:
This anonymously or pseudonymically collected data and information are therefore statistically evaluated by us. The server log files are stored separately from all personal data provided by an affected person and automatically deleted after 6 months.
4.1.8 Data transfer / recipients
Experience One uses some services from external providers that can also be located outside the EU. these are among others:
4.1.9 Rights of data subjects
As data subject you have the following rights as far as Experience One processes your personal data. If you wish to exercise one of these rights, you can contact our data protection officer or another employee at any time.
220.127.116.11 Right of access
Any data subject has the right to demand free information from the controller at any time as to whether personal data is being processed. In addition, a data subject may request information about the personal data stored about him and obtain a copy of this data. The information contains information about:
18.104.22.168 Right of Rectification
If the data processed about you is faulty, you have the right to demand the immediate correction of inaccurate personal data. This also applies to the completion of personal data, if necessary also by a supplementary declaration.
22.214.171.124 Right of erasure (right to be forgotten) and right to restriction of processing
Any data subject of the processing has the right to require the controller to delete the personal data concerning him or her without delay, provided that one of the following grounds applies and processing is not required:
The data protection officer will also check the request for legality and conflicting duties (e.g. tax retention period) and, if necessary inform the recipients of the data about the deletion request. If deletion is not possible you will be informed about the reasons.
If the processing purpose has ceased, but there are still retention periods, or the data is needed to exercise or defend legal claims, the processing may be restricted
126.96.36.199 Right to data portability
You have the right to receive personal information relating to you in a structured, commonly used, and machine-readable format. You can make this data available to another provider or ask us to hand over this data directly to the other provider. This right applies as far as the processing is based on your consent. This also includes automatically collected data if it does not affect the rights and freedoms of others and this is technically possible.
188.8.131.52 Right of objection
Each data subject has the right, at any time, to object on grounds relating to his or her situation, at any time to processing of personal data concerning him or her. This also applies to profiling based on these provisions. In the future, the data will no longer be processed unless we can prove compelling legitimate reasons that outweigh your interests. The right of objection applies in particular to processing for advertising purposes.
184.108.40.206 Automated individual decision-making, including profiling
You have the right not to be subject of any solely automated processing decision-making, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. This applies if the automated decision is not necessary for the conclusion of a contract between you and Experience One and you have not given a consent to the automated decision.
220.127.116.11 Right to withdrawal a data protection consent
Any data subject affected by the processing of personal data has the right, to withdrawal consent to the processing of personal data at any time.
If the data subject wishes to withdraw consent, they may at any time contact our data protection officer or another member of the data controller.
18.104.22.168 Lodge complaint with supervisory authority
As data subject, you have the right to lodge a complaint about the controller. This applies if you believe that Experience One infringes the data protection regulations or fails to answer your request in time or incorrectly. An overview of non-public sector (e.g., companies) supervisory authorities is available at:
Although the supervisory authority of Baden-Württemberg is responsible for Experience One (head office of the controller), you can contact any supervisory authority (for example, the one at your residence).
4.1.10 Routine deletion and restriction of personal data
The personal data of the data subject are stored only for the period necessary for the fulfillment of the purpose or as required by law. If the processing purpose expires a legal storage period, the personal data are routinely blocked or deleted according to the legal regulations.
About the follow-up of visitors to the Experience One website, the period is usually a maximum of 6 months. For applications that do not lead to employment or admission to the talent pool, there is also a deadline of 6 months. All other deadlines are based on tax and commercial law requirements.
Our privacy officer can provide you with the information for a specific processing operation.
4.1.11 Legal or contractual requirements and necessity of providing personal data & possible consequences of non-provision
The processing of personal data may be required by law (e.g. tax regulations) or may result from contractual arrangements (such as details of the contractor). The same applies to a contract (e.g. employment contract). Failure to provide the data would mean that the contract with you could not be closed. Our data protection officer will be happy to explain it to you on a case-by-case basis.
4.1.12 Existence of automated decision-making
As a responsible company we refrain from automatic decision-making.
4.2.1 Contact via website
In addition to the information provided for contacting us via e-mail and telephone, our website also contains a contact form. This also meets the legal requirements of a fast-electronic contact as the data is sent to a general e-mail address.
If you contact us by e-mail or via a contact form, the personal data you provide will be automatically saved. Such collected data will be stored for purposes of processing your request or contacting you. There is no disclosure of this data to third parties. Should further contact arise from the contact, e.g. to coordinate the appointment, the data is forwarded to the appropriate employees.
4.2.2 Commenting on our blog on the website
There is also a blog on our website. The blog allows website users to comment on individual posts. A blog is a public in which one or more people post articles.
If you leave a comment, the time of the comment as well as the selected username (pseudonym) are saved and published. In addition, we log the IP address of the computer used. The storage of the IP address is made for security reasons and is used if the comment violates the rights of third parties or contains illegal content. There is no disclosure of this data to third parties, unless such disclosure is required by law or serves to defend legal claims.
To provide you with this comment feature we use the comment plugin from Disqus (DISQUS Inc., 301 Howard St., Suite 300, San Francisco, CA 94105, USA). Disqus is an interactive commenting system that allows the user to comment on all web sites that use Disqus as a commenting system with just one login. In addition, users can log in via existing accounts on Facebook (Facebook Connect), Twitter, Yahoo and OpenID. The creation of comments without registration and registration (as a “guest”) is possible.
Disqus Inc., as well as the Zeta Global group, are signatories to the EU-US Privacy Shield. The Privacy Shield is designed to allow US companies to process data of data subjects in the EU while guarantee an appropriate level of safeguards. The Privacy Shield is thus an appropriate guarantee to ensure data protection in the USA. US companies’ participation in the Privacy Shield is voluntary and is a company commitment to privacy. More information can be found on the US Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/Program-Overview .
If you do not wish such an interaction, it is up to you to avoid loading the Disqus plug-ins on our site before visiting our websites by using a “script blocker”.
4.2.3 Subscribe to comments in the blog
Third parties may subscribe to the comments made in the blog of Experience One. If you decide to subscribe to comments, an automatic confirmation email will be sent to double-check on whether you really own the email address you provided. The option to subscribe to comments can be terminated at any time.
4.2.4 Data protection in applications and in the application process
We collect and process personal information from applicants for completing the application process. The processing is done electronically. This is especially the case if you send us the application documents electronically, for example by e-mail or via the web form the data are processed based on a separate agreement on behalf of Experience One by the company softgarden e-recruiting GmbH, Tauentzienstraße 14, D-10789 Berlin. The data transfer to softgarden is encrypted (Transport Layer Security, TLS). Further information on data protection at softgarden: https://www.softgarden.de/unternehmen/datenschutz/ .
If there is a contract of employment with an applicant, the transmitted data will be stored for the purpose of the employment relationship in compliance with the law. If no employment contract is concluded with the applicant, the application documents will be stored for at least two months and for a maximum of six months and then automatically deleted, unless there are other reasons preventing the deletion. If we include you in a talent pool, we need your consent. Your data will not be deleted if you agree to be included in the Talent Pool.
Experience One has integrated the Google Analytics component (with anonymization function) for web analysis on this website. Among other things, a web analytics service collects information about which website a data subject came from (so-called referrers), which pages were visited, how often, and how long. This information can be used to optimize the website. We use the addition “_gat._anonymizeIp” for the web analysis. The IP address is shortened and anonymized by this.
Operator of Google Analytics is Google LLC., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA. Among other things, Google uses the data obtained to evaluate our website for Experience One, to compile online reports and to provide other services related to the use of our website.
For this purpose, Google Analytics sets cookies on your computer. By using this cookie Google is enabled to analyze the usage of our website. As part of this, Google receives knowledge about personal data, such as the IP address. Thus, every time you visit our website, data is transmitted to Google in the United States of America. Google may share this information with others.
The Google LLC is a signatory to the EU-US Privacy Shield. The Privacy Shield is designed to allow US companies to process data of data subjects in the EU while guarantee an appropriate level of safeguards. The Privacy Shield is thus an appropriate guarantee to ensure data protection in the USA. US companies’ participation in the Privacy Shield is voluntary and is a company commitment to privacy. More information can be found on the US Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/Program-Overview .
Experience One integrated components of the company Facebook on its website. Operator of Facebook is the Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Controller for data subjects in the EU is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland. The purpose of using the component is to allow users to share the contents of our website and to promote our services.
Facebook Inc. is a signatory to the EU-US Privacy Shield. The Privacy Shield is designed to allow US companies to process data of data subjects in the EU while guarantee an appropriate level of safeguards. The Privacy Shield is thus an appropriate guarantee to ensure data protection in the USA. US companies’ participation in the Privacy Shield is voluntary and is a company commitment to privacy. More information can be found on the US Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/Program-Overview .
Each call of one of individual pages of this website, on which a Facebook component (Facebook plug-in) has been integrated, automatically downloads, and displays the respective Facebook component. In the process, data is also transmitted to the operator. This includes the IP address and visited website. An overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=en_US . As part of this process, Facebook is aware of what specific page of our website were visited.
This information is collected by Facebook and assigned by Facebook to the respective Facebook account if the user is simultaneously logged in to Facebook. If the data subject clicks one of the Facebook buttons integrated on our website, for example the “Like” button, or if the data subject makes a comment, Facebook assigns this information to the personal Facebook user account and saves this personal data. If the user is not logged in to Facebook at the same time, Facebook also receives data but does not assign it to any account.
If such a transfer of this information to Facebook is not wanted by the data subject, it can be prevented by logging out of the Facebook account before calling our website.
The data policy published by Facebook, available at https://de-de.facebook.com/about/privacy/ , provides information on the processing of personal data by Facebook. It also explains which options Facebook offers to protect the privacy of the data subject.
Experience One has integrated components from LinkedIn Corporation on our website. LinkedIn is a network that allows you to make new business contacts. The purpose of using the component is to allow users to make quick and accurate contact with us.
Operator of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. Privacy topics for residents from outside of the United States is handled by LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
The LinkedIn Corp. is a signatory to the EU-US Privacy Shield. The Privacy Shield is designed to allow US companies to process data of data subjects in the EU while guarantee an appropriate level of safeguards. The Privacy Shield is thus an appropriate guarantee to ensure data protection in the USA. US companies’ participation in the Privacy Shield is voluntary and is a company commitment to privacy. More information can be found on the US Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/Program-Overview .
Every time a subpage is called which has a LinkedIn component (LinkedIn plug-in) integrated, the corresponding application is downloaded from LinkedIn. In the process, data is also transmitted to the operator, including the IP address, and visited websites. More information about the LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins . LinkedIn is therefore aware of which subpage of our website you visited.
If you’re logged in to LinkedIn at the same time, LinkedIn recognizes it and maps it to your account and saves it. The same applies in case you click on a LinkedIn button. If such a transmission to LinkedIn is not wanted, this can be prevented by logging out of the LinkedIn account beforehand.
Experience One uses Twitter components its website.
Twitter is operated by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
Twitter is a signatory to the EU-US Privacy Shield. The Privacy Shield is designed to allow US companies to process data of data subjects in the EU while guarantee an appropriate level of safeguards. The Privacy Shield is thus an appropriate guarantee to ensure data protection in the USA. US companies’ participation in the Privacy Shield is voluntary and is a company commitment to privacy. More information can be found on the US Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/Program-Overview .
Each time a page which contains a twitter component (Twitter button), it is downloaded to the computer. In the process, data is also transmitted to the operator including IP address and visited websites. Further information on the Twitter buttons is available at https://about.twitter.com/en/resources/buttons . As part of this, Twitter receives knowledge about which page was visited. The purpose of using the component is to allow users to share the contents of our website and to make our services more known.
If you are logged in to Twitter at the same time, Twitter recognizes this and assigns the pages you visit to your account. This applies regardless of whether the Twitter button was pressed or not. If such a transmission of this information to Twitter is not wanted, this can be prevented the by logging out of your Twitter account before visiting our site.
The applicable privacy policies of Twitter are available at https://twitter.com/privacy?lang=en .
Experience One uses videos its website that are hosted on the portal Vimeo. The purpose is to better transport content and make it easier to understand while at the same time increasing the website’s performance by avoiding local hosting.
Vimeo is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, (USA).
With Vimeo, a data processing contract was signed to ensure an adequate level of data protection. The contract is based on the standard contractual clauses (model clauses) presented by the EU.
When calling a page on which a video from Vimeo is integrated, the video is downloaded from the server of the operator. In the process, data is also transmitted to the operator, including the IP address, and visited website. When you visit our page and you are logged in to Vimeo, Vimeo recognizes this and assigns the information to your account. If such transmission is unwanted, log out of your Vimeo account before visiting our website.
In addition, Vimeo calls the tracker Google Analytics via an iframe, in which the video is called. This is a separate tracking of Vimeo, to which we have no access.
These liability provisions and information form part of the website to which reference has been made on this page. Should parts or individual phrasing in this text not, no longer or not entirely comply with the current legal situation, the remaining portions of the document remain unaffected in terms of their content and validity.