Privacy Policy
GDPR-COMPLIANT
As of November 2025
Data Protection
1. Name and address of the controller
The controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:
PULSETRAIN GmbH
Represented by the managing directors: Thomas Plaschko, Niclas Lehnert, Leopold König
Taunusstr. 31-37
80807 Munich
Germany
Munich - HRB 299481
VAT ID: DE366629734
Tel.: +49 89 54192511
E-Mail: info@pulsetrain.com
Website: pulsetrain.com
2. Name and address of the data protection officer
The data protection officer of the controller is:
Dr. Marija Stambolieva
LM AG
Rheiner Landstr. 189
49078 Osnabrück
Germany
E-Mail: privacy@pulsetrain.com
3. General information on data processing
3.1 Scope of processing personal data
We collect and use personal data from our users only to the extent necessary to provide a functional website and our content and services. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
3.2 Legal basis for the processing of personal data
The collection and use of our users' personal data is generally only carried out with the user's consent. An exception applies in cases where the processing of data is permitted by legal regulations. Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 (1) lit. c GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) lit. d GDPR serves as the legal basis. If the processing of personal data is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
3.3 Data deletion and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose for its storage no longer applies. Storage may also take place if this has been provided for by European or national legislators in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
3.4 Transfer of data to external third parties
We only transfer personal data to third parties if this is necessary for the fulfilment of a contract (in accordance with Art. 6 (1) (b) GDPR), if we are legally obliged to do so (Art. 6 (1) (c) GDPR), if we have a legitimate interest in the transfer in accordance with Art. 6 (1) (f) GDPR, or if you have given your consent in accordance with Art. 6 (1) (a) GDPR.
When using processors, we only disclose personal data on the basis of a valid contract for processing. In the case of joint processing, a contract for joint processing is concluded.
3.5 Data transfer to third countries
Please note that data processing in third countries outside the EU does not generally offer a level of protection equivalent to that provided by European data protection law. Personal data will only be transferred to third countries (outside the EU/EEA) if an adequate level of data protection is guaranteed. This is the case if an adequacy decision has been issued by the EU Commission (Art. 45 GDPR) or if the processing is based on appropriate safeguards, in particular through the conclusion of the standard data protection clauses specified by the EU Commission (Art. 46 GDPR).
4. Technical and organisational measures (TOMs)
Appropriate technical and organisational measures (TOMs) in accordance with Art. 32 GDPR have been taken to ensure a level of protection for your personal data that is appropriate to the risk. These include in particular:
• Access controls: Restriction of access to personal data to authorised persons.
• Encryption: We use SSL or TLS encryption to protect your confidential data when you send it to us as the website operator. You can recognise an encrypted connection by the address line of your browser changing from "http://" to "https://" and by a lock symbol in your browser line. However, it is important to note that data transmission over the Internet can have security gaps, which means that complete protection against access by third parties cannot be guaranteed. Nevertheless, we have taken appropriate technical and organisational measures to ensure the confidentiality, integrity and availability of your data.
• Pseudonymisation and anonymisation: Where possible, data is processed in a pseudonymised or anonymised form.
• Data backup: Regular backups and recovery mechanisms.
• Monitoring and logging: Monitoring of systems to detect and defend against security incidents.
• Training and awareness: Regular data protection and IT security training for employees.
5. Provision of the website and creation of log files
5.1 Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer on a temporary basis.
The following data is collected:
• Information about the browser type and version used
• The user's IP address
• Date and time of access
The data is also stored in our system's log files. This does not affect the user's IP addresses or other data that enables the data to be assigned to a user. We do not store this data.
5.2 Legal basis for data processing
The legal basis for the temporary storage of data is Art. 6 (1) lit. f GDPR.
5.3 Purpose of data processing
The temporary storage of the IP address by the system is necessary in order to deliver the corresponding website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. This purpose also constitutes our legitimate interest in data processing pursuant to Art. 6(1)(f) GDPR.
5.4 Storage period
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of data collection for the purpose of providing the corresponding website, this is the case when the respective session has ended.
5.5 Right to object and right to erasure
The collection and storage of data for the purpose of providing the corresponding website is essential for the operation of the website. Consequently, there is no right to object on the part of the user.
6. Use of cookies
We use cookies on our website. Our website only uses cookies that are technically necessary. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is visited again. These cookies are necessary for the site to function properly and are set automatically as soon as you use our website. Consent is not required for this.
7. Contacting us
7.1 Description and scope of data processing
When you contact us (e.g. via the email address provided, telephone, video conferencing service or contact form), the personal data you provide will be stored. For information on contacting us via social networks, see section 10, "Company pages on social networks". The following data is processed:
• Contact via email: Data such as first and last name, email address, timestamp for sending and receiving
• Contact via telephone: Data such as telephone number, date and time of the call
• Contact via the contact form: Data such as first and last name, email address, message, timestamp for sending and receiving
• Contact via Microsoft Bookings: Data such as first and last name, email address, telephone number, date and time of the entry and the desired appointment
• Contact via the video conferencing service (Microsoft Teams):
• User and communication data such as names, display name, email address, preferred language, profile picture,
• Conference metadata such as date, time, location, meeting ID, duration of conference, start and end of conference participation, number of participants,
• Content data such as text entries via a chat function, cloud recordings, instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information.
The data will be used exclusively for processing the conversation. The data you send us will be processed in our CRM system. In this context, the data will not be passed on to third parties without your consent.
We use Microsoft Teams for telephony and video conferencing and Microsoft Bookings as our contact form, services provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft Copilot, an AI-powered assistant from Microsoft Corporation that provides functions such as automatic minutes creation, summaries or suggestions for follow-up tasks, may also be used in the context of these video conferences. It cannot be ruled out that Microsoft may transfer your personal data to third countries outside the European Union, in particular to the USA. The transfer of data to the USA is carried out in accordance with Art. 45 GDPR in conjunction with the adequacy decision C(2023) 4745 of the European Commission, as these data recipients have committed themselves to complying with the principles of the Data Privacy Framework (DPF).
7.2 Legal basis for data processing
This data is processed on the basis of Art. 6(1)(b) GDPR, provided that your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of enquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if this has been requested. The legal basis for possible data processing in third countries when using Microsoft Teams, Microsoft Bookings and Microsoft Copilot is your consent in accordance with Art. 6(1)(a) in conjunction with Art. 49(1)(a) GDPR.
7.3 Purpose of data processing
The purposes for processing your personal data arise from the respective context of communication or cooperation. Further information on the purpose and scope of data collection and its processing, as well as further information on your rights in this regard and settings options for protecting your privacy, can be found in Microsoft's privacy policy: https://privacy.microsoft.com/de-de/privacystatement.
7.4 Storage period
Your personal data will only be processed and stored until the respective purpose has been fulfilled or you revoke your consent to storage, and will then be deleted, unless longer storage is required due to legal provisions and retention periods or for the exercise or defence of legal claims.
7.5 Right to object and right to erasure
The user may revoke their consent to the processing of their personal data at any time. If the data processing is based on a legal basis other than consent, the user may object to the storage of their personal data at any time. To exercise this right, please contact us informally (see legal notice for contact details). Please note that if the recordings of the virtual conferences are published, it will not always be possible to remove your data. If you do not consent to any image or sound recordings, please let us know in advance. In the case of a group chat, you can manage your participation directly in Microsoft Teams: https://support.microsoft.com/de-de/office/verlassen-oder-entfernen-einer-person-aus-einem-gruppenchat-in-microsoft-teams-7db55a67-0ba4-4409-a399-5ed502a1d094.
8. Application process
8.1 Description and scope of data processing
When you apply for a job, we process the personal data that you provide to us. This includes, for example, contact details, date of birth, gender, marital status, professional background, qualifications and position-related application data. When using electronic means, such as email and application portals such as LinkedIn and StepStone, additional technical data such as IP address, date and time of application, browser information and operating system data may also be collected.
For job advertisements, we use the online application portals provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter "LinkedIn") and The Stepstone Group Deutschland GmbH, Völklinger Straße 1, 40219 Düsseldorf (hereinafter "StepStone"). Further information can be found in the privacy policies of LinkedIn and Stepstone: https://de.linkedin.com/legal/privacy-policy?trk=content_footer-privacy-policy and https://www.stepstone.de/e-recruiting/rechtliches/datenschutzerklarung/?_gl=1*bj9scz*_gcl_au*MTU1Mzk2ODY0NC4xNzUzMTYyNzMw
8.2 Legal basis for data processing
Your data is processed on the basis of Art. 6(1)(b) GDPR in conjunction with Section 26(1) sentence 1 BDSG for the purpose of reviewing your application and conducting the application process and – if you have given your consent – Art. 6(1)(a) GDPR. In the case of special categories of personal data, processing is also carried out on the basis of your consent in accordance with Art. 9(2)(a) GDPR.
8.3 Purpose of data processing
Data processing serves to review your application, plan and carry out the application process and, if applicable, establish an employment relationship. Disclosure to third parties is only permitted if it is related to this purpose or if the applicant has expressly given their consent.
8.4 Storage period
Your personal data will be deleted no later than six months after completion of the application process, unless longer storage is required by law or necessary for the defence of legal claims, or you have expressly consented to longer storage. If we are currently unable to offer you a suitable position, we reserve the right to consider your application for future positions. With your consent in accordance with Art. 6 (1) (a) GDPR, we will store your data for up to two years in order to contact you again within this period.
8.5 Right to object and right to erasure
You may revoke your consent with future effect and without stating reasons by informing us of your revocation at career@pulsetrain.com. In the event of revocation, we will delete your personal data immediately. The legality of the data processing carried out up to the point of revocation remains unaffected by the revocation. Mandatory statutory retention periods remain unaffected.
9. Company pages on social networks
9.1 Description and scope of data processing
In addition to our website, we operate publicly accessible company pages on the following social networks:
LinkedIn, the responsible body is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
• https://www.linkedin.com/company/pulsetrain
YouTube, responsible body is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
• https://www.youtube.com/@PULSETRAINgmbh2024
We use the technical platform and services of the respective provider for our presence on the aforementioned social networks. We are responsible for the content of our company pages. Even if there is joint responsibility for this data processing in accordance with Art. 26 GDPR, these social networks remain the contractual partners and contact persons for users in matters of data protection law. The social networks provide us with summarised, anonymised statistics that we cannot trace back to individual persons.
9.2 Storage period
The data we collect via social media will be deleted when the purpose of processing no longer applies, you withdraw your consent or object to data processing. Statutory retention periods remain unaffected. We have no influence on the storage period of data collected by the social networks themselves. Please refer to the privacy policies of the respective networks:
• LinkedIn: https://de.linkedin.com/legal/privacy–policy
• YouTube: https://policies.google.com/privacy
9.3 Right to object and right to erasure
To exercise your rights as a data subject, you can contact us or the social network provider directly. If you have specific enquiries about the processing of your interactions on our company page, please contact us using the contact details provided.
10. Customer and supplier data
10.1 Description and scope of data processing
Within the framework of a business relationship with you, we process your personal data, which may be stored in our internal CRM system. The contact details provided, such as title, surname, first name, address, email address, telephone number and the data required for the respective service provision and invoicing, are processed.
Your personal data will be passed on to those departments (e.g. financial accounting) that require the data for the purposes listed below. In addition, we may, to the extent permitted by law, transfer your data to public authorities or institutions (e.g. financial and law enforcement authorities, courts) for the aforementioned purposes.
10.2 Legal basis for data processing
Data processing is primarily carried out for the purpose of fulfilling a contract or implementing pre-contractual measures in accordance with Art. 6(1)(b) GDPR. In addition, it is based, to the extent legally permissible, on our legal obligations pursuant to Art. 6 (1) (c) GDPR and on our legitimate interests pursuant to Art. 6 (1) (f) GDPR. If you provide us with data that goes beyond the purpose, we will process your data on the basis of your consent pursuant to Art. 6 (1) (a) GDPR.
10.3 Purpose of data processing
Your personal data is processed for communication and coordination (including online meetings), for the preparation, implementation and execution of contracts (including the processing of product enquiries, delivery and billing), for compliance with legal requirements (including tax and accounting retention obligations), for internal administrative activities (e.g. financial accounting), to assert or defend legal claims (including court and administrative proceedings) and for other necessary measures within the scope of the business relationship.
10.4 Storage period
Customer and supplier data will be deleted if the purpose for its storage no longer exists (e.g. end of the business relationship), if the customer or supplier revokes their consent to storage, lodges an objection or if this is necessary to fulfil a legal obligation. Mandatory statutory retention periods remain unaffected.
10.5 Right to object and right to erasure
To exercise your rights as a data subject, please contact us informally (see legal notice for contact details).
11. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
11.1 Right to information
You may request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you may request the following information from the controller:
1. the purposes for which the personal data is being processed;
2. the categories of personal data being processed;
3. the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
4. the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
5. the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
6. the existence of a right to lodge a complaint with a supervisory authority;
7. all available information on the origin of the data if the personal data is not collected from the data subject;
8. the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information about whether personal data concerning you is being transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
11.2 Right to rectification
You have the right to obtain from the controller the rectification and/or completion of your personal data if the processed personal data concerning you is inaccurate or incomplete. The controller shall carry out the rectification without delay.
11.3 Right to restriction of processing
You may request the restriction of the processing of personal data concerning you under the following conditions:
1. if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
2. if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
3. the controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims; or
4. you have objected to processing pursuant to Article 21(1) of the GDPR and it is not yet clear whether the legitimate grounds of the controller override your grounds.
If the processing of personal data concerning you has been restricted, such data may – apart from its storage – only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
11.4 Right to erasure
a) Obligation to erase
You may request that the controller erase personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay if one of the following reasons applies:
1. The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
2. You withdraw your consent on which the processing was based in accordance with Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing.
3. You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
4. The personal data concerning you has been processed unlawfully.
5. The erasure of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
6. The personal data concerning you has been collected in relation to the offer of information society services pursuant to Art. 8(1) GDPR.
b) Information to third parties
If the controller has made the personal data concerning you public and is obliged to erase it in accordance with Article 17(1) of the GDPR, it shall take reasonable steps, including technical measures, taking into account the available technology and implementation costs, to inform controllers who process the personal data that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.
c) Exceptions
The right to erasure does not apply if processing is necessary
1. to exercise the right of freedom of expression and information;
2. to comply with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
3. for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of such processing, or for the establishment, exercise or defence of legal claims.
11.5 Right to information
If you have asserted your right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed by the controller about these recipients.
11.6 Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that
1. the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, and
2. the processing is carried out using automated means.
In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, where technically feasible. This must not adversely affect the freedoms and rights of other persons. The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
11.7 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. The controller shall no longer process the personal data concerning you unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. In connection with the use of information society services, you have the option, irrespective of Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.
11.8 Right to revoke your declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent prior to revocation.
11.9 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.
1. Name and address of the controller
The controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:
PULSETRAIN GmbH
Represented by the managing directors: Thomas Plaschko, Niclas Lehnert, Leopold König
Taunusstr. 31-37
80807 Munich
Germany
Munich - HRB 299481
VAT ID: DE366629734
Tel.: +49 89 54192511
E-Mail: info@pulsetrain.com
Website: pulsetrain.com
2. Name and address of the data protection officer
The data protection officer of the controller is:
Dr. Marija Stambolieva
LM AG
Rheiner Landstr. 189
49078 Osnabrück
Germany
E-Mail: privacy@pulsetrain.com
3. General information on data processing
3.1 Scope of processing personal data
We collect and use personal data from our users only to the extent necessary to provide a functional website and our content and services. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
3.2 Legal basis for the processing of personal data
The collection and use of our users' personal data is generally only carried out with the user's consent. An exception applies in cases where the processing of data is permitted by legal regulations. Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 (1) lit. c GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) lit. d GDPR serves as the legal basis. If the processing of personal data is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
3.3 Data deletion and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose for its storage no longer applies. Storage may also take place if this has been provided for by European or national legislators in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
3.4 Transfer of data to external third parties
We only transfer personal data to third parties if this is necessary for the fulfilment of a contract (in accordance with Art. 6 (1) (b) GDPR), if we are legally obliged to do so (Art. 6 (1) (c) GDPR), if we have a legitimate interest in the transfer in accordance with Art. 6 (1) (f) GDPR, or if you have given your consent in accordance with Art. 6 (1) (a) GDPR.
When using processors, we only disclose personal data on the basis of a valid contract for processing. In the case of joint processing, a contract for joint processing is concluded.
3.5 Data transfer to third countries
Please note that data processing in third countries outside the EU does not generally offer a level of protection equivalent to that provided by European data protection law. Personal data will only be transferred to third countries (outside the EU/EEA) if an adequate level of data protection is guaranteed. This is the case if an adequacy decision has been issued by the EU Commission (Art. 45 GDPR) or if the processing is based on appropriate safeguards, in particular through the conclusion of the standard data protection clauses specified by the EU Commission (Art. 46 GDPR).
4. Technical and organisational measures (TOMs)
Appropriate technical and organisational measures (TOMs) in accordance with Art. 32 GDPR have been taken to ensure a level of protection for your personal data that is appropriate to the risk. These include in particular:
• Access controls: Restriction of access to personal data to authorised persons.
• Encryption: We use SSL or TLS encryption to protect your confidential data when you send it to us as the website operator. You can recognise an encrypted connection by the address line of your browser changing from "http://" to "https://" and by a lock symbol in your browser line. However, it is important to note that data transmission over the Internet can have security gaps, which means that complete protection against access by third parties cannot be guaranteed. Nevertheless, we have taken appropriate technical and organisational measures to ensure the confidentiality, integrity and availability of your data.
• Pseudonymisation and anonymisation: Where possible, data is processed in a pseudonymised or anonymised form.
• Data backup: Regular backups and recovery mechanisms.
• Monitoring and logging: Monitoring of systems to detect and defend against security incidents.
• Training and awareness: Regular data protection and IT security training for employees.
5. Provision of the website and creation of log files
5.1 Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer on a temporary basis.
The following data is collected:
• Information about the browser type and version used
• The user's IP address
• Date and time of access
The data is also stored in our system's log files. This does not affect the user's IP addresses or other data that enables the data to be assigned to a user. We do not store this data.
5.2 Legal basis for data processing
The legal basis for the temporary storage of data is Art. 6 (1) lit. f GDPR.
5.3 Purpose of data processing
The temporary storage of the IP address by the system is necessary in order to deliver the corresponding website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. This purpose also constitutes our legitimate interest in data processing pursuant to Art. 6(1)(f) GDPR.
5.4 Storage period
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of data collection for the purpose of providing the corresponding website, this is the case when the respective session has ended.
5.5 Right to object and right to erasure
The collection and storage of data for the purpose of providing the corresponding website is essential for the operation of the website. Consequently, there is no right to object on the part of the user.
6. Use of cookies
We use cookies on our website. Our website only uses cookies that are technically necessary. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is visited again. These cookies are necessary for the site to function properly and are set automatically as soon as you use our website. Consent is not required for this.
7. Contacting us
7.1 Description and scope of data processing
When you contact us (e.g. via the email address provided, telephone, video conferencing service or contact form), the personal data you provide will be stored. For information on contacting us via social networks, see section 10, "Company pages on social networks". The following data is processed:
• Contact via email: Data such as first and last name, email address, timestamp for sending and receiving
• Contact via telephone: Data such as telephone number, date and time of the call
• Contact via the contact form: Data such as first and last name, email address, message, timestamp for sending and receiving
• Contact via Microsoft Bookings: Data such as first and last name, email address, telephone number, date and time of the entry and the desired appointment
• Contact via the video conferencing service (Microsoft Teams):
• User and communication data such as names, display name, email address, preferred language, profile picture,
• Conference metadata such as date, time, location, meeting ID, duration of conference, start and end of conference participation, number of participants,
• Content data such as text entries via a chat function, cloud recordings, instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information.
The data will be used exclusively for processing the conversation. The data you send us will be processed in our CRM system. In this context, the data will not be passed on to third parties without your consent.
We use Microsoft Teams for telephony and video conferencing and Microsoft Bookings as our contact form, services provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft Copilot, an AI-powered assistant from Microsoft Corporation that provides functions such as automatic minutes creation, summaries or suggestions for follow-up tasks, may also be used in the context of these video conferences. It cannot be ruled out that Microsoft may transfer your personal data to third countries outside the European Union, in particular to the USA. The transfer of data to the USA is carried out in accordance with Art. 45 GDPR in conjunction with the adequacy decision C(2023) 4745 of the European Commission, as these data recipients have committed themselves to complying with the principles of the Data Privacy Framework (DPF).
7.2 Legal basis for data processing
This data is processed on the basis of Art. 6(1)(b) GDPR, provided that your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of enquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if this has been requested. The legal basis for possible data processing in third countries when using Microsoft Teams, Microsoft Bookings and Microsoft Copilot is your consent in accordance with Art. 6(1)(a) in conjunction with Art. 49(1)(a) GDPR.
7.3 Purpose of data processing
The purposes for processing your personal data arise from the respective context of communication or cooperation. Further information on the purpose and scope of data collection and its processing, as well as further information on your rights in this regard and settings options for protecting your privacy, can be found in Microsoft's privacy policy: https://privacy.microsoft.com/de-de/privacystatement.
7.4 Storage period
Your personal data will only be processed and stored until the respective purpose has been fulfilled or you revoke your consent to storage, and will then be deleted, unless longer storage is required due to legal provisions and retention periods or for the exercise or defence of legal claims.
7.5 Right to object and right to erasure
The user may revoke their consent to the processing of their personal data at any time. If the data processing is based on a legal basis other than consent, the user may object to the storage of their personal data at any time. To exercise this right, please contact us informally (see legal notice for contact details). Please note that if the recordings of the virtual conferences are published, it will not always be possible to remove your data. If you do not consent to any image or sound recordings, please let us know in advance. In the case of a group chat, you can manage your participation directly in Microsoft Teams: https://support.microsoft.com/de-de/office/verlassen-oder-entfernen-einer-person-aus-einem-gruppenchat-in-microsoft-teams-7db55a67-0ba4-4409-a399-5ed502a1d094.
8. Application process
8.1 Description and scope of data processing
When you apply for a job, we process the personal data that you provide to us. This includes, for example, contact details, date of birth, gender, marital status, professional background, qualifications and position-related application data. When using electronic means, such as email and application portals such as LinkedIn and StepStone, additional technical data such as IP address, date and time of application, browser information and operating system data may also be collected.
For job advertisements, we use the online application portals provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter "LinkedIn") and The Stepstone Group Deutschland GmbH, Völklinger Straße 1, 40219 Düsseldorf (hereinafter "StepStone"). Further information can be found in the privacy policies of LinkedIn and Stepstone: https://de.linkedin.com/legal/privacy-policy?trk=content_footer-privacy-policy and https://www.stepstone.de/e-recruiting/rechtliches/datenschutzerklarung/?_gl=1*bj9scz*_gcl_au*MTU1Mzk2ODY0NC4xNzUzMTYyNzMw
8.2 Legal basis for data processing
Your data is processed on the basis of Art. 6(1)(b) GDPR in conjunction with Section 26(1) sentence 1 BDSG for the purpose of reviewing your application and conducting the application process and – if you have given your consent – Art. 6(1)(a) GDPR. In the case of special categories of personal data, processing is also carried out on the basis of your consent in accordance with Art. 9(2)(a) GDPR.
8.3 Purpose of data processing
Data processing serves to review your application, plan and carry out the application process and, if applicable, establish an employment relationship. Disclosure to third parties is only permitted if it is related to this purpose or if the applicant has expressly given their consent.
8.4 Storage period
Your personal data will be deleted no later than six months after completion of the application process, unless longer storage is required by law or necessary for the defence of legal claims, or you have expressly consented to longer storage. If we are currently unable to offer you a suitable position, we reserve the right to consider your application for future positions. With your consent in accordance with Art. 6 (1) (a) GDPR, we will store your data for up to two years in order to contact you again within this period.
8.5 Right to object and right to erasure
You may revoke your consent with future effect and without stating reasons by informing us of your revocation at career@pulsetrain.com. In the event of revocation, we will delete your personal data immediately. The legality of the data processing carried out up to the point of revocation remains unaffected by the revocation. Mandatory statutory retention periods remain unaffected.
9. Company pages on social networks
9.1 Description and scope of data processing
In addition to our website, we operate publicly accessible company pages on the following social networks:
LinkedIn, the responsible body is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
• https://www.linkedin.com/company/pulsetrain
YouTube, responsible body is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
• https://www.youtube.com/@PULSETRAINgmbh2024
We use the technical platform and services of the respective provider for our presence on the aforementioned social networks. We are responsible for the content of our company pages. Even if there is joint responsibility for this data processing in accordance with Art. 26 GDPR, these social networks remain the contractual partners and contact persons for users in matters of data protection law. The social networks provide us with summarised, anonymised statistics that we cannot trace back to individual persons.
9.2 Storage period
The data we collect via social media will be deleted when the purpose of processing no longer applies, you withdraw your consent or object to data processing. Statutory retention periods remain unaffected. We have no influence on the storage period of data collected by the social networks themselves. Please refer to the privacy policies of the respective networks:
• LinkedIn: https://de.linkedin.com/legal/privacy–policy
• YouTube: https://policies.google.com/privacy
9.3 Right to object and right to erasure
To exercise your rights as a data subject, you can contact us or the social network provider directly. If you have specific enquiries about the processing of your interactions on our company page, please contact us using the contact details provided.
10. Customer and supplier data
10.1 Description and scope of data processing
Within the framework of a business relationship with you, we process your personal data, which may be stored in our internal CRM system. The contact details provided, such as title, surname, first name, address, email address, telephone number and the data required for the respective service provision and invoicing, are processed.
Your personal data will be passed on to those departments (e.g. financial accounting) that require the data for the purposes listed below. In addition, we may, to the extent permitted by law, transfer your data to public authorities or institutions (e.g. financial and law enforcement authorities, courts) for the aforementioned purposes.
10.2 Legal basis for data processing
Data processing is primarily carried out for the purpose of fulfilling a contract or implementing pre-contractual measures in accordance with Art. 6(1)(b) GDPR. In addition, it is based, to the extent legally permissible, on our legal obligations pursuant to Art. 6 (1) (c) GDPR and on our legitimate interests pursuant to Art. 6 (1) (f) GDPR. If you provide us with data that goes beyond the purpose, we will process your data on the basis of your consent pursuant to Art. 6 (1) (a) GDPR.
10.3 Purpose of data processing
Your personal data is processed for communication and coordination (including online meetings), for the preparation, implementation and execution of contracts (including the processing of product enquiries, delivery and billing), for compliance with legal requirements (including tax and accounting retention obligations), for internal administrative activities (e.g. financial accounting), to assert or defend legal claims (including court and administrative proceedings) and for other necessary measures within the scope of the business relationship.
10.4 Storage period
Customer and supplier data will be deleted if the purpose for its storage no longer exists (e.g. end of the business relationship), if the customer or supplier revokes their consent to storage, lodges an objection or if this is necessary to fulfil a legal obligation. Mandatory statutory retention periods remain unaffected.
10.5 Right to object and right to erasure
To exercise your rights as a data subject, please contact us informally (see legal notice for contact details).
11. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
11.1 Right to information
You may request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you may request the following information from the controller:
1. the purposes for which the personal data is being processed;
2. the categories of personal data being processed;
3. the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
4. the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
5. the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
6. the existence of a right to lodge a complaint with a supervisory authority;
7. all available information on the origin of the data if the personal data is not collected from the data subject;
8. the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information about whether personal data concerning you is being transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
11.2 Right to rectification
You have the right to obtain from the controller the rectification and/or completion of your personal data if the processed personal data concerning you is inaccurate or incomplete. The controller shall carry out the rectification without delay.
11.3 Right to restriction of processing
You may request the restriction of the processing of personal data concerning you under the following conditions:
1. if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
2. if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
3. the controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims; or
4. you have objected to processing pursuant to Article 21(1) of the GDPR and it is not yet clear whether the legitimate grounds of the controller override your grounds.
If the processing of personal data concerning you has been restricted, such data may – apart from its storage – only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
11.4 Right to erasure
a) Obligation to erase
You may request that the controller erase personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay if one of the following reasons applies:
1. The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
2. You withdraw your consent on which the processing was based in accordance with Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing.
3. You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
4. The personal data concerning you has been processed unlawfully.
5. The erasure of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
6. The personal data concerning you has been collected in relation to the offer of information society services pursuant to Art. 8(1) GDPR.
b) Information to third parties
If the controller has made the personal data concerning you public and is obliged to erase it in accordance with Article 17(1) of the GDPR, it shall take reasonable steps, including technical measures, taking into account the available technology and implementation costs, to inform controllers who process the personal data that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.
c) Exceptions
The right to erasure does not apply if processing is necessary
1. to exercise the right of freedom of expression and information;
2. to comply with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
3. for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of such processing, or for the establishment, exercise or defence of legal claims.
11.5 Right to information
If you have asserted your right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed by the controller about these recipients.
11.6 Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that
1. the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, and
2. the processing is carried out using automated means.
In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, where technically feasible. This must not adversely affect the freedoms and rights of other persons. The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
11.7 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. The controller shall no longer process the personal data concerning you unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. In connection with the use of information society services, you have the option, irrespective of Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.
11.8 Right to revoke your declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent prior to revocation.
11.9 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.