Data protection
As the operator of this website, we take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection notice.
When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This data protection notice explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.
1. General informations
1.1 Provider and responsible body within the meaning of the Data Protection Act
Orange Hive GmbH
Lilistr. 83B
63067 Offenbach am Main
phone: +49 69 15 04 66 010
e-mail: hello(at)orangehive.de
General enquiries about data privacy, such as the enforcement of data subject rights, as well as confidential data privacy enquiries can be directed to our data privacy officer by telephone, post or e-mail:
Ronald Baranowski
SIX DATENSCHUTZ GmbH
Kasseler Str. 30
D - 61118 Bad Vilbel
phone: +49 6101 982 9422
e-mail: rb(at)six-datenschutz.de
1.2 scope of application
This data protection notice applies to the following offers:
- our online offering, available in particular at www.orangehive.de,
- whenever reference is made to this privacy policy from one of our offerings (e.g. websites, subdomains, mobile applications, web services or integrations into third-party sites), regardless of how you access or use it.
All of these offers are also collectively referred to as "services".
1.3 Integration of services and content of third parties
Our website sometimes includes content and services from other providers. In order for this data to be called up and displayed in the user's browser, the transmission of the IP address is absolutely necessary. The providers (hereinafter referred to as "third-party providers") therefore perceive the IP address of the respective user.
Even if we endeavour to only use third-party providers who only need the IP address to be able to deliver content, we have no influence on whether the IP address may be stored. In this case, this process is used for statistical purposes, among other things. If we are aware that the IP address is stored, we will inform our users accordingly.
1.4 Transfer of personal data to third countries
If we transfer data to third countries, i.e. countries outside the European Union, the transfer will only take place in compliance with the legally regulated authorisation requirements.
If the transfer of data to a third country does not serve to fulfil our contract with you, we do not have your consent, the transfer is not necessary for the assertion, exercise or defence of legal claims and no other exception under Art. 49 GDPR applies, we will only transfer your data to a third country if there is an adequacy decision under Art. 45 GDPR or suitable guarantees under Art. 46 GDPR.
An adequate level of data protection in the USA was last declared by the adequacy decision "Data Privacy Framework (DPF)" adopted in July 2023. US companies must be certified in order to be listed in it. The adequacy decision can be found here: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en
We have agreed so-called EU standard data protection clauses with the providers in third countries and, in some cases, data processing on servers in Germany and the EU. Timely deletion of data reduces the risk of unauthorised access.
Alternatively or additionally, by concluding the EU standard data protection clauses issued by the European Commission with the receiving organisation, suitable guarantees pursuant to Art. 46 (2) c) GDPR and an adequate level of data protection are created. Copies of the EU standard data protection clauses are available on the European Commission's website, available here.
1.5 Transfer to third parties
Your data will not be transferred to unauthorised third parties. Where external service providers receive your personal data, we have ensured that they implement appropriate technical and organisational measures and that they comply with the applicable data protection regulations and laws.
1.6 Data minimisation
In accordance with the principles of data avoidance and data minimisation, we only store personal data for as long as is necessary or prescribed by law (statutory retention period). If the purpose of the data collected ceases to apply or the storage period ends, we block or delete the data.
2. Processing in detail
Below we inform you for what purpose, in what way and to what extent your personal data may be processed when you visit our website.
2.1 Collection of personal data when visiting our website
If you use the website purely for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis for this is Art. 6 para. 1 lit. f) GDPR, legitimate interest):
- IP address
- host name
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request originates (referrer)
- The specific pages of our website that you have accessed
- Browser: Type, version and set language
- Operating system: type and version
If JavaScript is activated, also:
- Screen resolution
- Colour depth
- Size of the browser window
- Installed browser plugins
2.2 Cookies
This website uses so-called cookies. These are text files that are stored on your computer by the server. They may contain information about your browser, IP address, operating system and Internet connection. We do not pass this data on to third parties or link it to personal data without your consent.
Cookies fulfil two main tasks. They help us to make it easier for you to navigate through our website and enable the website to be displayed correctly. They are not used to introduce viruses or start programmes.
Users have the option of accessing our website without cookies. To do this, the corresponding settings must be changed in the browser. Please use the help function of your browser to find out how to deactivate cookies. However, we would like to point out that this may impair some of the functions of this website and limit the ease of use.
The websites www.aboutads.info/choices/ (USA) and www.youronlinechoices.com/uk/your-ad-choices/ (Europe) allow you to manage the display of interest-based advertising.
2.3 Essential cookies
Essential cookies do not require your consent and are processed by us in accordance with Art. 6 para. 1 lit. f) GDPR. Our legitimate interest here is the smooth and optimal use and presentation of our website.
2.4 Cookie consent / Required consent to the use of services by third-party providers
We obtain your consent for the services used on our website that are not absolutely necessary for technical reasons. We will document your consent in accordance with applicable data protection regulations and laws.
When you visit our website, a cookie is stored in your browser in which the consents you have given or the revocation of these consents are documented.
The legal basis for this data processing is Art. 6 para. 1 lit. c) GDPR - legal obligation, which consists in the fact that consent must be obtained for technically unnecessary cookies before they are used in accordance with the ECJ ruling of 1 October 2019, AZ C-673/17.
The data collected will be stored until you ask us to delete it or delete the cookie yourself or until the purpose for data storage no longer applies. Mandatory statutory retention periods remain unaffected.
2.5 Contact
On our website, we offer you the option of contacting us via the online form or by e-mail. In this case, the information you provide will be stored for the purpose of processing the contact. The disclosure of your data is completely voluntary.
The processing of the data transmitted by you takes place exclusively on the basis of your consent (Art. 6 para. 1 lit. a) GDPR) or if you wish to conclude a contract with us or have questions about this (Art. 6 para. 1 lit. b) GDPR). You can withdraw your consent at any time. All you need to do is sending an informal email. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
Data is not passed on to unauthorised third parties. The data collected in this way is also not compared with data that may be collected by other components of our website. The services offered can - as far as technically possible and reasonable - also be used without providing this data or by providing anonymised data or a pseudonym.
Your data will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your enquiry has been processed). Mandatory statutory provisions - in particular retention periods - remain unaffected.
2.6 etracker
We use services from etracker GmbH (Erste Brunnenstraße 1, 20459 Hamburg, Germany, hereinafter: "etracker") to analyze usage data. etracker initially receives the information transmitted by your browser. No data is transmitted that enables the user to be identified. The purpose is the statistical analysis of the use of this website by its visitors and the display of usage-related content or advertising. This type of processing is carried out in our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is to optimize our online offering and our website.
ertracker also provides additional functionalities for analysis purposes. For this purpose, a cookie is set for "anonymous recognition" in order to enable further analyses. Since the privacy of our visitors is particularly important to us, the IP address at etracker is anonymized as soon as possible and login or device identifiers at etracker are converted into a unique key that is not assigned to a person. Etracker does not use the data for any other purpose, combine it with other data or pass it on to third parties. This further processing takes place with your consent in accordance with Art. 6 para 1 lit. a) of GDPR. You can revoke your consent at any time in the cookie settings.
The data generated with etracker is processed and stored by etracker on our behalf exclusively in Germany and is therefore subject to the strict German and European data protection laws and standards. In this regard, etracker has been independently tested, certified and awarded the ePrivacyseal data protection seal of approval.
You can find more information on data protection here.
2.7 Google AdSense
This website uses Google AdSense, a service for integrating adverts. The service provider is Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (part of Google Inc., headquartered at 1600 Amphitheatre Parkway in Mountain View, CA 94043, USA).
This service enables us to analyse the use of our website by setting a so-called "cookie". Google AdSense also uses so-called "web beacons" (invisible graphics). The web beacon can be used to analyse information - such as visitor traffic - on these pages.
The information generated by cookies and web beacons about the use of this website (including your IP address) and the delivery of advertising formats is transmitted to a Google server in the USA and stored there.
This information may be passed on by Google to contractual partners of Google. However, Google will not merge your IP address with other data stored by you. The maximum storage period of the different Google AdSense cookies is two years.
The processing is based on your consent in accordance with Art. 6 para. 1 lit. a) GDPR.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
2.8 Google Maps
This website uses the map service Google Maps via an interface. The provider is Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (part of Google Inc., headquartered at 1600 Amphitheatre Parkway in Mountain View, CA 94043, USA).
To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. The processing takes place with your consent in accordance with Art. 6 para. 1 lit. a) GDPR.
You can find more information on the handling of user data in Google's privacy policy: www.google.de/intl/de/policies/privacy/.
Through the embedded use of Google Maps, further services are loaded; we cannot prevent this and we do not actively use these services ourselves.
These services are:
- Google Fonts (used for the standardised display of fonts; technical data (e.g. your IP address) may be forwarded to the service provider to set up the page view and display the fonts in your browser.
2.9 Vimeo
We maintain an online presence on Vimeo. Our website uses Vimeo plugins for the integration and display of video content. The provider of the video portal is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA. Together with Vimeo, we are responsible for the collection of the following data (but not the further processing) of data from visitors to our Vimeo presence.
When a page with an integrated Vimeo plugin is accessed, a connection to the Vimeo servers is established. This tells Vimeo which of our pages you have visited. Vimeo learns your IP address, even if you are not logged in to the video portal or do not have an account there. The information collected by Vimeo is transmitted to the video portal's servers in the USA.
Vimeo can assign your surfing behaviour directly to your personal profile. You can prevent this by logging out beforehand.
The use of Vimeo is in the interest of an appealing presentation of our online offers. The legal basis for this is Art. 6 para. 1 lit. a) GDPR (consent).
We have concluded the EU standard data protection clauses with Vimeo in the controller-to-controller version.
Details on the handling of user data can be found in Vimeo's privacy policy at: https://vimeo.com/privacy.
By using Vimeo, other services are loaded; we cannot prevent this and we do not actively use these services ourselves.
These services are:
- Akamai provides the video content from Vimeo via its servers. The provider is Akamai Technologies GmbH, Parkring 22, 85748 Garching, Germany, with headquarters at 145 Broadway, Cambridge, MA 02142, USA. For this purpose, technical data (e.g. your IP address, browser name, date and time) may be stored as described under 2.12. Further information can be found here: https://www.akamai.com/de/legal/compliance/privacy-trust-center
- Cloudflare is a service provided by Cloudflare Inc. (101 Townsend St., San Francisco, CA 94107, USA; address in Germany: Cloudflare Germany GmbH, Rosental 7, 80331 Munich, Germany). This service is used to increase security and performance. Your IP address, log file data (date, time) and system configuration information are stored for this purpose. The storage period is max. 1 day. You can find more information about this service here: https://www.cloudflare.com/privacypolicy/
2.10 Social Media
We maintain publicly accessible profiles in the social networks to which we provide links on our website. The controller is therefore responsible for the respective presence in the respective social network.
As a rule, social networks comprehensively analyse your user behaviour when you visit their websites. Visiting social media sites therefore triggers numerous data protection-relevant processing operations over which we have no influence.
If you are logged into your social media account and visit a social media presence, the operator of the social network can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social network. In this case, this data is collected, for example, via cookies that are stored on your end device or by recording your IP address.
With the help of the data collected in this way, the operators of the social networks can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you within and outside the respective social networks. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or have been logged in.
Please also note that we cannot track all of the social networks' processing operations. Depending on the provider, further processing operations may therefore be carried out. For details, please refer to the terms of use and privacy policy of the respective social network (see below).
Social networks in detail:
The operating company of the Instagram services is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.
The data collected is also transferred to the USA and other third countries and stored on servers in the USA or other third countries. We have concluded an agreement with Meta on joint responsibility (Controller Addendum). This agreement specifies which data processing operations we or Meta are responsible for when you visit the Instagram page. You can view this agreement at the following link:
www.facebook.com/legal/terms/page_controller_addendum
You can customise your advertising settings yourself in your user account. To do this, click on the following link and log in:
https://help.instagram.com/131112217071354
Details can be found in Instagram's privacy policy:
https://about.instagram.com/de-de/safety
Further information and Instagram's applicable privacy policy can be found at help.instagram.com/155833707900388 and www.instagram.com/about/legal/privacy/.
We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland ("Facebook").
According to Facebook, the data collected is also transmitted to the USA and other third countries and stored on Facebook servers in the USA or other third countries. We have concluded an agreement with Facebook on joint processing (Controller Addendum). This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link:
www.facebook.com/legal/terms/page_controller_addendum
You can customise your advertising settings yourself in your user account. To do this, click on the following link and log in:
Details can be found in Facebook's privacy policy:
www.facebook.com/about/privacy/
The platform is provided by LinkedIn Corporation (LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2 Ireland). LinkedIn is solely responsible for the processing of personal data when you visit our LinkedIn profile. We have entered into an agreement with LinkedIn on processing as joint controllers, which sets out the distribution of data protection obligations between us and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages‐joint‐controller‐addendum.
Please note that in accordance with the LinkedIn data protection policy, personal data is also processed by LinkedIn in the USA or other third countries. LinkedIn states that it only transfers personal data to countries for which there is an adequacy decision by the European Commission in accordance with Art. 45 GDPR or on the basis of appropriate guarantees in accordance with Art. 46 GDPR. Further information on the processing of personal data by LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy
Behance
Our website contains a link to the Behance service, which in turn sets cookies when you visit the corresponding site. Behance is operated by Adobe Systems Software Ireland Limited, 4-6 Riverwalk, City West Business Campus, Saggart, Dublin 24, Ireland. The online platform "Behance" is used by creative professionals to present their work, while also offering the opportunity to see the creative works of others in the creative industry. The platform is operated by the Behance offices in New York, NY, and is hosted exclusively in the USA. Behance can be accessed directly via www.behance.net or by Adobe Creative Cloud subscribers ("Creative Cloud") from various locations within the Creative Cloud.
Behance is a wholly owned subsidiary of Adobe Systems Incorporated. Any information you provide to Behance may be transferred to other companies within the Adobe group of companies. If you are logged into your Behance account while on our website, information about your page visits may be stored by Behance. If the data subject does not want this information to be transmitted in this way, they can prevent it from being transmitted by logging out of their Behance account before accessing our website. Detailed information on Adobe's data protection can be found at: https://www.adobe.com/privacy/policy.html
We have entered into a Data Processing Agreement for Cloud Services with Behance.
2.11 Data privacy for applications and in the application process
The controller collects and processes the personal data of applicants for the purpose of processing the application process and deciding on the establishment of an employment relationship. This is and is carried out on the basis of Art. 88 para. 1 GDPR in conjunction with (in connection with) Section 26 of the Federal Data Protection Act (BDSG) and Art. 6 para. 1 lit. b) GDPR - pre-contractual measures. Processing can also take place electronically. This is particularly the case if an applicant sends corresponding application documents to the controller electronically, for example by email or via a web form on the website. Your data will only be forwarded to the specialist departments responsible for the application process.
If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions.
We would like to point out that we may also view and use publicly accessible data as part of the application process. This includes for example data that can be found in search engines or that you publish in professional social networks (e.g. Xing, LinkedIn, Stepstone) about yourself. We may also contact you via the professional social networks. This processing is a pre-contractual measure for the preparation and initiation of a contract pursuant to Art. 6 para. 1 lit. b) GDPR. The categories of data processed include data relating to your person, contact details and other data that you make publicly accessible (e.g. photos photos, professional career, etc.). For this purpose, we only process personal data that is related to the planned recruitment.
If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after the rejection decision is announced, provided that there are no contractual, legal or other legitimate interests of the controller that conflict with deletion. Other legitimate interests in this sense include, for example, the burden of proof when defending in proceedings under the General Equal Treatment Act (AGG).
Further information on the processing of your data as part of the application process can be found here.
3. Your rights
Information, blocking, deletion and correction
Within the framework of the applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin and recipient and the purpose of data processing and, if applicable, a right to correction, blocking or deletion of this data. You can contact us or our data protection officer at any time at the address provided in the imprint if you have any questions about this or other questions on the subject of personal data.
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke your consent at any time. All you need to do is send us an informal email. The legality of the data processing carried out up to the time of revocation remains unaffected by the revocation.
Right to object to data collection and direct advertising (Art. 21 GDPR)
If the data processing is carried out on the basis of Art. 6 para. 1 lit. a) or f) GDPR (consent or legitimate interest), you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection notice. If you object, we will no longer process your personal data unless we can demonstrate compelling reasons for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims (objection according to Art. 21 para. 1 GDPR).
If you are a customer of ours, your data may also be used for direct advertising if the topics are the same or similar in connection with the services you have ordered. If your personal data is processed to conduct direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is related to such direct advertising. If you object, your personal data will subsequently no longer be used for the purposes of direct advertising (objection in accordance with Art. 21 para. 2 GDPR).
Right to lodge a complaint with the competent supervisory authority
In the event of violations of the GDPR, those affected have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged violation. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.
The supervisory authority responsible for us is:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Gustav-Stresemann-Ring 1
65189 Wiesbaden
phone: +49 611 14080
e-mail: poststelle(at)datenschutz.hessen.de
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request that the data be transferred directly to another responsible party, this will only be done if this is technically feasible.
Right to restriction of processing
You have the right to request that the processing of your personal data be restricted. You can contact us at any time using the address provided in the imprint. The right to restriction of processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the check, you have the right to request that the processing of your personal data be restricted.
- If the processing of your personal data was/is unlawful, you can request that the data processing be restricted instead of deleted.
- If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of deleted.
- If you have lodged an objection in accordance with Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.
If you have restricted the processing of your personal data, these data may - with the exception of storage - only be processed with your consent or for the establishment, exercise or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
4. Changes to our data privacy information
In order to ensure that our data protection information always complies with the current legal requirements, we reserve the right to make changes at any time. This also applies if the data protection information has to be adjusted due to new or revised services, for example new services. The new data protection information will then take effect the next time you visit our website. This data protection information is dated July 2024.