We appreciate your interest in our company, our products and our services. As the data protection officers, we want you to feel comfortable in your interaction with us and our employees regarding the protection of your personal data. We take the protection of your personal data very seriously. Compliance with German and European data protection regulations is a matter of course for us. As a result, the protection of your personal data has top priority for us. With the following information, we would like to inform you about how we handle your personal data in detail. First of all some information.
All absence.io servers are located in Germany. This means that we have to comply with the data protection regulations of the European Union (EU).
The data protection regulations in the European Union are among the strictest in the world. In addition, Germany itself has one of the strictest legal standards in this area: the Federal Data Protection Act. This law protects users of Internet services. End users are responsible for deciding how their personal data is used: Companies are not allowed to collect personal data (e.g. name, birthday, IP address) without the explicit permission (The so-called commissioned data processing) of the end user. There is no law in Germany that could force us to submit to a gag order or implement a backdoor.
At absence.io, we work hard to ensure that our products and processes comply with the GDPR guidelines. We believe that despite the serious topic, we can also have a bit of fun with it - after all, data security is in everyone's best interest.
For more info and updates, feel free to visit our Help Center (https://absenceio.zendesk.com/hc/de/articles/360004902153-Data-Security-General-Data-Protection-Regulation-GDPR-).
Responsible for the processing of your personal data within the framework of the present contact is:
Phone: +49 (0)89 416143314
The designated data protection officer is:
Dachauer Str. 65
Phone: +49 (0) 89 7400 458 40
a. Your personal data that we process
Within the framework of the customer relationship, we process the following personal data:
Completed within the framework of the contractually agreed service and data processing agreement with the client. This data enables you and the employer to plan your working hours and standardized processes, such as efficient planning of your holidays. Depending on the functions used by the company, all or only parts of the data specified here may be processed for users of the application. The following types/categories of data are the subject of the processing of personal data:
Access and general profile data
b. Purposes of the data processing
Within the framework of an existing customer relationship, your personal data will be processed for the following purposes:
c. Legal basis for data processing
Legal basis for the processing of data within the scope of [purposes of b.] we process on the basis of Art. 6 (1) (1) (a – f) GDPR.
Processing your personal data based on consent
As far as we obtain your consent for the processing of your personal data, the processing of your personal data is based on Art. 6 (1) (1) (a) GDPR in conjunction with Art. 5, 7 GDPR. and Art. 5, 7 GDPR.
Processing for the purpose of performing the contract with you
As far as we process your personal data for the purpose of fulfilling a contract, Article 6 (1) (1) (b) GDPR serves as our legal basis. This also applies to processing operations that are necessary for the implementation of pre- and post-contractual measures.
Processing for compliance with a legal obligation
As far as the processing of your personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 (1) (1) ( c) GDPR serves as the legal basis for us. Our legal obligation to process data results from retention obligations under tax law and/or commercial law.
Processing based on legitimate interest
The legal basis for direct marketing purposes may be Art. 6 (1) (1) (f) GDPR if we have legitimate interests, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail. The legitimate interests pursued by us here - in addition to the purposes listed under b. - include:
The legal basis for processing activities in connection with the assertion, exercise or defense of legal claims is also our legitimate interest pursuant to Art. 6 (1) (1) (f) GDPR.
d. Sources from which your personal data originates
Personal data that we process which has not been collected directly from you:
Personal data we process that we have not collected directly from you comes from the following sources:
While processing your personal data, we may disclose your personal data to the following recipients. We only transfer your personal data to external recipients if you have consented or if this is permitted by law. External recipients of your personal data are in particular:
Processors within the EU:
Subcontractors can be found in the subcontractor list in our commissioned data processing and are available online [https://www.absence.io/subcontractorlist/].
In addition, your personal data may be transferred to the following service providers located in a country outside the EU/EEA:
In the case of processors and service providers outside the EU/EEA, your above-mentioned personal data will only be processed as far as this is the subject of our order processing agreement pursuant to Art. 28 GDPR with these recipients.
Use of Google Analytics
Google Analytics & Opt Out
Google Analytics is the standard solution for website tracking. For operational reasons in marketing and sales, it is difficult for us to part with this tool. Even though, as a German company that pays close attention to data protection and data security, this is a matter close to our hearts. We always look at options and evaluate them according to data protection aspects and use them instead of Google Analytics as soon as possible.
For the time being, we would at least like to inform you about the purpose and extent to which we use Google Analytics. We would also like to point out an opt-out option that prevents us from collecting data from our website and product users via Google Analytics. We would also like to point out that we use google anonymisation to keep us data minimised (https://support.google.com/analytics/answer/2763052?hl=de).
Purpose: Tracking website usage. Such as the duration of the session in the browser and on the subpages to completion by specifying the means of payment in the product.
Data collected: Pseudonymised IP address. Creating an anonymous user ID for tracking. Duration of session on a page. Completion of certain events in the pages on settings for payment methods as well as prices and product offers.
Opt Out: Google offers a browser plugin that blocks all traffic to Google Analytics. This can be found here (https://support.google.com/analytics/answer/181881?hl=en) and installed here (https://chrome.google.com/webstore/detail/google-analytics-opt-out/fllaojicojecljbmefodhfapmkghcbnh?hl=en).
You can prevent the collection and processing of your personal data by Google by preventing third-party cookies from being stored on your computer, by using the Do Not Track function of a supporting browser, by disabling the execution of script code in your browser or by installing a script blocker such as NoScript (https://noscript.net) or Ghostery (https://www.ghostery.com) in your browser.
You can find more information on how to object to and remove Google at: policies.google.com/privacy.
You can also prevent the collection of data generated by the cookie and related to your use of the online presence (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout.
You can deactivate the use of your personal data by Google using the following link: adssettings.google.de.
Deletion requests: According to DSGVO Art. 17, we are obliged to delete all personal data collected and processed on our behalf by processors upon request. Please write a request to our support (firstname.lastname@example.org) and we will take care of it.
1. scope of the processing of personal data
We use Google Analytics (Universal Analytics), Google Analytics Remarketing, Google Ads, Google Tag Manager and Google Shopping (Google Merchant Center), all web analytics services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google).
Google Analytics (Universal Analytics) examines, among other things, the origin of visitors, the time they spend on individual pages and the use of search engines, thus allowing better monitoring of the success of advertising campaigns. Google sets a cookie on your computer. This allows personal data to be stored and analysed, including: - The user's activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and operating system), data about the advertisements displayed (in particular which advertisements were displayed and whether the user clicked on them) and data from advertising partners (in particular pseudonymised user IDs).
We use Google Analytics (Universal Analytics) to analyse your use of our online presence, to compile reports on your activities and to provide other services related to the use of our online presence and the internet.
services associated with the use of our online presence and internet usage.
In addition, we use Google Analytics Remarketing, whereby the data collected and evaluated about you is used to play targeted advertising to you. To use this service from Google, we also merge the data with our Google Ads or Display & Video 360 accounts. Google Ads and Display & Video 360 are also provided by Google.
We have requested the anonymisation of IP addresses, which means that Google shortens your IP address as promptly as technically possible. Only in exceptional cases will your full IP address be transferred to a Google server in the USA and shortened there.
Your personal data will also be transmitted to the servers of Google LLC based in the USA.
For more information on the processing of data by Google, please click here:
2. purpose of data processing
The use of Google Analytics (Universal Analytics) including Google Analytics Remarketing serves us to evaluate the use of our online presence as well as the targeted playout of advertising, to the people who have already expressed an initial interest through their page visit.
Legal basis for the processing of personal data
The legal basis for the processing of the users' personal data is, in principle, the user's consent in accordance with Art. 6 (1) sentence 1 lit. a DSGVO.
The legal basis for the transfer of the users' personal data to a third country is the user's consent in accordance with Art. 49 para. 1 lit. a DSGVO.
4 Duration of storage
5. revocation, objection and removal options
You have the right to revoke your data protection consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
You can prevent the collection as well as the processing of your personal data by Google by preventing third-party cookies from being stored on your computer, by using the Do Not Track function of a supporting browser, by deactivating the execution of script code in your browser or by installing a script blocker such as NoScript (https://noscript.net) or Ghostery (https://www.ghostery.com) in your browser.
You can find more information on how to object to and remove Google at: policies.google.com/privacy.
You can also prevent the collection of data generated by the cookie and related to your use of the online presence (incl. your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout.
You can deactivate the use of your personal data by Google using the following link: adssettings.google.de
In principle, personal data collected and generated during the provision of relevant products and services is stored on our servers in the European Union. Because the providers of our software solutions, among others, offer their products and/or services on a global basis based on available resources and servers, your personal data may be transferred to or accessed from other jurisdictions outside the European Union and the European Economic Area. In particular, personal data will be transferred to the third country USA within the meaning of Art.15 (2) GDPR. In order to ensure the continuation of the necessary level of protection in the event of data transfer to a third country, contractual measures are agreed for this purpose. The software provider has its registered office in the United States of America, which has not been recognized as providing an adequate level of data protection. In order to ensure appropriate guarantees for the protection of the transfer and processing of personal data outside the EU, the transfer of data to and processing of data by our service providers is carried out on the basis of appropriate guarantees pursuant to Art. 46 et seq. GDPR, in particular by concluding so-called standard data protection clauses pursuant to Art. 46 (2) (c ) GDPR.
Your data will be deleted 90 days after the communication has been completed.
We do not store your personal data for longer than is necessary for the purpose for which it was collected. This means that data is destroyed or deleted from our systems as soon as it is no longer needed. We will take reasonable steps to ensure that your personal data is only processed under the following conditions:
A requirement may exist in particular if the data is still needed to fulfil contractual services, to check and grant or ward off warranty and, if applicable, guarantee claims. If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted, unless its - temporary - retention is still necessary, for the fulfilment of legal retention periods of up to ten years (e.g., from the German Commercial Code, the German Fiscal Code, and the German Money Laundering Act). In the case of statutory retention obligations, deletion is only considered after expiry of the respective retention obligation.
You have the following rights under the General Data Protection Regulation:
Phone: +49 (0)89 416143314
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18, 91522 Ansbach
Postal address: P.O. Box 1349, 91504 Ansbach
Phone: 0981/ 180093-0
Fax: 0981/ 180093-800
If the legal requirements are met, you may object at any time to the processing of personal data relating to you which is conducted on the basis of Article 6 (1)(e) or (f) of the GDPR on grounds relating to your particular situation (Article 21 GDPR).
If you have consented to the processing by the data controller by means of a corresponding declaration, you can revoke your consent at any time for the future. The lawfulness of the data processing carried out on the basis of the consent until the revocation is not affected by this.
Within the scope of the business relationship, you only must provide those personal data that are necessary for the establishment, implementation and termination of the contractual relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect (see in particular the standards listed under "3. c. (...)").
Without this data, we will usually have to refuse to conclude the contract or conduct the order or will no longer be able to conduct an existing contract and may have to terminate it.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
However, these decisions must not be based on special categories of personal data pursuant to Art. 9(1) of the GDPR, unless Art. 9(2)(a) or (b) of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.
Regarding the cases referred to in a. and c., the controller shall act appropriately to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to
This includes the right of the person responsible to intervene, to express his or her point of view and to contest the decision.
Decision-making is automated in the Prospects section to deliver relevant content to the customer in the trial month. The following logic is applied:
These privacy informations were created with the support of DataGuard.
*For reasons of better readability, the generic masculine is used for personal designations and personal expressions. All personal designations apply equally to all gender identities in the sense of equal treatment. The shortened language form does not include any evaluation.