Data Protection
Information

We process personal data in compliance with the relevant data protection regulations, specifically, the GDPR and the BDSG (the German Federal Data Protection Act). When we process data this is conducted exclusively on the basis of a legal authorisation. When you use this website, we process personal data only with your consent (Art.6[1][a] GDPR), at your request, for the implementation of pre-contractual measures (Art. 6[1][b] GDPR), for the fulfilment of a legal obligation (Art. 6[1][c] GDPR), or if such processing is necessary to safeguard our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, outweigh them (Art. 6[1][f] GDPR).

Unless otherwise stated in the following information, we only store the data for as long as is necessary for the purposes of processing or to fulfil our contractual or legal obligations. Such statutory retention obligations may arise, in particular, in connection with commercial or tax law regulations.

When you access our website www.prognos.com, the browser used on your device automatically sends information to our website server. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:

• IP address of the computer requesting access
• date of access
• the website from which access is made (referrer URL)
• the browser used and, if applicable, the operating system of your computer
• Server Status Code
• the size of the requested file

We process the aforementioned data for the following purposes:

• to ensure a smooth connection to the website
• to ensure comfortable use of our website
• to evaluate system security and stability and for other administrative purposes

The legal basis for data processing is Art. 6(1)(f) GDPR. Our legitimate interest follows from the purposes for data collection as listed above. In no case will the collected data be used for the purpose of drawing conclusions about your person.

Our website uses cookies. Cookies are small text files stored by your browser when you visit a website. They identify the browser used and can be recognised by our web server. We use permanent cookies (“persistent cookies”) for our website analytics. These cookies are automatically deleted after a specified duration, which may vary depending on the cookie in question. When this use of cookies results in the processing of personal data, this is done in accordance with Art. 6(1)(f) GDPR. This processing serves our legitimate interest in making our website more user-friendly, effective, and secure. You can delete the cookies in your browser's security settings at any time. You can also object to the use of cookies in your browser settings.

a) Necessary cookies

Firstly, we use so-called necessary cookies. These are used to make the user experience more efficient. We use so-called session cookies to recognise that you have already visited individual pages of our website. These are usually deleted when the browser is closed (depending on the browser’s cookie setting). In addition, we also use temporary cookies to optimise the user experience. These are then stored on your device for a specified period of time. If you revisit our site to access our services, it will automatically detect your previous visit and which entries and settings you made so that you are not required to re-enter them. Necessary cookies are also set when using Cloudflare on our website. For more information on Cloudflare, see point 3.

The use of necessary cookies is essential for the safeguard of our legitimate interests and is legally permissible.

b) Non-necessary cookies

Non-necessary cookies are those that are not technically absolutely necessary. This includes the use of analytics tools. The use of unnecessary cookies requires your consent.

Matomo

• On this website, Prognos uses an open-source tool for web analysis called “Matomo” for the purposes of statistical analysis (provider: EPrivacy Holding GmbH, Große Bleichen 21, 20354 Hamburg, Germany) (formerly “PIWIK”). This should help us improve the website and adapt it more successfully to the needs of our users.
• Matomo does not send data to servers outside of Prognos’ control. Matomo is disabled when you visit our website. Your usage behaviour will only be recorded anonymously if you actively consent. Matomo uses so-called cookies. Your IP address will be anonymised immediately; this means that you, as a user, will remain anonymous. The information generated by the cookie about your use of this website will not be passed on to third parties.
• Prognos considers this analysis part of its internet service.

Cloudflare

• This website uses services provided by Cloudflare (provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA). In order to ensure a sufficient level of data protection when transferring personal data, suitable and appropriate guarantees are provided in accordance with Art. 44 et seq. GDPR (e.g., the conclusion of EU standard contracts, additional technical and organisational measures such as encryption or anonymisation). Cloudflare operates a Content Delivery Network (CDN) and provides Web Application Firewall (Web Application Firewall) protection. The data transfer between your browser and our servers flows through Cloudflare’s infrastructure and is analysed there to prevent attacks. Cloudflare uses cookies to enable you to access our website. The use of Cloudflare is in the interests of the secure use of our website and the prevention of harmful attacks from outside. You will find more information in our Cloudfare Privacy policy: https://www.cloudflare.com/de-de/privacypolicy/
• Cloudflare cookies are necessary cookies.

Cookiebot

To manage the use of cookies on this website, we use Cookiebot, a service that allows us to manage your consent to the use of certain types of cookies. Please note that by using our website, you agree to the use of cookies in accordance with our cookie policy.

Our cookie policy: https://www.prognos.com/de/cookies

Cookiebot’s Privacy Statement: resources.cookiebot.com/webmail/1012702/156441786/5b3c6a857647b2a27742e2e5c6eb35c52b46347964278650cfec72d1c26adcfc

You have the option to accept or decline the use of cookies. By clicking “Accept” you agree to the use of all cookies listed in our cookie policy. If you choose “Decline” only essential cookies, necessary for the basic functioning of our website, are used.

Our website uses Brevo, an email marketing and marketing automation service (provider: SendinBlue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany).

Brevo allows us to send you regular informative emails in the form of newsletters.

When you subscribe to our newsletter, the data you provide (usually your email address and optionally your name) will be transferred to Brevo and stored there. Brevo offers us extensive analytics options concerning the use of our newsletters, including information about opening rates, click rates, bounce rates, and conversion rates.

Your data will be treated confidentially by us and will not be passed on to third parties. You can unsubscribe from our newsletter at any time. To do this, you will find an unsubscribe link in each email.

For more information on how Brevo processes data, please refer to the Brevo Privacy Statement: https://www.brevo.com/de/legal/privacypolicy/.

On our website, we use partially embedded YouTube videos that can be played directly on the website. YouTube is operated by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (“YouTube”). YouTube is a subsidiary of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).

When you visit a page on our website that has a YouTube video embedded, it connects to YouTube’s servers. This communicates to YouTube which pages you are visiting. If you are logged in to your YouTube account, YouTube can assign your surfing behaviour to you personally. You can prevent this by logging out of your YouTube account beforehand.

For more information on how user data is handled, please see the YouTube Privacy Statement at: https://policies.google.com/privacy?hl=de.

Our website uses social plugins (“plugins”) from social networks.

In order to increase the protection of your data when visiting our website, the plugins are not without restriction but instead use an HTML link (so-called Shariff solution from c’t) that is integrated into the page. This integration ensures that when a page from our website is accessed that contains such plugins, there is no connection established with the servers of the provider of the respective social network. If you click on one of the buttons, a new browser window will open that accesses the page of the respective service provider, where you can (if necessary, after entering your login data), for example, press the like or share button.

The purpose and scope of the data collection and the further processing and use of the data by the providers on their pages, as well as your rights and settings in this regard for the protection of your privacy, can be found in the data protection notes of the respective providers.

If you have any questions, you have the possibility to contact us via a form provided on the website. To do this, a valid email address and full name must be provided so that we know who the request is from and can respond to it accordingly.

The data processing that occurs when you contact us is carried out in accordance with Art. 6(1)(a) GDPR on the basis of your voluntarily given consent.

The personal data collected by us in the context of using the contact form will be automatically deleted after completion of your request.

When you subscribe to our newsletter, the email address and, if applicable, the type of organisation will be collected. In addition, upon receipt of the newsletter, opening rates and click-through rates of the user are individually measured, stored, and evaluated. This is done with the help of small graphics embedded in the newsletters (so-called pixels). We use this data for general statistical evaluations as well as for the optimisation and further development of our content. The legal basis for the use of the email address, type of organisation and individual user behaviour, is the consent given by the subscriber in accordance with Art. 6(1)(a) GDPR.

In addition, the date, time, and your IP addresses will be collected as part of the double opt-in process to confirm registration. This is used to document consents granted and to protect against abusive registration. The legal basis for this is Art. 6(1)(f) GDPR (legitimate interests).

Our newsletters are sent by the service provider Brevo from Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. For the processing of personal data, an order processing contract has been concluded with Brevo in accordance with Art. 28 GDPR. For more information, see Brevo’s Privacy Policy: https://www.brevo.com/de/legal/privacypolicy/.

If you receive the newsletter without having registered for it, either we are in a business relationship with you, you have a public office and/or we assume that, on the basis of your activity, you have an interest in being informed about our most important study results and our company’s events. The legal basis for this is Art. 6(1)(f) GDPR (legitimate interests of the persons responsible).

When you apply via our online platform, the following data will be collected:

• name, email address, address, telephone number
• letter of motivation
• possible applications and requests (working time, salary expectations, willingness to move, etc.)
• data on professional development (degree, further education, employment references, CV)
• if appropriate, XING/LinkedIn profile
• if appropriate, voluntary information on special personal data in accordance with Art. 9 GDPR (e.g., severe disability)

We will use the data you enter on the online platform as part of the application process to decide whether to pursue an employment relationship. Furthermore, we may process your personal data as far as this is necessary to defend any asserted legal claims against us that result from the application process. Should an employment relationship result, we may further process the personal data already received for the purposes of the employment. Where this is necessary for the performance or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of representing the interests of employees arising from a law or collective agreement, a company or service agreement (collective agreement) is required.

In the case of applications for an advertised position, the legal basis is Art. 88(1) GDPR in conjunction with § 26(1)1 BDSG. If the application is unsolicited, the processing takes place on the basis of consent in accordance with Art. 6(1)(a) GDPR. The legal basis for use when defending against asserted legal claims arising from the application procedure, is Art. 6(1)(f) GDPR, the legitimate interest is, for example, a duty of proof in proceedings under the General Equal Treatment Act (AGG). If an employment relationship results, data already received can be processed in accordance with § 26(1) BDSG.

The personal data transmitted during the application process will be stored by Prognos for as long as necessary as to enable the fulfilment of the processing phase. Should the application procedure not result in an employment relationship the data will be deleted at the latest six months after the completion of application. As far as there are legal retention obligations, the period for which is longer, longer storage can take place. The data will be deleted earlier if the applicant withdraws his application or revokes his consent to data processing in the case of an unsolicited application. If an employment relationship results, the data will be stored for the period of the employment relationship and, if statutory retention obligations exist, beyond this point.

We operate a career network where we register potential candidates for future job offers and projects. The career network enables us to identify and contact suitable candidates when appropriate opportunities arise. In addition, our career newsletter regularly informs you of all open positions and give insights into our work. In it, we take a look at the most important events and events from our company and present our work culture.

Admission to our career network can be achieved in several ways, such as direct contact in the course of an application process or registration via our website.

When you register for the career network via our website, the following personal data will be collected from you and processed:

• last name, first name
• email address
• address (voluntary)
• your qualifications
• which area of Prognos interests you specifically
• other information (location, salary expectations, etc.)
• your CV (voluntary)
• link to your Xing or LinkedIn profile (voluntary)
• how you became aware of the career network

Your data will be treated confidentially and used exclusively by authorised personnel. We guarantee that your information will not be passed on to third parties without your consent.

You have the right to withdraw your consent to inclusion in our talent pool at any time. Simply send a message to karrierenetzwerk@prognos.com for this purpose.

Please note that we will only store personal information in the talent pool for as long as necessary for the purposes listed above.

If you have been invited by us to participate in a survey, we will process the personal data collected from you in accordance with the legal basis stated in the survey (e.g., consent) and for the stated purpose (usually, the evaluation of the survey within the framework of a specific project). The evaluation of the survey results is usually anonymised, i.e., conclusions about individual response behaviour are not possible. Once the purpose has been achieved, the data will be deleted.

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only share your personal data with third parties if:

• you have given express consent to this in accordance with Art. 6(1)(a) GDPR
• the transfer is necessary for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data, in accordance with Art. 6(1)(f) GDPR
• in the event that a legal obligation exists for the transfer in accordance with Art. 6(1)(c) GDPR
• this is legally permissible and required for the processing of contractual relationships with you in accordance with Art. 6(1)(b) GDPR

Your rights

As a data subject, you have the right to assert your rights against us. In particular, you have the following rights:

• In accordance with Art. 15 GDPR and § 34 BDSG, you have the right to request information about whether and, if applicable, to what extent we process personal data concerning you or not.
• In accordance with Art. 16 GDPR, you have the right to request the correction of your data.
• In accordance with Art. 17 GDPR and § 35 BDSG, you have the right to request the deletion of your personal data.
• In accordance with Art. 18 GDPR, you have the right to restrict the processing of your personal data.
• In accordance with Art. 20 GDPR, you have the right to receive the personal data that concerns you, that you have provided us, in a structured, common, and machine-readable format, and to transmit this data to another controller.
• In accordance with Art. 21(1) GDPR, they have the right to object to any processing carried out on the legal basis of Art. 6(1)(e) or (f) GDPR. If we process personal data concerning you for the purpose of direct marketing, you can object to this processing in accordance with Art. 21(2) and (3) GDPR.

If you have given us separate consent to data processing, you have the right to withdraw this consent at any time, in accordance with Art. 7(3) GDPR. Such a withdrawal shall not affect the lawfulness of the processing which took place on the basis of consent before the withdrawal.

Complaint to a supervisory authority

If you believe that the processing of personal data concerning you violates the provisions of the GDPR, you have, in accordance with Art. 77 GDPR, the right to lodge a complaint with a supervisory authority.

The data protection authority responsible in our case is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin
Telephone: 030 13889 -0
Email: mailbox@datenschutz-berlin.de

During your visit to the website, we use the common SSL (Secure Socket Layer) method in conjunction with the highest encryption level supported by your browser. This is typically 256-bit encryption. Whether a single page of our website is transmitted in encrypted form is indicated by the closed display of the key or lock symbol in the lower status bar of your browser.

We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or against unauthorised access by third parties. Our security measures are continuously being improved in line with technological developments.

This privacy statement is currently valid and is such as of October 2023.

As a result of the further development of our website and offers or due to changes in legal or official requirements, it may be necessary to change this data protection declaration. https://www.prognos.com/datenschutz/ You can access and print the current data protection declaration at any time on the website at https://www.prognos.com/datenschutz/.