Home » Privacy Terms

Privacy Terms HRlab

Last update: September 2021

1. Definitions

HRlab GmbH’s Privacy Policy is based on the terms used within the GDPR under Art. 4 GDPR. These will be initially explained in the following. In this Privacy Policy, we use the following terms, among others:

a. Personal data

Personal data is all information that refers to an identified or identifiable natural person; a natural person is considered identifiable if they can be identified directly or indirectly, in particular by reference to an identifier such as a name, to an identification number, to location data, to an online identifier or to one or more special characteristics, which are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.

b. Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

c. Processing

Processing is any process or series of operations related to personal data, such as collection, recording, organisation, ordering, storage, adaptation or modification, reading, querying, application, with or without the aid of automated procedures; disclosure by submission, dissemination or other form of provision, matching or linking, restriction, erasure or destruction.

d. Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

e. Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without additional data, provided that such additional data is kept separate and is subject to technical and organisational measures to ensure that the personal data is not assigned to an identified or identifiable natural person.

f. Controller

Controller refers to a natural or legal person, public authority, body or institution that, alone or together with others, decides on the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for their designation may be provided for under Union or national law.

g. Third party

A third party is a natural or legal person, public authority, body or institution other than the data subject, the controller, the processor and the persons authorised under the direct responsibility of the controller or the processor to process the personal data.

Consent is any expression of will voluntarily and unequivocally made by the data subject in the form of a statement or other unambiguous confirmatory act by which the data subject expresses their agreement to the processing of their personal data.

The legal basis for our company’s processing is Article 6 I (a) GDPR, whereby we obtain consent for specific processing purposes in advance.

If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, the processing is based on Article 6 I (b) GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in the event of inquiries regarding our products or services.

If the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 (1)(c) GDPR is the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, the legal basis is Art. 6 (1) (d) GDPR.

Lastly, processing operations could be based on Art. 6 I (f) GDPR. Processing operations that are not covered by any of the above legal bases shall be based on this legal basis if processing is necessary to safeguard a legitimate interest of our company or a third party, unless the interests, fundamental rights and fundamental freedoms of the data subject prevail.

3. Responsible bodies

HRlab (hereinafter “HRlab” or “service”) shall be provided as a cloud-based software service for personnel management by HRlab GmbH, Märkisches Ufer 28, D-10179 Berlin (hereinafter “HRlab GmbH”, “we” or “us”). The use of HRlab is subject to the respective contractually agreed terms of use.

The users of the service within the meaning of this Privacy Policy are both the employers as contractual partners of HRlab GmbH with regard to the use of the service or its personnel managers and administrators as well as the employees of the respective employer.

HRlab includes the following functions in this regard:

Administrative functions that enable employers to enter and manage information about on their respective employees centrally and to plan and manage operations and processes in the area of HR management.

Analytical functions that enable the user to evaluate, prepare and visualise the data entered in the service for various purposes and on the basis of various parameters. Among other things, this includes the creation of overviews, statistics, graphs, structures and other values and indicators in connection with the personnel management on the basis of the data entered in the service.

Interfaces/APIs that enable the integration of service offers of other providers (hereinafter “third-party provider software” or third-party providers”).

We collect, process and use data on behalf of our contractual partners during use of the service. Since protecting the privacy of our users when using the service is important to us, we would like use the following information to inform you of which personal data we collect while providing this service and how we handle this data.

This Privacy Policy can be inspected online at any time on our homepage within the service.

Responsible body for data processing on its own responsiblity is:

HRlab GmbH
Märkisches Ufer 28
10179 Berlin
Tel.: +49 (0) 30 398 2196 00
E-Mail: dataprotection@hrlab.de
Commercial register number: HRB 182015 B
Register court: Amtsgericht Charlottenburg
Data protection officer: Stephan Frank

4. Use of cookies

a. General

We use cookies on our website. Cookies help make your visit to our website easier, more pleasant and more meaningful in many aspects. Cookies are alphanumeric text files that your web browser automatically saves on your computer’s hard drive when you visit our website.

Cookies do not damage your computer’s hard drive nor do they contain viruses, trojans or other malware. Data is transmitted to us through the placement of cookies.

We use cookies to make our website more user-friendly. Some elements of our website require that the visiting browser can also be identified after changing the website. We also use cookies on our website that enable us to analyse the surfing behaviour of our users. The legal basis for the processing of personal data using these technically necessary cookies is Art. 6 (1) (f) GDPR. With the existence of the user’s consent to this, the legal basis for processing personal data using cookies for analysis purposes is Art. 6 (1) (a) GDPR.

The user data collected in this way is pseudonymised by technical means. This means it is no longer possible to assign the data to the visiting user. The data is not stored together with other personal data of the users. When accessing our website, the user is informed about the use of cookies for analysis purposes and their consent to the processing of the personal data used in this context is obtained. In this relation, information is also provided on how to prevent the storage of cookies via the browser settings.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or that information always appears when you receive a new cookie. Disabling cookies may mean that you cannot use all features of our website.

This website uses Borlabs Cookie which sets a technically required cookie (borlabs-cookie) to save your cookie consent. Borlabs Cookie does not process personal data.

The Cookie borlabs-cookie saves your consent which you have given when you accessed the website. If you want to revoke your consent, please delete the cookie in your browser. If you reload/reenter the website, you will again be asked for your cookie consent.

c. Adjusting individual settings

If you want to adjust your individual settings, please click on this link:

Customize Cookie Preferences

5. Collection and use of your data

As the responsible body, we use your data exclusively in compliance with the applicable data protection laws and as described in this Privacy Policy. Further processing of this data by us as the responsible body only takes place on the basis of a statutory obligation or if you have given us your consent.

To be specific, we process and store data as follows:

a. Registration / creation of a user account

Employers must register with HRlab GmbH and create a user account in order to be able to use the service.

In order to register, employers must state their company or business name, their first and last name or the first and last name of the person in charge of use of the service (hereinafter “person in charge”) as well as their e-mail address or the e-mail address of the person in charge (collectively referred to as “profile content”).

Furthermore, employers must designate one or more personnel managers for their respective user account.

We save all of this information in the respective user account.

We process this data in order to establish and implement the contractual relationship on the use of the service between employers and ourselves and to ensure the proper use of the service by the employers.

The data is processed on the basis of the statutory regulations that permit data processing because it is necessary for fulfilment of the agreement on the use of the service or because we have a legitimate interest in ensuring the proper use of the service, without this being in conflict with an overriding interest of the data subjects.

b. Creation of employee profiles

Employers can create personalised profiles for their employees as part of their user accounts (hereinafter “employee profiles”). The creation of employee profiles and the entry of employee data is the responsibility of the employers under data protection law. Employers must in particular ensure that they are entitled under data protection law to enter employee data in the service or have it entered by their employees.

Admission occurs when the respective employer creates an employee profile, stating the first and last name and a valid business e-mail address of the respective employee. As a result, the respective employee is sent a corresponding request to the e-mail address provided and the employee in question accepts this request. If employees do not have a business e-mail address, the request is sent to the employee in another form.

Additional information about the respective employee can be entered in the employee profile either by the employer or the respective employee (hereinafter referred to as “employee data” together with the information provided when creating the employee profile).

The employee data may include the following information:

  • master data (first and last name, birth name, form of address, academic title, personnel number, gender, date of birth, country of birth, city of birth, nationality, existence and duration of a work and residence permit, ID);
  • contact details (address, e-mail addresses, telephone numbers, Facebook link, LinkedIn link);
  • payroll accounting data (salary, bonuses, account data, tax numbers, tax bracket, marital status, children’s allowances, proof of parenthood, religious affiliation, religious affiliation of partner, uniform flat-rate tax, main or secondary employment, tax allowances, maternity, parental leave, social insurance number, membership and scope of health and pension insurance, unemployment insurance, nursing care insurance, occupational pension scheme);
  • health data, (illness-related absences, disability);
  • organisational and personnel planning data (qualifications of the employees, organigrams, work schedules, time recording, business travel planning, leave planning, workflows, responsibilities, equipment, documents);
  • contractual data (position/job title, employment agreements, date of retirement, foreign deployments, leave entitlement, organisational assignment, confidentiality obligation declarations, non-disclosure agreements, application documents, curriculum vita, etc.);
  • access authorisation to HRlab (classification in the authorisation group such as administrator, human resources, user, etc.).

We save the employee data in the respective employee profile and provide it as part of the service for the respective employer (and) its person in charge as service provider subject to directives.

c. Login and general use of the service

To use the service, users must log in with the data they provided or received during registration. You must enter the following data to log-in:

  • username (e-mail address provided during registration for the service or creation of the employee profile);
  • Password

We communicate a generated password to users by e-mail to the e-mail address provided, which the user needs to log in to the service. Users can always change this password in their user account or employee profile. Under certain circumstances, we may have to specify the username and password, for example, when using interfaces/APIs.

We save the username and password for each user account or employee profile.

In addition, we automatically save certain data as part of the use of the service by the user. This includes: the IP address or device ID assigned to the respective terminal, which we need in order to transmit the requested content (e.g. in particular content, texts, pictures, product information and files provided for download, etc.), user behaviour as part of the service, the type of the respective terminal, the browser type used and date and time of use.

This data processing occurs to fulfil the agreement between the employers and HRlab GmbH regarding the use of the service and the services owed under it.

In addition, we preserve this information for a maximum of seven days in order to detect and track abuse. Our legitimate interest in the data processing consists in ensuring proper functioning of our website and the service.

For the rest, we delete or anonymise the usage data including the IP addresses immediately as soon as it is no longer needed for the aforementioned purpose.

The data is processed on the basis of the statutory regulations that permit data processing because it is necessary for fulfilment of the agreement on the use of the service or because we have a legitimate interest in ensuring the security and functionality of the service and its proper use, without this being in conflict with a predominant interest of the data subjects.

d. Provision of administration functions

In order to fulfil and execute the agreement on the use of the service between HRlab GmbH and the respective employer as well as to provide the administrative functions due under it, we process profile content and employee data on the instructions of the respective employer as follows:

  • import and saving profile content and employee data in the HRlab Software;
  • provision of profile content and employee data to the employer, its person in charge or otherwise authorised persons in order to perform planning and administrative tasks.

e. Provision of analytical functions

In order to fulfil and execute the agreement on the use of the service between HRlab GmbH and the respective employer as well as to provide the analytical functions due under it, we process profile content and employee data on the instructions of the respective employer as follows:

  • merge, prepare and visualise profile content and employee data;
  • create overviews, statistics, graphs, structures and other values and indicators on the basis of the profile content and employee data;
  • anonymise or aggregate profile content and employee data to establish comparative and average values for the individual user as well as across all users;
  • evaluate profile content and employee data of individual users as well as across all users;
  • comparison of the profile content and employee data with the pseudonymised or aggregated comparative and average values identified.

f. Termination of the use relationship

In the event of the termination of the use relationship between HRlab GmbH and an employer, HRlab GmbH shall retain the respective user account and the respective assigned profile content and employee data in accordance with instructions for a further three months (hereinafter “retention period”) unless otherwise requested by the employer. The profile content and employee data shall be blocked for the retention period for all other processing or use and deleted upon expiry of the retention period at HRlab GmbH. In so far as the employer concludes a new agreement on the use of the service in accordance with the terms of use within the retention period, the profile content and employee data shall be unblocked and are available to the user again within the scope of the service..

If you consented to receiving advertising from us, we use the information you provided to send you advertising by electronic post (e-mail, SMS, MMS, instant message).

We verify your consent to the receipt of advertising by e-mail using the so-called double opt-in procedure. This means that we first request active confirmation of your consent to the receipt of advertising by e-mail to the e-mail address you provided when subscribing before we start to send it. We use the information on confirmation to document and if necessary prove your consent.

You can revoke your consent at any time with effect for the future by sending us an e-mail to dataprotection@hrlab.de. Revoking the consent does not affect the lawfulness of the processing performed on the basis of the consent.

6. Use of third party providers

In order to provide and continuously improve our services, we rely on the services of the following third-party providers, who may process personal data. Please note that unless otherwise explained, the third-party providers are located in the USA and that the USA are no safe third country according to the EU data protection. US-companies are obliged to submit personal data to security authorities without individual remedies against such actions. Thus, it cannot be excluded that US authorities (e.g. intelligence agencies) process, analyze and save your data which are managed on US servers. We have no influence in this regard.

Unless otherwise specified in this privacy statement, provider of all Google services mentioned here is Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“).

a. Google Maps

The Google Maps service is integrated into this website via API to display geographical information. The integration of Google Maps enables Google to collect, process and use data about your use of the service.

However, so-called IP anonymisation is activated on our website. As a result, the IP address transmitted is previously abbreviated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

You find additional information on processing of your data by Google in the Google privacy statement.

b. Google Tag Manager

The Google Tag Manager service is used on this website. The Tag Manager is a tool for managing tags that are used for tracking in online marketing. The Tag Manager itself does not process any personal data, as it is used exclusively to manage other services – e.g. Google Analytics, etc.. You find additional information on the Google Tag Manager here:


c. Google Analytics

We use Google Analytics, a web analysis service provided by Google Inc (“Google”), to design our website www.hrlab.de in line with requirements and to continuously optimise it. Web analysis is the collection, storage and analysis of data regarding the behaviour of visitors to websites. A web analysis service collects data that, among other things, shows the website from which a visitor has come to this website (referrer), which of the website’s sub-pages they visit or how often and for how long they access them or how often and for how long they look at a sub-page. This type of web analysis is mainly used for website optimisation and for cost-benefit analysis of internet advertising.

Operating company of this Google-Analytics-component is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.

The use is based on Art. 6 (1) (1) (a) GDPR. Google Analytics uses cookies. Cookies are text files that are stored on your computer. They allow your use of the website to be analysed. The information generated by the cookie about your use of this website (such as browser type, operating system, hostname of the requesting computer, request timestamp) is transmitted to a server and stored there. The information is used to evaluate the use of the website, to compile reports on website activity, and to provide other services related to website and internet usage, which can be necessary for the purposes of market research and the needs-based design of this website. The data linked to cookies is automatically deleted after 14 months. The information may be transferred to third parties if this is required by law or if third parties have been commissioned to process the data.

Under no circumstances will the IP address be linked to other data relating to the user. HRlab GmbH uses the “_gat._anonymizeIp” function for web analytics via Google Analytics. This function ensures that the IP address of the internet access will be shortened and anonymised by Google if our site is accessed from a Member State of the European Union or from another state party to the Agreement on the European Economic Area.

As a user, you can prevent cookies from being installed by setting browser software accordingly; however, we would like to point out that the functions of this website may not be fully usable in this case.

Data, sessions and interactions are captured across multiple devices and are used to analyse your activities across devices. In addition, we use demographic characteristics of Google Analytics reports, which include and use data from Google’s interest-based advertising as well as visitor data concerning third parties (e.g. age, gender and interests). This data cannot be traced back to a specific person and can be deactivated at any time via the ad settings.

We also use Google Analytics to analyse data from Double-Click-Cookies and Google Ads for statistical reasons. If this is undesired, you can request a deactivation through the ad setting manager (http://www.google.com/settings/ads/onweb/?hl=en).

You find further information and the data protection clause of Google under https://www.google.de/intl/en/policies/privacy/ and http://www.google.com/analytics/terms/de.html. Google Analytics is explained in detail under the following link https://www.google.com/intl/en_us/analytics/.

d. Google AdWords

We have integrated Google Ads into this website. Google Ads is an internet advertising service that allows us to place adverts on both Google search engine results and in the Google Network. The use of Google Ads allows you to specify certain keywords. If the user retrieves a keyword-relevant search result with the search engine, the corresponding ad will be displayed in the Google’s search engine results. In the Google Network, ads are distributed on web pages relevant to the theme using an automated algorithm and according to pre-defined keywords.

Operating company of the Google Ads services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The use of Google AdWords serves to promote our website by displaying interest-based advertising on third-party websites, in the search engine results of Google’s search engine and on our website.

After 30 days, this cookie loses its validity and is no longer used to identify the user.

As already stated above, you can prevent our website from placing cookies at any time using the relevant setting of the used internet browser and thus permanently opt out of the setting of cookies. Changing such a setting of the used internet browser in this manner would also prevent Google from placing a conversion cookie on the user’s IT system. Cookies already placed by Google Ads can also be deleted at any time via an internet browser or other software programs.

Furthermore, you can revoke interest-related advertising from Google.Therefore, adjust the desired settings via https://adssettings.google.com/authenticated for all browsers which you use..

You find further information and the data protection clause of Google under https://policies.google.com/privacy?hl=en&gl=en.

e. YouTube

The YouTube service is used on our website www.hrlab.de to embed videos in the site. The provider of the necessary plugin for this is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA („YouTube“). If you visit a website with embedded YouTube videos via the YouTube plugin, a connection to YouTube servers is established. At the same time, YouTube is informed of which pages you visited. If you start a video, the operator will use cookies to collect data on user behaviour.

You find further information and the data protection clause of YouTube under : https://policies.google.com/privacy?hl=en

f. HubSpot

HubSpot is a software company based in the USA with office in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.

We use the service of HubSpot for various purposes.

HubSpot is an integrated software solution that we use to cover various aspects of our online marketing. These include:
Email Marketing, Social Media Publishing & Reporting, Reporting, Contact Management (e.g. user segmentation & CRM), Landing Pages and Contact Forms.

Our sign-up service allows visitors to our website to learn more about our company, download content, and provide their contact information and other demographic information. This information, as well as our website content, is stored on servers operated by our software partner HubSpot. It may be used by us to contact visitors to our website and to determine which of our company’s services are of interest to them. All information we collect is subject to this privacy policy. We use all information collected solely to optimize our marketing efforts.

Further information regarding the privacy policy of HubSpot »

Further information of HubSpot regarding the EU privacy policy »

Further information regarding the used cookies you find here&here »

As part of optimizing our marketing efforts, HubSpot may collect and process the following data:

– Geographic location

– Browser type

– Navigation information

– Referral URL

– Performance data

– Information about how often the application is used

– Mobile apps data

– Login information for HubSpot subscription service

– Files viewed on site

– Domain names

– Pages viewed

– Aggregated

– Operating system version

– Internet service provider

– IP address

– Device identifier

– Duration of visit

– Where the application was downloaded from – Operating system

– Events occurring within the application

– Access times

– Clickstream data

– Device model and version

In addition, we also use HubSpot to provide contact forms. For more information in this regard, please refer to subsection 7 of this Privacy Policy.

The legal basis of the processing is your consent pursuant to Art. 6 (1) lit. a DSGVO. If you do not want the aforementioned data to be collected and processed via HubSpot, you can refuse your consent or revoke it at any time with effect for the future.
The personal data will be kept for as long as it is required to fulfill the purpose of processing. The data will be deleted as soon as they are no longer required to achieve the purpose.

Within the scope of processing via HubSpot, data may be transferred to the USA. The security of the transfer is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to ensure an adequate level of security, your consent pursuant to Article 49 (1) (a) of the GDPR may serve as the legal basis for the transfer to third countries. Please refer to the subsection “7. Forms” for more information.

g. LinkedIn Insight Tag

The Insight Tag of the social network LinkedIn is used on our website www.hrlab.de. This is provided by the LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA (hereinafer “LinkedIn”). The LinkedIn Insight tag is a small JavaScript code snippet that we have added to our website.

The LinkedIn Insight tag enables information to be collected about visits to this website, including URL, referrer URL, IP address, device and browser characteristics, timestamps and page views. This data is encrypted, anonymised within seven days and the anonymised data is deleted within 90 days. LinkedIn does not share any personally identifiable information with us, but only provides aggregate reports about the site’s audience and ad performance. LinkedIn also provides retargeting for website visitors, which enables us to use this information to display targeted advertising outside of our website without identifying the member. LinkedIn members can manage the use of their personal data for promotional purposes in their account settings.

Purpose of the data processing

The LinkedIn Insight tag is used to provide detailed campaign reporting and information about both visitors to our website and our advertising and marketing interests. As a LinkedIn marketing solutions customer, we use the LinkedIn Insight tag to retarget our site visitors and gather additional information about the LinkedIn members who view our ads.

Details on data collection (purpose, scope, further processing, use) as well as your rights and setting options can be found in LinkedIn’s Privacy Policy. LinkedIn provides this information at https://www.linkedin.com/legal/privacy-policy.

Legal basis of the data processing

The legal basis for processing personal data is Art. 6 (1) (f) GDPR, in other words a legitimate interest on our part. Our legitimate interest in this regard lies in the aforementioned purposes.

How to revoke the data processing

If you are a LinkedIn member and do not want LinkedIn to collect information about you visit to our website and link it to your membership information held by LinkedIn, you must sign out of LinkedIn before visiting our website.

You can prevent the execution of the Javascript code required for the tool by setting your browser software accordingly.

To prevent the execution of Javascript code altogether, you can also install a Javascript blocker, such as the browser plugin NoScript (e.g. www.noscript.net or www.ghostery.com).

7. Forms

We use Forms.

a. Newsletter

We inform interested parties at regular intervals about new features of our product as well as about company events in a newsletter. You can receive the newsletter if you have a valid email address and you have registered for the newsletter. A confirmation email will first be sent to the email address you entered for the newsletter mailing list using the double-opt-in procedure. This procedure is used to check whether the owner of the email address authorised the receipt of the newsletter.

When subscribing to the newsletter, we also store the IP address of the computer system used by the data subject as assigned by the internet service provider (ISP) at the time of registration as well as the date and time of registration. The legal basis for the saving the data is Art. 6 (1) (a) GDPR. The collection of this data is necessary to trace the possible misuse of a data subject’s email address at a later date and therefore serves as a legal safeguard for us.

You can cancel your subscription to our newsletter at any time. The consent to the storage of personal data that you grant us for newsletter dispatch can be revoked at any time. At the end of each newsletter, you will find a link that allows you to unsubscribe from the newsletter at any time.

Our newsletters contain tracking pixels. A tracking pixel is a miniature graphic embedded in emails that are sent in HTML format, to enable log file recording and log file analysis. They allow statistical evaluation of the success or failure of online marketing campaigns. On the basis of the embedded tracking pixel, we can detect whether and when an email was opened and which links in the email were clicked on. We store and evaluate such personal data collected via the tracking pixels contained in the newsletters in order to optimise the delivery of newsletters and to better adapt the content of future newsletters to your interests. The legal basis for the temporary storage of data is Art. 6 (1) (f) GDPR. This personal data will not be transmitted to third parties. You may revoke the separate declaration of consent given via the double-opt-in procedure at any time. Alternatively, you can unsubscribe from the newsletter at any time by sending an email to marketing@hrlab.de. Following revocation, HRlab GmbH will delete this personal data. We automatically interpret a cancellation of the receipt of the newsletter as a revocation.

b. Test version

If you register for a test account, we will use your data to send you required information and present the test account and software features:

  • Processed data: E-Mail address, last name, first name, phone number, company, job title, department;
  • Purpose: Provisioning of the requested test account and explaning software features;
  • Storage period: Data will be only stored as long as necessary, e.g. to prepare, perform and follow up software demonstration meetings;
  • Legal basis: Art. 6 I b GDPR.

8. Your rights as data subject

You are entitled to receive information about the data stored about you at any time. Upon submission of the respective requirements, you may also be entitled to the following rights:

  • the right to rectification of inaccurate personal data relating to you;
  • the right to erasure of data relating to you;
  • the right to block or restrict the processing of your data;
  • the right to object to the processing of data relating to you and
  • the right to data portability.

Should you desire information on the data relating to you saved by HRlab GmbH on its own responsibility, wish to enforce other rights or have questions on data protection, you can either contact us by post (HRlab GmbH, Märkisches Ufer 28, D-10179 Berlin) or by e-mail at dataprotection@hrlab.de. Please contact your employer if you have any concerns regarding the contract data processing perform by us.

9. Right to lodge a complaint with a responsible supervisory authority

You are entitled to lodge a complaint at any time with a supervisory authority, in particular with a supervisory authority in the member state of your place of residence, your workplace or the location of the probable breach if you consider that the processing of personal data relating to you breaches the data protection laws.

The following data protection authority is responsible for HRlab GmbH:

The Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstr. 219
Visitors’ entrance: Puttkamerstr. 16 – 18 (5th floor)
10969 Berlin

Telephone: +49 (0)30/ 13889 0
Fax: +49 (0)30/ 215 5050
E-Mail: mailbox@datenschutz-berlin.de

10. Security

We use approriate technical and organisational security measures to protect your data against coincidential or intentional manipulations, partial or total loss, destruction or unauthorized access of third parties. Our security measures are continously improved in line with the technological development.

11. Final provisions

We always keep this Privacy Policy up to date. Therefore, we reserve the right to amend it from time to time and to update amendments during the collection, processing or use of your data. The current version of the Privacy Policy can always be retrieved online at our homepage within the service.

Version 09-2021