contact us

Fields marked with an asterisk (*) are required.

thank you!

Your submission has been received!

Oops! Something went wrong. Please try again!

data protection statement

Thank you for visiting our website! It is highly important to us to comply with the provisions under data protection law. This data protection statement is intended to inform you, as the user of our website, about the nature, scope and purpose of the processing of your personal data and the rights existing for you as a “data subject” within the meaning of the General Data Protection Regulation (GDPR). The information is given in accordance with article 13 of the GDPR. Processing of personal data, that is not collected from the data subject (article 14 of the GDPR), does not take place.

1. Controller

This website and the services offered are operated by
Palmer Hargreaves GmbH
Department exofarer
Vogelsanger Strasse 66
50823 Cologne
Germany
t+49 221 933220
hello@exofarer.io
www.exofarer.io
Managing directors:
Jörn Langensiepen | Susanne Hoffmann | Dr. Iris Heilmann
(hereinafter “Palmer Hargreaves”)

2. General

When developing this website, we have designed it withthe intention of collecting as little data from you as possible. In principle,it is possible to visit our website without providing personal data. It is onlynecessary to process data if you decide to use certain services (e. g. theconsent to the use of statistic cookies). When doing so, we always ensure thatwe only process your personal data in line with a legal basis. We comply withthe provisions of the General Data Protection Regulation (GDPR) and theapplicable national provisions, such as the German Federal Data Protection Act(Bundesdatenschutzgesetz), the German Telemedia Act (Telemediengesetz), or anyother more specialised laws on data protection.

3. Definition

The terms used in this data protection statement refer to the meaning below in line with the GDPR.
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.
“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

4. Purpose of use and legal basis for processing personal data

Personal data that are necessary in order to constitute, execute or carry out our service offers are processed on the legal basis of article 6 (1) (b) of the GDPR. Processing of personal data that is necessary for the purposes of our pursued legitimate interests is carried out in line with article 6 (1) (f) of the GDPR. If your personal data are processed for the stated purpose with your consent, then this is based on article 6 (1)(a) of the GDPR. Where we use external service providers within the scope of commissioned processing, the processing is carried out on the legal basis of article 28 of the GDPR. We will process and use the collected personal data for the purposes listed here.
Purpose of data processing Legal basis for data processing
For contacting the data subject and any associated correspondence Based on legitimate interests
For dealing with your enquiry and to provide further advice as requested by you, as the case may be Based on legitimate interests
For sending a quotation following your enquiry Based on measures prior to entering into a contact
For safeguarding that our website is presented to you in an effective and appealing way Based on legitimate interests
For technical realisation of our website Based on legitimate interests

5. Collected and processed personal data

We collect and process your personal data only if you provide them voluntarily with your knowledge and contact us via e-mail. These are the following data:
- First name
- Last name
- E-mail address
- Phone number (optional)
The personal data listed before and provided by youand their contents will exclusively stay with us, our affiliated companies aswell as our service providers elancer-team GmbH and Telekom DeutschlandGmbH. Wewill store and process your data only for the purposes stated in item 4 above.Any use for any purpose other than that stated requires your explicit consent.This also applies to the transfer and transmission of your data to thirdparties. Please note that the information you send to Palmer Hargreaves by e-mailstransmitted unencrypted. To this extent, there is a risk that unauthorizedpersons can intercept and use this data. 

6. General log files

The web server temporarily records in log files the connection data of the inquiring computer (IP address), the pages you visit on our website, the data and the duration of your visit, the identification data of the used browser and operating system type and the website you have visited before as well as the successful retrieval in log files. The technical administration of the website and anonymous statistical measures facilitate an evaluation of the accesses to the Palmer Hargreaves offers and an evaluation, the aim of which is to enhance data protection and data security in our company in order to ensure an optimum level of security for the personal data that we process. The data of the server log files will be stored separately from the personal data that you provide. Unless there is a legal obligation to retain data, we will anonymize your IP address and delete it after 24 hours.

7. Cookies

Use of cookies

Our website collects and stores information by using what is called browser cookies.

What are cookies?

They are small text files that are stored on your data carrier and that store specific settings and data about your browser for exchange with our system. In general, a cookie contains the name of the domain that sent the cookie data as well as information on the age of the cookie and an alphanumeric identifier.

Why do we use cookies?

Cookies facilitate our systems to recognize the user’s device and to make any potential presettings available immediately. As soon as a user accesses the platform, a cookie will be transmitted to the hard disk of the user’s computer. Cookies help us to improve our website and to offer you an even better and customised service. This enables us to recognize your computer or your (mobile) device when you return to our website and therefore, we can:- store information about your preferred activities on the website and customise our website for you to suit your particular interests and- accelerate the speed of handling your enquiries.
We cooperate with third-party services, which support us in making the Internet offer and the website more interesting for you. Therefore, cookies of these partner companies (third-party providers) are also stored on your hard disk when you visit our website. These cookies are deleted automatically after the predetermined time.
A list as well as detailed information about the cookies set by us can be found below or in the consent manager of this website.
Your consent applies to the following domains: www.exofarer.io

May I decide about the use of cookies?

You can adjust the cookie settings you have set here.

8. Integration of third party services and contents

Our website uses content and services of other service providers. In order to retrieve and present these data in the user’s browser, it is absolutely vital to transmit the IP address. The service provider(hereinafter “third-party provider”) is therefore aware of the user’s IP address.
Even if we try to use only third-party providers who need the IP address only in order to provide content, we do not have any influence on whether the IP address is stored, as the case may be. In this case, this process serves, among others, statistical purposes. As soon as we become aware that the IP address is stored, we will point it out to you.  

Use of the Google Tag Manager

Our website uses the Google Tag Manager. Through this service, website tags may be managed via an interface. The Google Tag Manager merely implements tags. This means: No cookies are used and no personal data are collected. The Google Tag Manager triggers other tags, which, in turn, collect data, as the case may be. However, the Google Tag Manager does not access these data. If, at domain or cookie level, a deactivation was made, this deactivation remains for all tracking tags, provided those tracking tags have been implemented with the Google Tag Manager. You will find Google’s data protection statement at: https://policies.google.com/technologies/partner-sites?hl=en-GB.

Use of the Google Analytics

Our website uses features of the web analysis service Google Analytics. The third-party provider of this web analysis service is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A.
Google Analytics uses cookies. Cookies are small text files that your web browser stores on your end device and that facilitate an analysis of the use of the website. Information about your use of our website generated by means of cookies is transmitted to a Google server and stored there. The server is generally located in the U.S.A.  
Setting of Google Analytics cookies is based on article 6 (1) (f) of the GDPR. As the owner of this website, we have a legitimate interest in analysing the user behaviour in order to optimise our website, and advertising as well, as the case may be.
We use Google Analytics in connection with the IP anonymization feature. It ensures that Google shortens your IP address within the member states of the European Union or in the other contracting states of the agreement on the European Economic Area before transmitting it to the U.S.A. There may be exceptions, where Google transfers the full IP address to a server in the U.S.A. and shortens it there. Google will use this information on our behalf in order to analyse your use of the website, to create reports about website activities and to perform other services for us associated with the website use and Internet use. The IP address transmitted by Google Analytics will not be combined with other data of Google.
You may prevent your web browser to set cookies. Some functionalities of our website might then be limited. You may also prevent the collection of data about your use of the website including your IP address and the subsequent processing by Google. This is possible if you download and install the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en
You will find details on handling user data at GoogleAnalytics in the data protection statement of Google at: https://support.google.com/analytics/answer/6004245?hl=en
Our website uses the “Demographics and Interests” function of Google Analytics. It may be used to create reports that contact information about age, gender and interests of the website visitors. These data have been obtained from interest-related advertising of Google and visitor data of third parties. It is not possible to attribute the data to a specific person. You may deactivate this function at any time. You can do this by using the display settings in your Google account or by prohibiting the collection of your data through Google Analytics in general as described in the item “Objection against data collection”.
You will find Google’s data protection statement at: https://policies.google.com/technologiespartner-sites?hl=en-GB

Use of Google Ads and Google Conversion Tracking

Our website uses Google Ads. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A.

Google Ads is an online advertising program. When using the online advertising program, we use conversion tracking. After clicking on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that your web browser stores on your device. Google Ads cookies loose their validity after 30 days and are not used to identify users. When having a look at the cookie Google and we can see that you have clicked on an ad and have been forwarded to our website. The storage of “conversion cookies“ is based on article 6 (1) (f) of the GDPR. As the website owner, we have a legitimate interest in analyzing the user behaviour in order to optimize our website, and our advertising.

Every Google Ads customer receives a different cookie. The cookies cannot be traced via websites of Google Ads customers. Conversion cookies are used to create conversion statistics for Google Ads customers using conversion tracking. Google Ads customers are informed how many users have clicked on their ad and have been forwarded to pages featuring a conversion tracking tag. However, Google Ads customers do not receive any personal data to identify users. If you do not wish to participate in the tracking, then you can object to the use of it. The conversion cookie in the browser’s user settings must be deactivated. Then your activities will not be entered into the conversion tracking statistics.

You will find details on Google Ads and Google Conversion Tracking in Google’s data protection statement of Google: https://policies.google.com/privacy?gl=de&hl=en-GB

You may control, restrict or prevent that cookies are set with an up-to-date web browser at https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en
Deactivating of cookies may lead to a limited functionality of our website.

Use of LinkedIn Insight-Tag

We use LinkedIn Insight-Tag from LinkedIn Corporation, Sunnyvale, California, U.S.A., to create target groups, to segment visitor groups of our online offer, to identify conversion rates and afterwards to optimise them. In particular, this occurs when you interact with advertisements that we have placed with LinkedIn Corporation. For this purpose, LinkedIn Corporation offers retargeting for website visitors to display target advertising beyond our website.

LinkedIn Insight-Tag collects data about visits to our website including URL, referrer URL, IP address, device and browser properties (user agent), and timestamp. These data are used to present anonymised reports on website audience and ad performance.

We process your data with the help of LinkedInInsight-Tag for the purpose of optimising our website and for marketing purpose based on your consent pursuant to article 6 (1) (a) of the GDPR.

The specific storage period of the processed data cannot be influenced by us but is determined by LinkedIn Corporation. You can find further information in the data protection statement for LinkedInInsight-Tag: https://www.linkedin.com/legal/privacy-policy?

Use of Hotjar Behavior Analytics

We have integrated Hotjar Behavior Analytics on our website. Hotjar Behavior Analytics is a service of Hotjar Ltd. and provides optimization tools that analyze the behavior and feedback of users of our website through analytics and feedback tools.

Hotjar Behavior Analytics uses cookies and other browser technologies to analyze user behavior and recognize users.

This information is used, among other things, to compile reports on the website activity and to statistically analyze visit or data. Furthermore, Hotjar Behavior Analytics records clicks, mouse movements and scroll heights to create so-called heat maps and session replays.

In this case, your data will be passed on to the third party provider of Hotjar Behavior Analytics, Hotjar Ltd., Dragonara BusinessCentre 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141 Malta.

We process your data with the help of Hotjar BehaviorAnalytics for the purpose of optimizing our website and for marketing purposes based on your consent pursuant to article 6 (1) (a) of the GDPR.

The specific storage period of the processed data cannot be influenced by us, but is determined by Hotjar Ltd. Further information can be found in the privacy policy for Hotjar Behavior Analytics: https://www.hotjar.com/privacy

Social Media

You will find us on the following platforms and social networks: § Linkedin

When using social networks, data are processed outside the European Union (EU) and the European Economic Area (EEA). A data protection level equivalent to that of the EU cannot be safeguarded in all the countries outside the EU. In this context, there may be risks involved for you as the user, if the transmitted data are processed in what is called third countries with an inadequate level of data protection. This makes enforcement of known rights of users difficult. Moreover, it may happen that the third party provider in the third country processes your data but not in your interest.

The purposes of processing pursued by the social networks usually deviate from the purposes we pursue. Thus, the data you record in social networks are, in most cases, processed for purposes of market research, advertising, and creation of user profiles for personalised advertising (such as Facebook, Google, Instagram etc.).

To realise this, cookies, which record the user behaviour and facilitate user profiling, are used. You will find a list of the purposes of the processing of users’ data in the data protection statements of the respective third-party providers. You can restrict profiling, at least to some extent, by adjusting the settings in your user account. Please read the relevant data protection statements of the respective third-party provider to find out how to proceed.

Basically, this refers to the following data:
-  Registration data such as user name, password, e-mail address
-  Profile information such as given name and surname, telephone number, picture
-  Logfile information such as web request, IP address, browser type, landing pages, visited pages
- DeviceID
-  Metadata such as hashtags, geotags, comments

Processing of your personal data for the stated purposes is based on our legitimate management and communications interest to offer an information and communications channel pursuant to article 6 (1) (f)of the GDPR. Where you have given your consent to the data processing to the relevant third-party provider of the social network, the legal basis of the processing is based on article 6 (1) (a) and article 7 of the GDPR.

Due to the fact, that the real data processing is carried out by the third-party provider of the social network, our possibilities to access your data are restricted. Solely the third party provider of the social network is legitimised to access your data in full. That is why only the provider is able to directly take and implement relevant measures toper form your user rights (request for information, request for erasure, objection etc.). Therefore, the most effective way to assert relevant rights is to assert them directly against the relevant third-party provider.

Furthermore, on mobile end devices, you may restrict the services’ access to contact and calendar data, photos, location data etc.by adjusting the settings on your device. However, this depends on the operation system used.  

We do not collect and process any data from your use of the service. However, in the event we share or respond to your posts or create posts that refer to your profile ourselves, then the data you have entered in the social network, including, but not limited to, your (user) name and the content made public on your account, will be processed to the extent that they will be integrated in our offer and made publicly accessible to our followers.

If you need assistance in this matter, please feel free to contact us.

Data Subjects’ rights

Below, you will find a more detailed list of the relevant data processing carried out by the third-party providers:

LinkedIn: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland

Data protection statement: https://www.linkedin.com/legal/privacy-policy

9. Data security

Unfortunately, transferring information via the Internet is never 100 % secure, and that is why we cannot guarantee the security of the data transmitted via the Internet to our website.

However, we protect our website from loss, destruction, access, modification or dissemination of your data by unauthorized persons through technical and organisational measures.

In particular, your personal data are transferred in encrypted form. We use the coding system SSL/TLS (Secure SocketsLayer/Transport Layer Security) for this purpose. Our security measures are continuously improved in line with technological development.

10. Right of the data subjects

If you are a data subject as defined in article 4 (1)of the GDPR, then you have the following rights regarding processing of your personal data according to the GDPR.

Right to correction

Under the conditions of article 16 of the GDPR, you have the right to request the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to deletion

Under the conditions of article 17 of the GDPR, you have the right to demand from us the erasure of personal data concerning you without undue delay, provided that one of the reasons stated in article 17 of the GDPR applies and the processing is not required

Right to restriction of processing

Under the conditions of article 18 of the GDPR, you have the right to demand restriction of processing where one of the conditions stated in article 18 of the GPDR applies.

Right to data portability

Under the conditions of article 20 of the GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit those data to another controller without hindrance from us provided that the other conditions of article 20 of the GDPR are fulfilled.

Right to withdraw any given consent

You have the right to revoke consent for processing personal data given to us with effect for the future at any time. Please send the revocation to the following e-mail address: dataprotection@palmerhargreaves.com

Right to object

Under the conditions of article 21 of the GDPR, you have the right to object at any time the processing of personal data concerning you. If the conditions for an effective objection are met, then we may no longer process your personal data.

Right to lodge a complaint with a supervisory authority

Regardless of any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

11. Forwarding your personal data

Your personal data will be forwarded as described below:  

The website is hosted by a service provider in the U.S.A. If we transfer personal data outside the EEA, we will take appropriate safeguards, in accordance with legal obligations, to ensure that your personal data are adequately protected regardless of the country to which they are transferred. This is necessary to operate the website as well as for constituting, executing and carrying out the existing licence agreement and possible even without your consent.

Your personal data will also be forwarded if we have the right or are obliged to forward data due to legal provisions and/or official or court order. In particular, this may refer to the provision of information for law enforcement, prevention of threats or enforcement of intellectual property rights.

Where your data are forwarded to service providers to the extent required, such service providers will only have access to your personal data to the extent that this is necessary to perform their tasks. These service providers are obliged to treat your personal data according to the applicable data protection laws, including, but not limited to the GDPR.

Other than described above, we, as a rule, do not transmit your data to third parties without your consent. In particular, we do not forward personal data to an international organisation.

Your data will also be transferred outside the EEA for third party services and contents (as described in section 8) if you have actively consented to the transfer via the consent manager of this website (e. g. use of statistic cookies). If we transfer personal data outside the EEA, we will take appropriate safeguards, in accordance with legal obligations, to ensure that your personal data are adequately protected regardless of the country to which they are transferred.

12. Storage period for personal data

As regards the storage period, we delete personal data as soon as their storage is no longer required to fulfil the initial purpose and there are no statutory retention periods. The statutory retention periods are basically the criterion for the final period of storage of personal data. After expiry of this period, the relevant data will be routinely deleted. If there are retention periods, after these periods are expired the processing will be restricted by blocking the data.

13. References and Links

When you visit Internet sites that are referred to from our website, you may again be asked for details, such as name, address, e-mail address, browser features etc. This data protection statement does not lay down the processing, forwarding or handling of personal data by third parties.

Third parties may have diverging and their own rules on handling the collection, processing, and use of personal data. Therefore, we would like to recommend to reading up on how third parties deal with personal data on their websites before entering personal data.

14. Modification of the data protection statement

We continuously further develop our website to offer you a service that is becoming better and better. We will continuously keep this data protection statement up-to-date and revise it accordingly whenever and where this becomes necessary.  

Of course, we will inform you of any changes of this data protection statement in good time. We will do so by sending you an e-mail to the e-mail address you have provided to us. Where it is necessary that you give us further consent for handling your data other than this, we will of course obtain such consent from you before any changes in this regard become effective.

15. Data Protection Officer (DPO)

We have appointed a data protection officer:

Nextwork GmbH
Marco Peters
Sophienstraße 2080333 Munich
Germany
datenschutz@palmerhargreaves.com

Issued: April 2023