Privacy Policy

1. Scope of application

1.1 This information on the collection and further processing of personal data applies to the business activities of the controller (hereinafter also: “we” / “us”):

Pava Partners Germany AG
Theatinerstrasse 7, 80333 Munich
leipzig@pava.eu
+49 341 98 379 0

1.2 This information serves to fulfill the requirements of Art. 13 and 14 of the GDPR (information obligations) for the business activities of the controller, including the associated transactions. This only concerns the data processing processes associated with visiting the websites.

1.3 For content from other providers to which links are provided from our company website, the information on data protection provided there applies. In particular, these providers are responsible for their own content and the data processing carried out there.

1.4 We will provide information on the processing of personal data in connection with the establishment of a contractual or order relationship within the scope of our professional activity and the associated activities outside of this information in due course.

2. Contact details of the data protection officer

For the attention of the Data Protection Officer
privacy@pava.eu
+49 341 98 379 0

3. Purposes for which the personal data are to be processed and legal basis for the processing

Our company websites are for information purposes only and make it easier to contact us.

3.1 Processing of personal data when contacting us

You can contact us via the telephone number, fax number and e-mail address provided on our company website. We collect personal data when you actively contact us, i.e. if you provide your name, address, communication data, etc., this is expressly voluntary on your part as the user. There is no link to the above-mentioned access data. If you contact us by telephone as described above, we may also collect personal data for other purposes that are only communicated to us in the course of the telephone call. If we collect personal data from the call participant/sender via these communication channels and they have not yet been informed about the processing of this data, we will inform you separately if necessary. Your data will be processed to process your request with regard to the implementation of pre-contractual measures, fulfillment of a contract or to protect our legitimate interests or those of a third party. The legal basis for this processing is Art. 6 para. 1b) and Art. 6 para. 1f) GDPR. Our legitimate interest in data processing is the processing of your request, insofar as this is not based on the implementation of pre-contractual measures or the fulfillment of a contract. This processing does not conflict with your legitimate interests, fundamental rights and freedoms, as the data is provided on the basis of your free decision and your rights as a data subject are guaranteed.

3.2 Processing of personal data to fulfill legal obligations

In addition, we process your personal data to fulfill legal obligations such as regulatory requirements, commercial and tax retention obligations. In this case, the legal basis is the respective legal regulations in conjunction with Art. 6 para. 1c) GDPR.

3.3 Processing of personal data for the provision of the cookie consent tool (Borlabs Cookie)

Our website uses the “Borlabs Cookie” tool, which is operated by Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg, Germany, which sets a technically necessary cookie (“Borlabs Cookie”) to store your cookie consent.

The Borlabs cookie does not process any personal data. Instead, it only stores your selected setting for cookie use. This data is not passed on to third parties.
Cookie preferences are stored on the basis of Section 25(2)(2) TDDDG because the storage of information in the end user’s end device (in this case the cookie settings) is absolutely necessary so that we, as the provider of the website, can make this information available to them in accordance with their wishes. This enables us to obtain and document consent for cookies in a legally compliant manner.

Further information on data processing by Borlabs Cookie can be found at https://de.borlabs.io/datenschutz/.

3.4 CRM via Brevo (Sendinblue)

We use the Brevo (Sendinblue) service to send emails, newsletters and other business communications. Brevo is a service of Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

Brevo is used to manage and send our email communications, including newsletters, customer information and other relevant communications.
The processing of your data by Brevo is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR or Art. 6 para. 1 lit. f GDPR in conjunction with § 7 para. 3 UWG.

The following data can be processed via Brevo:

  • Surname, first name
  • E-mail address
  • IP address
  • Email open and click rates (only for newsletters)

Brevo processes the data exclusively in data centers within the EU and is subject to the strict data protection regulations of the GDPR.
Your data will be stored for as long as you wish to receive our emails. You can unsubscribe from the newsletter at any time by using the unsubscribe link in the email to or by contacting us directly. This will not affect the lawfulness of the processing of your personal data up to the time of revocation. You can also object to receiving the newsletter at any time.

Further information on data processing by Brevo can be found in Brevo’s privacy policy: https://www.brevo.com/de/legal/privacypolicy/.

3.5 Cookies and similar technologies

Our website uses cookies and similar technologies to improve user-friendliness and analyze usage.

The tools integrated into the website will only be activated in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 TDDDG, depending on your preference, if you have given your consent to this. You have the right to withdraw your consent at any time. The legality of the processing of your personal data up to the time of revocation remains unaffected by this.

If you do not want cookies to be stored on your device, you can also deactivate this in your browser settings. If you generally exclude the setting of cookies in your settings, it is possible that the website cannot be accessed or is not fully functional when it is accessed.

Personio

The controller collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits relevant application documents to the controller by electronic means, for example by email or via a web form on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant by the controller, the application documents will be automatically erased two months after notification of the rejection decision, provided that no other legitimate interests of the controller stand in the way of erasure. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG) We use the Personio tool to manage and process personnel and applicant data. Personio is a cloud-based software solution from Personio SE & Co KG, Seidlstraße 3 80335 Munich, Germany, which enables efficient personnel management.

When using Personio, personal data such as names, contact details, application documents, working hours and other relevant information are processed. Processing is carried out exclusively on the basis of the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

Purposes of the processing:

  • Management of applications and implementation of application procedures
  • Personnel administration and management
  • Payroll accounting and time recording

Processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR (implementation of pre-contractual measures and fulfillment of the employment contract) and, if applicable, on the basis of Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. c GDPR (legal obligation).

Personal data will only be stored for as long as is necessary for the respective purpose and in compliance with statutory retention periods. Application data will be deleted within [e.g. six months] after completion of the selection process, unless further storage is required (e.g. for later consideration in the talent pool with the consent of the data subject).

Personio acts as a processor in accordance with Art. 28 GDPR. There is a corresponding data processing agreement (DPA) with the provider to ensure the protection of your data. Data will only be transferred to third parties if this is required by law or if you have expressly consented to this.

Further information on data protection at Personio can be found at: https://www.personio.de/datenschutzerklaerung/.

WPML Plugins (WordPress Multilingual)

Our website uses the plugin WPML (WordPress Multilingual Plugin) from OnTheGoSystems Ltd, 22/F 3 Lockhart Road, Wanchai, Hong Kong, to provide multilingual content. WPML makes it possible to display the content of our website in several languages and thus improves accessibility for international users.
WPML uses cookies to save the language selected by the user and to display it automatically on future visits. These cookies do not contain any personal data and are used exclusively for user-friendliness.

WPML is a plugin that is integrated directly into your WordPress system. It works locally within the WordPress installation and does not access external servers (such as WPML/OnTheGoSystems) to perform language switching or cookie management. The cookies set by WPML (such as _icl_current_language) are only used to save the language selected by the visitor. These cookies are set and read exclusively in the user’s browser without being transmitted to WPML servers. WPML does not collect or process any personal data on behalf of the user, but merely provides the functionality.

The legal basis for the use of WPML is Section 25 (2) No. 2 TDDDG in order to provide you as a user with the digital services you have requested.
Further information on data processing by WPML can be found in WPML’s privacy policy at https://wpml.org/de/documentation-3/datenschutzrichtlinie-und-gdpr-konformitaet/.

Google Maps

We link to Google Maps from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland via our website. Google Maps sets a cookie when you select the link to Google Maps on our website and also reads technical data from you (referrer URL, your IP address, etc.). We offer you this service for location localization.

As this service is not operated by us, we refer you to Google’s data protection information. You can find more detailed information in Google’s privacy policy at: https://policies.google.com/privacy?hl=de&gl=de.

LinkedIn

The data controller has integrated a link to the LinkedIn Corporation on this website. LinkedIn is an Internet-based social network that enables users to connect with existing business contacts and make new business contacts.

The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible for data protection matters outside the USA.

Each time our website, which is equipped with a LinkedIn link, is accessed, this link causes the browser used by the data subject to establish a connection to LinkedIn.

If the data subject is logged in to LinkedIn at the same time, LinkedIn sets a cookie each time the data subject visits our website and reads certain technical data (such as the referrer URL, IP address). This information is collected by LinkedIn and assigned by LinkedIn to the respective LinkedIn account of the data subject.

LinkedIn offers the option to unsubscribe from email messages, SMS messages and targeted ads and to manage ad settings at https://www.linkedin.com/psettings/guest-controls. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, which may set cookies. Such cookies can be rejected at https://www.linkedin.com/legal/cookie-policy. For more information, please refer to the applicable LinkedIn privacy policy at https://www.linkedin.com/legal/privacy-policy. LinkedIn’s cookie policy is available at https://www.linkedin.com/legal/cookie-policy.

Xing

The data controller has integrated a link to Xing on this website. Xing is an Internet-based social network that enables users to connect with existing business contacts and to make new business contacts. Individual users can create a personal profile for themselves on Xing. Companies can, for example, create company profiles or publish job offers on Xing.

The operating company of Xing is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.

Each time one of the individual pages of this website is accessed, which is operated by the controller and on which a Xing link has been integrated, the Internet browser on the information technology system of the person concerned is automatically referred to Xing when the respective Xing link is selected.

If the data subject is logged in to Xing at the same time, Xing recognizes which specific subpage of our website the data subject is visiting (referrer URL, IP address) each time the data subject accesses our website and for the entire duration of the respective stay on our website. This information is collected by cookies and assigned by Xing to the respective Xing account of the data subject.

The data protection provisions published by Xing, which can be accessed at https://www.xing.com/privacy, provide information about the collection, processing and use of personal data by Xing.

4. Collection of general data and information

The website of the Pava Partners Germany AG collects a series of general data and information when a data subject or automated system calls up the website. This general data and information is stored in the server log files. The (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites which are accessed via an accessing system on our website can be recorded, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information used for security purposes in the event of attacks on our information technology systems.

When using these general data and information, the Pava Partners Germany AG does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, the Pava Partners Germany AG analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

5. Subscription to our newsletter

On the website of the Pava Partners Germany AG, users are given the opportunity to subscribe to our enterprise’s newsletter. The input mask used for this purpose determines what personal data are transmitted to the controller when the newsletter is ordered.

The Pava Partners Germany AG informs its customers and business partners regularly by means of a newsletter about enterprise offers. The enterprise’s newsletter may only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject registers for the newsletter shipping. For legal reasons, a confirmation e-mail is sent to the e-mail address entered by a data subject for the first time for the newsletter mailing using the double opt-in procedure. This confirmation email is used to check whether the owner of the email address as the data subject has authorized the receipt of the newsletter.
When registering for the newsletter, we also store the IP address assigned by the Internet service provider (ISP) of the computer system used by the data subject at the time of registration, as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of a data subject’s e-mail address at a later date and therefore serves as legal protection for the controller.

The personal data collected as part of a registration for the newsletter is used exclusively for sending our newsletter. Furthermore, subscribers to the newsletter may be informed by e-mail at if this is necessary for the operation of the newsletter service or a registration in this regard, as could be the case in the event of changes to the newsletter offer or changes to the technical circumstances. The personal data collected as part of the newsletter service will not be passed on to third parties. The subscription to our newsletter can be canceled by the data subject at any time. The consent to the storage of personal data, which the data subject has given us for the newsletter dispatch, can be revoked at any time. There is a corresponding link in every newsletter for the purpose of revoking consent. It is also possible to unsubscribe from the newsletter at any time directly on the controller’s website or to inform the controller of this in another way.

6. Newsletter tracking

The newsletters of Pava Partners Germany AG contain so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in e-mails that are sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns to be carried out. Based on the embedded tracking pixel, the Pava Partners Germany AG may see if and when an e-mail was opened by an anonymous data subject, and which links in the e-mail were called up by data subjects.

Such anonymous data collected via the tracking pixels contained in the newsletters are stored and evaluated by the controller in order to optimize the newsletter dispatch and to adapt the content of future newsletters even better to the interests of the subscribers. This anonymous data is not passed on to third parties.

7. Contact options via the website

The website of the Pava Partners Germany AG contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller at by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the controller are stored for the purposes of processing or contacting the data subject. This personal data is not passed on to third parties.

8. Recipients or categories of recipients of the personal data

8.1 The personal data of the data subject will only be disclosed or transferred to third parties in cases other than those described in this information if:

  • the disclosure is permitted by law and is necessary for the preparation or execution of contractual relationships in accordance with Art. 6 para. 1 sentence 1 letter b GDPR, or the data subject has given their express consent in accordance with Art. 6 para. 1 sentence 1 letter a GDPR,
  • the disclosure pursuant to Art. 6 para. 1 sentence 1 letter f GDPR is necessary for the establishment, exercise or defense of legal claims and there is no reason to assume that the data subject has an overriding legitimate interest in the non-disclosure of their data, or
  • there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 letter c GDPR.

8.2 Within our company, those persons who need the data of the data subject to fulfill our contractual and legal obligations will have access to the data. Processors and service providers (in particular for IT systems and document destruction) that we may use may also receive data for these purposes if they comply with our instructions under data protection law. We use processors in particular for our IT services and for document destruction.

8.3 As part of the web hosting of our company websites, we use our web host as a processor and have concluded an order processing contract with them.

9. Intended transfer to a third country

9.1 The processing of personal data on or via our company websites takes place on servers located in Germany.

9.2 In principle, there is no intention to transfer personal data to a third country (a country outside the European Union or the European Economic Area).

10. Storage period

10.1 We store the personal data collected by us for as long as is necessary for our purposes or for as long as the data subject has consented to further storage in accordance with the provisions of the GDPR.

10.2 In the provisions of this data protection information, we have already provided information at various points on the storage period or the criteria for determining this period for specific areas.

10.3 The personal data collected for the purposes of a contract will also be stored until the expiry of the statutory retention obligations applicable to our activities. They will then be deleted unless processing is still necessary to fulfill a legal obligation to which we are subject.

10.4 The personal data collected by us for the order / contract will be stored until the expiry of the statutory retention obligations (8 years after the end of the calendar year in which the contract was terminated) and then deleted, unless we are obliged under Article 6 para. 1 sentence 1 lit. 1 lit. c GDPR due to tax and commercial law storage and documentation obligations (from HGB, StGB or AO) or the customers have consented to further storage in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

10.5 The relevant retention and documentation obligations under tax and commercial law provide for a retention period of six and eight years respectively for the commercial documents referred to in Sections 238 and 257 of the German Commercial Code . Section 147 of the German Fiscal Code contains corresponding provisions for the retention of the documents mentioned therein.

10.6 The expiry of the retention period does not automatically result in a deletion obligation, as there may still be a legitimate interest in archiving, e.g. in order to be able to provide information in the event of legal disputes.

11. Rights of data subjects

The person affected by data processing has the right to

  • in accordance with Art. 15 GDPR, to request information about the processing of personal data with the information from Art. 15 (1) and (2) GDPR,
  • in accordance with Art. 16 GDPR, to request the rectification of inaccurate personal data concerning you,
  • in accordance with Art. 17 GDPR, to demand that personal data concerning them be deleted immediately and we are obliged to delete personal data immediately if one of the reasons stated in the regulation applies,
  • in accordance with Art. 18 GDPR, to demand restricted processing if one of the reasons stated in the provision applies,
  • pursuant to Art. 21 GDPR to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, where the processing is based on our legitimate interests. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims,
  • in accordance with Art. 20 GDPR, to receive the personal data concerning him or her, which he or she has provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us, where the processing is based on consent or on a contract and the processing is carried out by automated means.
12. Right to object on a case-by-case basis when balancing interests

12.1 Data subjects have the right to object to the processing of their personal data on grounds relating to their particular situation.
The prerequisite for this is that the data processing is carried out on the basis of our balancing of interests in accordance with Art. 6 para. 1 letter f GDPR.

12.2 These cases are described in this data protection information.

In the event of an objection, we will no longer process the personal data. Unless we can demonstrate compelling legitimate grounds for the processing of such data which override the interests, rights and freedoms of the data subject. This is also the case if the personal data is used for the establishment, exercise or defense of legal claims.

12.3 The objection can be made informally with the subject “Objection”, stating the name, address and date of birth of the person concerned, and should be addressed to:

Pava Partners Germany AG
Theatinerstraße 7, 80333 Munich, Germany
leipzig@pava.eu

+49 341 98 379 0

13. Right to lodge a complaint

Data subjects have the right to complain to a supervisory authority about us with regard to our handling of their personal data.

14. Obligation to provide data

The user is under no obligation to provide us with data when using our company website.

15. Data security / e-mail

To protect communication with us via our company websites, we use the widespread SSL (Secure Socket Layer) procedure.

16. Amendment of this data protection information

This general data protection information does not require the consent of the data subjects and is subject to regular review with regard to any need for amendment.

The previous version will be archived by us if it is replaced by a new version.

Version from 07.05.2025

Please note that only the German version of this privacy policy is legally binding.