Privacy Policy of
Jebagro GmbH

Effective Date: 01.02.2024

The provisions of the EU General Data Protection Regulation (hereinafter GDPR) apply throughout Europe. We would like to inform you about the processing of personal data by our company in accordance with this regulation (see Articles 13 and 14 GDPR). If you have any questions or comments regarding this privacy policy, you can address them to the following email address at any time: info@jj-jebagro.com

Table of Contents:

I. Overview
1. Scope
2. Controller
3. Data Protection Officer
4. Data Security
II. Details of Data Processing
1. Accessing Services
2. Privacy Notice for Applicants
3. Contacting Us
4. Cookies
5. Transfer to Government Authorities
6. Retention Period
III. Rights of Data Subjects
1. Right to Object
2. Right of Access
3. Right to Rectification
4. Right to Erasure (“Right to be Forgotten”)
5. Right to Restrict Processing
6. Right to Data Portability
7. Right to Withdraw Consent
8. Right to Lodge a Complaint
IV. Changes to this Privacy Policy

I. Overview

This section of the privacy policy provides information on the scope, the data controller, its data protection officer, and data security.

1. Scope

This privacy policy applies to the following offerings:

Our online offer, accessible at https://jj-jebagro.com/.

Other offerings (e.g., websites, subdomains, mobile applications, web services (including integrations into third-party sites)), insofar as they expressly refer to this privacy policy, regardless of the medium;

Direct communication with you. All these offerings are collectively referred to as "Services."

2. Data Controller

The data controller – the entity that decides on the purposes and means of processing personal data – in connection with the Services is: Jebagro GmbH, Rödingsmarkt 16, 20459 Hamburg, Germany.

Email: info@jj-jebagro.com

3. Data Protection Officer

You can contact our data protection officer as follows:

Contact Form: anfragen@dsextern.de DS EXTERN GmbH

Dipl.-Kfm. Marc Althaus

Frapanweg 22

D-22589 Hamburg

II. Data Processing Details

In this section of the privacy policy, we provide detailed information about the processing of personal data within the scope of our services. For better clarity, we structure this information according to specific functionalities of our services. When using the services, various functionalities and therefore different types of processing may apply sequentially or simultaneously.

1. Accessing the Services

This section describes how we process your personal data when you access our services. Each time you access our services, we automatically collect a range of information to display the services correctly on the respective device and to detect unusual activities or errors in our services. This enables us to optimize our services and, in the event of a cyberattack, provide law enforcement authorities with the information required for prosecution.

The access data collected includes:

• Date and time of access to our service;

• The website from which the accessing system reaches our service (referrer URL);

• Subpages accessed by you;

• Data for session identification (session ID);

• Information about the accessing computer system: used Internet Protocol address (IP address), browser type and version, device type, operating system, and similar technical information.

This general data and information are stored in the server log files. The data in the server log files is stored separately from all other personal data (as detailed in the following sections).

The legal basis for this data processing is Article 6(1) sentence 1(b) GDPR, as we need the access data to provide the services you have accessed, and Article 6(1) sentence 1(f) GDPR, as the processing serves our legitimate interest in offering the services, displaying them correctly on your device, and ensuring their functionality and security. A secure and uninterrupted access to our services is in your interest, so your confidentiality interests do not outweigh our interests in this regard. You can object to data processing based on legitimate interests at any time (see Section III, Number 1), but you will no longer be able to use our services as the processing is technically essential to display them to you. In some cases, our data processing is carried out with the assistance of hosting service providers who provide us with storage space and processing capacities in their data centers and process personal data (access data) on our behalf following our instructions. IT security service providers also have access to access data as necessary. All these service providers are processors acting according to our instructions, with whom we have concluded a processing agreement (Article 28 GDPR). These service providers process data either exclusively within the EU or in a region with an adequate level of data protection within the meaning of Article 45 GDPR, or we have ensured an adequate level of data protection through the EU standard contractual clauses according to Article 46 GDPR.

2. Privacy Notices for Applicants

If you access the career portal through our services, you will find separate privacy notices that apply to the career portal. If you apply to us through other means, we will inform you separately about the applicable data protection regulations.

3. Contact

When you contact us via the contact form on our website or through other means (e.g., by email or phone), we process the data you provide to handle your request. This may include:

• Name;

• Company;

• Email address;

• Phone number;

• Address;

• Information about your business activities;

• Your request.

This processing is based on Article 6(1)(b) GDPR if you are a party to a contract with us and your request relates to its fulfillment or your request is intended to initiate pre-contractual measures. In all other cases, it is based on Article 6(1)(f) GDPR, as we have a legitimate interest in reviewing and responding to the information and inquiries you provide, and due to your voluntary use of the contact function, your interest in the confidentiality of your personal data does not outweigh ours. You can object to data processing based on legitimate interests at any time (see Section III, Number 1). We delete your information as soon as the processing purpose is fulfilled and we are not legally obligated to retain it.

4. Cookies

We also use cookies in our services. Cookies are small text files that are stored on your device via a web browser. This can be done either permanently (persistent cookies) or temporarily for the duration of a session (session cookies). Session cookies are automatically deleted after your visit ends. Persistent cookies remain on your device until you delete them yourself or your web browser performs an automatic deletion. Many cookies contain a unique identifier (cookie ID) that allows services to recognize a specific browser that accesses them. This enables the service to be tailored to the individual usage of the respective browser.

To consent to the use of cookies generally, to decline them, or to set individual preferences, please use the consent management tool that is displayed at the beginning of your website visit and is permanently available by clicking the button displayed at the bottom of the screen. Please note that your selection is usually saved via cookies. If you use our services on a new device or in a different browser, or if you have deleted the cookies set by your browser, you will need to make your selection again. Independently of the consent management tool, you can also set your browser to inform you about the setting of cookies, to allow cookies only in individual cases, to accept only certain cookies or none at all, or to automatically delete cookies when closing the browser. Furthermore, cookies that have already been set can be deleted at any time via your browser or other software programs. This is possible in all common web browsers. If you disable the setting of cookies in the web browser you use, not all functions of our services may be fully usable.

a. Purposes of Processing

Analyzing user behavior through cookies helps us to check the effectiveness of our services, optimize them, and adapt them to the needs of users, as well as to fix errors. Additionally, it serves to statistically determine key metrics regarding the use of our services (reach, usage intensity, user browsing behavior) based on standardized procedures, thus obtaining values comparable across the market. In connection with advertising campaigns, cookies can measure their success and help us and our advertising partners to optimize ads for the future. The purpose of this is to display advertising tailored to users' interests, increase the effectiveness of the advertising, and thereby also increase advertising revenue.

b. Legal Basis for Processing

The legal basis for setting and reading the cookies that are technically necessary for providing our services is either a legal obligation (Art. 6 para. 1 lit. c GDPR) or our legitimate interest in providing our services, Art. 6 para. 1 lit. f GDPR. Your interests do not conflict with this, as you use our services voluntarily. The legal basis for processing personal data through all other cookies is your consent according to Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTSG. You can withdraw your consent at any time with future effect (see Section III, point 7 for details).

c. Services and Tools

CookieFirst (Cookie Consent Management Tool)

To obtain and properly document your valid consent to the use and storage of cookies in the browser you use to access our services, we use a consent management platform: CookieFirst. This technology is provided by Digital Data Solutions BV, Plantage Middenlaan 42a, 1018 DH, Amsterdam, Netherlands ("CookieFirst"). Website: https://cookiefirst.com. When you access our services, a connection is established with the CookieFirst server to enable us to obtain valid consent from you for the use of certain cookies. CookieFirst then stores a cookie in your browser to only activate the cookies you have consented to and to properly document this. The processed data is stored until the specified storage period expires or you request the deletion of the data. Deviating statutory retention periods may apply.

CookieFirst serves to obtain the legally required consent for the use of cookies. The legal basis for this is Article 6 para. 1 lit. c GDPR in conjunction with § 25 para. 2 TDDDG. We have concluded a data processing agreement with CookieFirst pursuant to Art. 28 GDPR. This is a data protection contract that ensures the data of our visitors is processed only according to our instructions and in compliance with the GDPR.

Our services and CookieFirst automatically collect and store information in so-called server log files, which your browser automatically transmits to us. The following data is collected:

• Your consent status or revocation of consent;

• Your anonymized IP address;

• Information about your browser;

• Information about your device;

• The date and time of your visit to our services;

• The URL of the website where you saved or updated your consent declaration;

• Your approximate location;

• A universally unique user identifier (UUID).

Information about the cookies we use in our services can be accessed at any time via the fingerprint icon, where you can manage your consents.

Google Analytics

We use the Google Analytics component (with anonymization function) provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), in our services. Google Analytics is a web analytics service that collects, gathers, and evaluates data about the behavior of visitors to our services. As part of this reach analysis, the following data is processed: the browser type and version you use, your operating system, your country of origin, the date and time of the server request, the number of visits, your time spent on the website, and the external links you click. The IP address of the users is anonymized before it is stored, which usually happens within the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google LLC server in the USA and shortened there. According to Google, the transmitted IP address is not merged with other data.

Google Analytics uses cookies that are stored on the users' computers, allowing an analysis of the use of our online services by the users. Pseudonymous usage profiles of users can be created from the processed data.

Users can object to data processing by Google Analytics at any time with effect for the future by installing the browser add-on provided by Google: https://tools.google.com/dlpage/gaoptout.

The information generated by the cookie and transmitted about your use of this website is deleted after a maximum of 14 months. The cookies themselves expire after a maximum of 2 years.

The legal basis for this processing is Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG.

We have concluded a data processing agreement with Google in accordance with Art. 28 GDPR. This is a data protection contract that ensures the data of our services' visitors is processed only according to our instructions and in compliance with the GDPR. Insofar as Google exceptionally processes the data outside the EEA, an adequate level of data protection is ensured through adequacy decisions or standard contractual clauses.

Vimeo (Do-Not-Track)

We have partially integrated video content in our services via the video player of Vimeo.com, Inc., 330 West 34th Street, 10th Floor, New York, NY 10001, USA ("Vimeo"). When you access a subpage with an embedded video, a connection to Vimeo's servers is established to display the video to you. In the process, we transmit certain information to Vimeo, particularly a unique identifier that allows conclusions to be drawn about your usage behavior of the services, information about the security and stability of the services, and information on whether the user of the services is a bot or a human. This data processing is based on our legitimate interest in displaying the video, Art. 6 para. 1 lit. f GDPR, which outweighs your interest in the non-processing of your personal data to that extent. Your personal data enjoys an adequate level of protection at Vimeo under Art. 45 GDPR, as Vimeo is certified under the EU-US Data Privacy Framework. In the Do-Not-Track variant implemented by us, Vimeo does not set cookies on your device. For more information on Vimeo's data processing, please see https://vimeo.com/privacy.

SociableKIT LinkedIn Feed Widget

We use the SociableKIT LinkedIn Widget from Codalify Software Development, 1110 Eastwood Ave, Quezon City, Metro Manila, Philippines. The widget allows embedding the content of our LinkedIn channel on the "News" subpage of our website. This aims to inform website visitors and connect them with our LinkedIn channel. SociableKIT retrieves and stores the content of our LinkedIn feed to display it on our website. If you have given your consent, LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland) sets the same cookies on your device as if you had accessed the LinkedIn website directly. Using this service may result in data being transferred to a third country (USA). It cannot be ruled out that personal data may be transferred to and processed in the USA. LinkedIn is committed to complying with the EU Standard Contractual Clauses, thus providing a guarantee to adhere to European data protection law. More information can be found in the provider's privacy policy at the following URL: LinkedIn Privacy Policy. Each time one of our pages containing LinkedIn features is accessed, a connection is made to LinkedIn's servers, informing LinkedIn which of our pages you have visited. If you are logged into your LinkedIn account, LinkedIn can associate your visit to our pages with your user account. The data processing is based on the legal basis of consent (Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDG).

Microsoft Clarity

We use the Microsoft Clarity component (with anonymization function) from Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, in our services. Microsoft Clarity is a web analytics service. Web analytics involves collecting, gathering, and evaluating data about the behavior of visitors to the services. The following data is processed: access times, IP addresses, cursor movements, and scroll movements.

To recognize users of the services, Microsoft Clarity sets cookies on the users' computers. The information generated and transmitted by the cookie about your use of the services is deleted no later than twelve months after collection. The cookies themselves expire no later than one year after being set.

The legal basis for processing is your consent (Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDG).

We have concluded a data processing agreement with Microsoft in accordance with Art. 28 GDPR. This is a data protection contract that ensures that the data of visitors to our services is processed only in accordance with our instructions and in compliance with the GDPR.

To the extent that Microsoft exceptionally processes data outside the EEA, an adequate level of data protection is ensured through adequacy decisions or standard contractual clauses.

5. Transfer to Government Authorities

We transfer personal data to government authorities (including law enforcement agencies) if it is necessary to fulfill a legal obligation to which we are subject (legal basis: Art. 6 para. 1 lit. c GDPR) or if it is necessary for the establishment, exercise, or defense of legal claims and your interest in non-processing does not override this (legal basis: Art. 6 para. 1 lit. f GDPR).

6. Retention Period

We do not retain your data longer than necessary for the respective processing purposes. They are regularly deleted unless their temporary retention is still necessary. Reasons for this can include:

• Fulfillment of commercial and tax law retention obligations

• Preservation of evidence for legal disputes within the framework of statutory limitation provisions

III. Rights of Data Subjects

1. Right to Object

Under the conditions of Art. 21 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions. If the conditions are met, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

2. Right to Information

You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and other information as outlined in Art. 15 GDPR.

3. Right to Rectification

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

4. Right to Erasure ("Right to be Forgotten")

You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds specified in Art. 17(1) GDPR applies and the processing is not necessary for one of the purposes set out in Art. 17(3) GDPR.

5. Right to Restriction of Processing

You have the right to obtain from us restriction of processing where one of the conditions specified in Art. 18(1)(a) to (d) GDPR applies.

6. Right to Data Portability

Under the conditions of Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us, where technically feasible. This right applies where the processing is based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, and the processing is carried out by automated means.

7. Right to Withdraw Consent

If the processing is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

8. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR. For us, the competent supervisory authority is the Hamburg Commissioner for Data Protection and Freedom of Information, Ludwig-Erhard-Str. 22, 20459 Hamburg, Tel. +4940 428 54 4040, Email: mailbox@datenschutz.hamburg.de.

IV. Amendment of this Privacy Policy

We reserve the right to amend this privacy policy to reflect updates in our processes. Please visit this page regularly to review the current privacy policy. This privacy policy was last updated on July 8, 2024.

Jebsen & Jessen Jebagro
Jebagro GmbH
Rödingsmarkt 16,
DE-20459 Hamburg