Privacy Policy | EverLeaf GmbH As of 30.09.2024

Who we are
The data controller responsible in accordance with the purposes of the General Data Protection Regulation (GDPR) of the European Union and other data protection regulations is:

EverLeaf GmbH
Liebherrstr. 8
80538 München
Deutschland
+49 89262004310
info@everleaf-bpo.com
www.everleaf-bpo.com

How to contact the data protection officer
The designated data protection officer is:

DataCo GmbH
Nymphenburger Str. 86
80636 München
Germany
+49 89 7400 45840
www.dataguard.de

General information on data processing
On this page, we provide you with information regarding the processing of your personal data on our website.

How we collect and use your personal data will depend on how you interact with us or the services you use. We only collect, use or share your personal data where we have a legitimate purpose and a legal basis for doing so.

Legal bases explained:

Consent (Art. 6(1)(a) GDPR) – You have given consent for a specific processing purpose. You may withdraw consent at any time.

Contract (Art. 6(1)(b) GDPR) – Needed to fulfil a contract with you or take steps before entering into one.

Legal Obligation (Art. 6(1)(c) GDPR) – Required to comply with legal obligations.

Vital Interests (Art. 6(1)(d) GDPR) – Necessary to protect someone’s vital interests.

Public Task (Art. 6(1)(e) GDPR) – Necessary for tasks carried out in public interest or set out in law.

Legitimate Interests (Art. 6(1)(f) GDPR) – Needed for our legitimate interests, except where overridden by your own rights.

Data sharing and international transfers
We use service providers to help deliver our services. We share data with them only where necessary and under strict agreements ensuring your data remains protected.

Where personal data is transferred outside the EU, we ensure an equivalent protection level, either through:

• An EU Commission adequacy decision
• Standard Contractual Clauses (SCCs)
• The EU–US Data Privacy Framework

You can request copies of applicable SCCs by contacting us.

Your rights
When your personal data is processed, you are a data subject under the GDPR and have rights including:

Right of access (Art. 15 GDPR)
You may request confirmation and detailed information about your personal data being processed.
Right to rectification (Art. 16 GDPR)
You may request correction of inaccurate or incomplete data.
Right to restriction of processing (Art. 18 GDPR)
You may request limiting processing under specific conditions.
Right to erasure (“Right to be forgotten”) (Art. 17 GDPR)
You may request deletion of your personal data under certain grounds.
Right to data portability
You may receive your personal data in a machine-readable format and transfer it to another controller.
Right to object
You may object to processing based on legitimate interests or for direct marketing.
Right to lodge a complaint
You may lodge a complaint with your local supervisory authority. German authorities list:
https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

Data processing when you load our website

Description and scope
Each visit automatically collects:
• Browser type/version
• Operating system
• Internet service provider
• Date and time
• Referrer website
• Pages accessed
• Device type, session data, clickstream
Purpose
Used to provide and secure the website.
Legal basis
Art. 6(1)(f) GDPR (legitimate interest).
Storage duration
Session data deleted when session ends; logs kept max 7 days.
Rights
This processing is necessary for website operation.

Use of cookies

Description
We use technically necessary and optional cookies. Optional cookies may process:
• IP address
• Location
• Time of website visit
• Ad personalization
• Browsing behavior
• Social media linking
Purpose
Necessary cookies keep the website functional. Optional cookies improve analytics, personalization, and marketing.
Legal basis
Necessary cookies: § 25(2)(2) TDDDG
Optional cookies: Consent (Art. 6(1)(a) GDPR)
Rights
You can withdraw consent anytime at: www.everleaf-bpo.com

Contact via Email
If you contact us by email, we process the data you send solely for handling your request.

Legal basis:
Art. 6(1)(f) GDPR (legitimate interest)
Art. 6(1)(b) GDPR (contract)

Storage:
Data deleted when no longer needed. Transmission data deleted after 7 days.

Contact form
If you use our contact form, we process:
• Email
• Name
• Phone
• Company
• Message
• IP address
• Date & time

Used solely for responding and preventing misuse.

Application via Email and Form
If you apply via our form or email, we process your application data solely for recruitment.

Legal basis:
Art. 6(1)(b) GDPR and § 26 BDSG
Talent pool: Art. 6(1)(a) GDPR (consent)

Storage:
Data stored up to 6 months unless longer required by law.

Corporate web profiles (Instagram, LinkedIn)
We process data from interactions with our social profiles for communication, marketing, and analytics.

Privacy policies:
Instagram: https://privacycenter.instagram.com/policy
LinkedIn: https://de.linkedin.com/legal/privacy-policy

Hosting
Hosted by Webflow, Inc., servers located in Germany.
Server logs collected for security (Art. 6(1)(f) GDPR).

Geotargeting
We use IP address or user-provided location to personalise content to regional audiences.

Integrated third-party services
Essential services run under legitimate interest; optional services require consent.

Google Analytics 4
Used to analyse usage patterns. IP anonymised by default.
Legal basis: Art. 6(1)(a) GDPR (consent)

Google ReCaptcha
Used to prevent automated abuse. Requires consent.

LinkedIn Plugin
Used for social interaction and tracking. Requires consent.

Adobe Fonts
Used for improved text display. Requires consent.

Google Tag Manager
Used to manage scripts and tools. Requires consent.

LinkedIn Analytics
Used to analyse visitor behaviour. Requires consent.

Data Subject Request (DSR) Tool
Allows users to submit GDPR-related requests easily.

This privacy policy was created with the assistance of DataGuard.