ElevateX
For Clients
Our Expertise
  • Software Development
  • Engineering
  • Project Management
  • Artificial Intelligence
  • Enterprise Consulting
  • Design
  • Big Data
  • Product Management
Our Services
  • Freelancers
  • Engineering Services
  • IT Staffing
  • IT Outsourcing
  • IT Services
  • Workforce Management
  • Employee Leasing
  • Sourcing
For Freelancers
Apply Now Join our freelancer network Top Projects Browse current opportunities CV Review Service Get professional CV feedback
Learn
Blog Tech insights & industry trends Freelancing Guide How to work with freelancers Podcast ElevateX Podcast Newsletter Stay up to date Resources & Downloads Guides, whitepapers & more Freelancing Glossary Key terms explained
About Us
DE Hire Freelancers
For Clients
Our Expertise → Software Development Engineering Project Management Artificial Intelligence Enterprise Consulting Design Big Data Product Management
Our Services → Freelancers Engineering Services IT Staffing IT Outsourcing IT Services Workforce Management Employee Leasing Sourcing
For Freelancers
Apply Now Top Projects CV Review Service
Learn
Blog Freelancing Guide Podcast Newsletter Resources & Downloads Freelancing Glossary
About Us
Hire Freelancers Auf Deutsch wechseln

Privacy Policy

We manage our websites according to the principles regulated below:

We undertake to comply with the statutory provisions on data protection and endeavor to always take into account the principles of data avoidance and data minimization.

1. Name and address of the controller and the data protection officer

a) Controller

Controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states of the European Union as well as other data protection regulations is:

ElevateX GmbH
Fliederstraße 32
73066 Uhingen

Phone: +49 7161 304650
Mail: datenschutz@elevatex.de
Website: www.elevatex.de

b) Data protection officer

You can reach the data protection officer of the data controller as follows:

SiDIT GmbH, www.sidit.de, e-mail: info@sidit.de

2. Explanation of terms

We have designed our privacy policy according to the principles of clarity and transparency. However, if there are any ambiguities regarding the use of various terms, the relevant definitions can be found here.

3. Legal basis for the processing of data

a) Processing of personal data under the GDPR

We process your personal data such as your name and first name, your e-mail address and IP address, etc. only if there is a legal basis for doing so. Here, the following regulations, in particular, come into consideration according to the General Data Protection Regulation:

  • Art. 6 para. 1 sentence 1 lit. a GDPR: The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
  • Art. 6 para. 1 sentence 1 lit. b GDPR: The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Art. 6 para. 1 sentence 1 lit. c GDPR: Processing is necessary for compliance with a legal obligation to which the controller is subject
  • Art. 6 para. 1 sentence 1 lit. d GDPR: Processing is necessary in order to protect the vital interests of the data subject or of another natural person
  • Art. 6 para. 1 sentence 1 lit. e GDPR: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • Art. 6 para. 1 sentence 1 lit. f GDPR: Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child

However, we will always refer you to the legal basis on which your personal data is processed at the respective places in this privacy policy.

b) Consent of the legal guardian under Art. 8 para. 1 sentence 2 alt. 2 GDPR

A legal guardian must consent to all data processing within the scope of this website for which the consent of a minor who has not yet reached the age of 16 is required.

Information on the individual data processing operations, their purposes and the data categories concerned for which the data subject’s consent is required can be found in the privacy policy.

You can revoke your consent at any time by sending a declaration of revocation in text form to the contact details of the controller. Processing carried out until revocation remains lawful.

c) Processing of information under Section 25 (1) TDDDG

We also process information pursuant to Section 25 (1) TDDDG by storing information on your terminal equipment or accessing information that is already stored on your terminal equipment. This may concern both personal information and non-personal data, e.g. cookies, browser fingerprints, advertising IDs, MAC addresses and IMEI numbers. Terminal equipment is any equipment connected directly or indirectly to the interface of a public telecommunications network for sending, processing or receiving messages, Section 2 (2) no. 6 TDDDG.

As a rule, we process this information on the basis of your consent, Section 25 (1) TDDDG.

If an exception under Section 25 (2) no. 1 and no. 2 TDDDG applies, we do not require consent. Such an exception applies if we exclusively access or store information for the sole purpose of carrying out the transmission of a message over a public telecommunications network, or if this is strictly necessary in order to provide a telemedia service expressly requested by you. You can revoke your consent at any time.

We inform you that the revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

4. Transfer of personal data

The transfer of personal data is also processed within the meaning of the previous item 3. However, at this point, we would like to inform you again about the topic of transfer to third parties. The protection of your personal data is very important to us. For this reason, we are particularly careful when it comes to passing on your data to third parties.

Therefore, data is only passed on to third parties if there is a legal basis for the processing. For example, we disclose personal data to persons or companies that act as processors for us pursuant to Art. 28 GDPR. A processor is anyone who processes personal data on our behalf, i.e. instructed and controlled by us

In accordance with the requirements of the GDPR, we conclude a contract with each of our data processors to bind them to data protection regulations and thus provide your data with comprehensive protection.

5. Storage period and erasure

We will erase your personal data if it is no longer necessary for the purposes for which it was collected or otherwise processed, and the processing is not necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.

6. SSL / TLS encryption

For security reasons and to protect the transmission of confidential content, such as requests that you send to us as the website operator, this website uses SSL / TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL / TLS encryption is activated, the data you transmit to us cannot be read by third parties.

7. Use of AI systems (artificial intelligence)

To optimize our processes and improve your personalized visitor experience on our website, your personal data may be processed using artificial intelligence (AI) technologies. The AI is used in particular to:

  • carry out data analyses,
  • generate forecasts,
  • close security gaps,
  • and make routine operations more efficient.

The AI used operates in accordance with the principles of the GDPR. Any decisions that have legal or similar effects on you are not made solely by the AI, but are supplemented by human intervention.

8. Cookies

We use cookies on our website. Cookies are small data packages that your browser automatically creates and that are stored on your terminal device when you visit our website. These cookies are used to store information in connection with the respective terminal device used.

When using cookies, a distinction is made between technically necessary cookies and “other” cookies. Technically necessary cookies are those that are strictly necessary in order to provide a service of the information society expressly requested by you.

a) Technically necessary cookies

To make the use of our offer more pleasant for you, we use technically necessary cookies. These may be so-called session cookies (e.g. language and font selection, shopping cart, etc.), consent cookies, cookies to ensure server stability and security or similar. The legal basis for the cookies results from Art. 6 para. 1 sentence 1 lit. f) GDPR, our legitimate interest in the error-free operation of the website and the interest in providing you with our services in an optimized manner.

b) Other cookies

The other cookies include cookies for statistical, analytical and marketing purposes.

We use these cookies on the basis of your consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR.

You can revoke your consent to the use of cookies at any time.

We inform you that the revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

To do so, you can either edit your cookie settings on our website, deactivate the use of cookies in your browser settings (although this may also restrict the functionality of the online offer) or set an opt-out for the respective service in individual cases.

We inform you of the legal basis on which this data is processed for the respective services within the privacy policy.

9. Consent banner / consent management

To obtain consent for the cookies we use, we use our own consent banner. This banner itself sets a so-called consent cookie in order to query and process the respective consent status. This consent cookie is technically necessary and is therefore used on the basis of our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, Section 25 (1) TDDDG.

For the use of some services of the Google/Alphabet group, we use the so-called Google Consent Mode V2 in Advanced Mode. You can find details on this consent mode on Google’s page at https://developers.google.com/tag-platform/security/guides/consent?hl=de&consentmode=advanced and with the Google services concerned.

The use of Consent Mode is technically necessary and is therefore used on the basis of our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

10. Collection and storage of personal data as well as the nature and purpose of its use

a) External hosting

Our website is hosted by Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA. For this reason, all personal data collected on our website is stored on the servers of our hoster, unless an external service of a third party is integrated. This may concern the IP address, your e-mail address, communication data or similar. You will find out which specific personal data this concerns below in connection with the individual functions and services we explain. If we use an external service of a third party, this is made clear in the description of the respective service or tool.

The hoster processes your data only on our instructions and insofar as this is necessary for the performance of the services on the website. We have concluded a data processing agreement with Cloudflare.

b) When visiting the website

When you access our website, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:

  • IP address of the requesting computer
  • date and time of access
  • name and URL of the retrieved file
  • website from which access is made (referrer URL)
  • the browser used and, if applicable, the operating system of your computer as well as the name of your access provider

We process the aforementioned data for the following purposes:

  • ensuring a smooth connection setup of the website
  • evaluating system security and stability
  • error analysis
  • for further administrative purposes

Data that allows conclusions to be drawn about your person, such as the IP address, is deleted after 7 days at the latest. If we store the data beyond this period, this data is pseudonymized so that it can no longer be assigned to you.

The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.

c) Cloudflare

On our website we use a so-called Content Delivery Network (“CDN”) as well as the web firewall to ward off DDoS attacks of the technology service provider Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA (“Cloudflare”).

For this purpose, Cloudflare may process IP addresses, information regarding the routing of data traffic as well as the system configuration and other information about the traffic that is intended for or originates from websites.

For the CDN, the information transfer between the browser and our server is technically routed via the Cloudflare network so that we can optimize the loading speeds of our website. The web firewall is intended to prevent fraudulent transactions, unauthorized access to the services and other illegal activities.

The processing is carried out pursuant to Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the secure and efficient provision, as well as the improvement of the stability and functionality of our website.

We have concluded a data processing agreement with Cloudflare.

You can find further information in Cloudflare’s privacy policy at: https://www.cloudflare.com/privacypolicy/

d) Newsletter

Content of the newsletter and registration data

The sending of our newsletter as well as the performance of statistical surveys and analyses and the logging of the registration process only takes place if you order it from us and have given your corresponding consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, Section 25 (1) TDDDG.

The contents of the newsletter are specifically described when registering for the newsletter. To register for the newsletter, it is sufficient to provide your e-mail address. If you provide further voluntary information such as your name and/or gender, this is used exclusively for the personalization of the newsletter addressed to you.

Registration and logging

We use the single opt-in procedure for registering for our newsletter. Your registration takes effect immediately upon submission of the registration form.

To document your consent, your registration is logged. The logging includes the storage of the registration time, the data you provide and your IP address. If you make changes to your data, these changes are also logged.

Revocation

If you no longer wish to receive our newsletter, you can revoke your consent at any time for the future. To do so, you can click on the link to unsubscribe from the newsletter at the end of each newsletter or send us an e-mail to the following e-mail address: datenschutz@elevatex.de.

The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

Use of Brevo

We use the e-mail tool Brevo of Brevo GmbH, Köpenickerstr. 126, 10179 Berlin, to send our newsletter.

For this purpose, the data you provide is passed on to Brevo and processed there. This tool gives us the option of evaluating how the newsletters are opened and used.

Brevo is a German company whose servers are located in Germany.

We have also concluded a data processing agreement with Brevo. Brevo does not acquire any right to pass on your data.

You can find further information on data protection at sendinblue/Brevo at: https://www.brevo.com/de/legal/privacypolicy/

e) Contact form

We provide a form on our website so that you have the option of contacting us at any time. To use the contact form, it is necessary to provide a name for a personal salutation and a valid e-mail address for contacting you, so that we know who the request comes from and can also process it.

If you send us requests via the contact form, your details from the request form including the contact data you provide there as well as your IP address are processed pursuant to Art. 6 para. 1 sentence 1 lit. b and f GDPR to carry out pre-contractual measures taken in response to your request or to safeguard our legitimate interest, namely to exercise our business activity.

The requests and the associated data are deleted no later than 3 months after receipt, unless they are required for a further contractual relationship.

f) Freelancer application form

On our website, we offer freelancers the opportunity to apply for the ElevateX Freelancer Community. As a member of the community, freelancers have the opportunity to accept project assignments from companies and offer their services.

To submit an application, it is necessary to provide a name and a valid e-mail address so that we know who the application comes from and can process it. In addition, it is necessary to provide the skills offered and to upload a current CV.
You may also voluntarily provide your telephone number, your LinkedIn profile URL, your website URL and a cover letter; this information is not strictly necessary for processing your application.

If you send us an application via the freelancer application form, your details from the application form as well as your IP address are processed pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR to carry out pre-contractual measures taken in response to your request. In the course of any selection interview, further voluntary information may also be processed to review admission to the community.

If your uploaded CV contains special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g. a photo, information about your nationality, your state of health or your religious affiliation), this is processed exclusively on the basis of your explicit consent pursuant to Art. 9 para. 2 lit. a GDPR, which you grant by uploading and explicitly submitting your application documents. The provision of such data is not required. We recommend that you remove this information from your CV before uploading it, insofar as it is not necessary for assessing your qualifications. You can revoke consent once given at any time with effect for the future (Art. 7 para. 3 GDPR), without this affecting the lawfulness of the processing carried out until revocation. To do so, please contact the contact address named in this privacy policy.

The data is used exclusively to review your application and, if applicable, to admit you to the ElevateX Freelancer Community.

As soon as you submit the form, your application documents are transmitted to HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin, Germany and stored and managed in our CRM system (Customer Relationship Management). HubSpot Germany GmbH is our processor in this context pursuant to Art. 28 GDPR and processes your data exclusively on our instructions; a corresponding data processing agreement has been concluded. Since HubSpot’s technical infrastructure also includes servers in the USA, a transfer of your data to the USA is possible. This transfer is safeguarded by the conclusion of EU standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR as well as by the certification of HubSpot, Inc. under the EU-US Data Privacy Framework pursuant to Art. 45 para. 1 GDPR. You can find further information on data protection at HubSpot at https://legal.hubspot.com/privacy-policy.

If your application is rejected, the data collected during the application process is deleted no later than 6 months after notification of the rejection. If you are admitted to the community, the necessary data is stored for the duration of the further contractual cooperation.

g) Google Tag Manager

We use the Google Tag Manager of Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) on our website. The Google Tag Manager is an administration and management tool in which other tracking and/or statistics tools can be centrally managed and played out.

When you visit our website, the Google Tag Manager collects and processes your IP address, which may also be transmitted to the USA. However, the Google Tag Manager does not itself create a user profile or any analyses.

The use of the Google Tag Manager is based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.

We have concluded a data processing agreement with Google.

You can find the Google privacy policy here.

h) Use of Google reCAPTCHA

On our websites, we use the reCAPTCHA service of the company Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) for the contact form and freelancer application form in order to be able to distinguish input by a human from automated, abusive, machine processing.

In the course of using reCAPTCHA, the following data is processed:

  • your IP address
  • device and browser information
  • interaction data (for example mouse movements and clicks). In addition, cookies (e.g. the _GRECAPTCHA cookie) or other technologies may be used.

A transfer of the personal data to Google LLC in the USA is possible. Google LLC is certified under the EU-U.S. Data Privacy Framework. Where necessary, transfers are additionally safeguarded by standard contractual clauses.

We have concluded a data processing agreement with Google.

You can find further information on Google’s data protection guidelines at: https://policies.google.com/privacy?hl=de

Through the integration of reCAPTCHA, the Google Fonts of Google are also dynamically reloaded, without you being able to actively determine this as a website operator or visitor. The integration of these web fonts takes place via a server call, usually a Google server in the USA. As a result, the following may be transmitted to the server and stored by Google:

  • name and version of the browser used
  • website from which the request was triggered (referrer URL)
  • operating system of your computer
  • screen resolution of your computer
  • IP address of the requesting computer
  • language settings of the browser or operating system used by the user

You can find more detailed information in Google’s data protection notices, which you can access here.

The use of Google reCAPTCHA is based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time.

i) jQuery

We use the JavaScript library jQuery of The OpenJS Foundation, 548 Market St. PMB 57274, San Francisco, CA 94104, USA, on our website. This is a collection of JavaScript programs and routines that offer versatile solutions for problems.

The JavaScript routines are provided via a connection to servers in the USA and downloaded from there.

Accordingly, it cannot be ruled out that the IP address of our website visitors is processed by jQuery.

The use of jQuery is based on our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR, in order to ensure the functionality of the website and to be able to restore it as quickly and easily as possible in the event of a problem.

We have concluded a data processing agreement or the SCC with jQuery.

You can find further information on data protection at jQuery at:
https://images.prismic.io/openjsf/ba00b254-685f-4e54-b1ca-17984b0f3e55_OpenJS-Foundation-Privacy-Policy-2019-11-15.pdf

11. Analysis and tracking tools

We use the analysis and tracking tools listed below on our website. These serve to ensure the continuous optimization of our website and to design it to meet your needs.

We use these tools on the basis of the consent you have given pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time by changing the cookie settings. Processing carried out until revocation remains lawful.

The respective data processing purposes and data categories can be found in the corresponding tools. We point out that we have no influence on whether and to what extent the service providers carry out further data processing.

a) Google Consent Mode v2 – Advanced

For the use of some services of the Google/Alphabet group, we use the so-called Google Consent Mode V2 in Advanced Mode.

This means that in the event that you do not give consent within our cookie banner, your client nevertheless sends ping information with IP address, time stamp, user agent and referring URL to Google. The IP address is anonymized on the Google servers. This data is used for conversion modelling in order to optimize ads despite missing consent or technical restrictions and to improve automatic bid settings.

You can find details on this consent mode on Google’s page at https://developers.google.com/tag-platform/security/guides/consent?hl=de&consentmode=advanced.

The processing of your personal data is based on our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

For the use of some services of the Google/Alphabet group, we use the so-called Google Consent Mode V2 in Advanced Mode within the scope of server-side tracking.

In the event that you do not give consent within our cookie banner, your client sends ping information with IP address, time stamp, user agent and referring URL to our own servers, anonymizes this and then sends it to Google.

The processing of your personal data is based on our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

b) Google Analytics

We use Google Analytics on our website, a web analysis service of Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter “Google”).

Google Analytics uses cookies in this context (see item 8). The information generated by the cookie about your use of this website such as

  • name and version of the browser used
  • operating system of your computer
  • website from which access is made (referrer URL)
  • IP address of the requesting computer
  • time of the server request

is generally transmitted to a Google server in the USA and stored there.

Your IP address is automatically anonymized by Google before it is recorded via EU domains and servers. There is therefore no logging or storage of your IP address.

On our behalf, Google will use this information to evaluate your use of our website, to compile reports on website activity and to provide us with further services associated with website use and internet use. The IP address transmitted by your browser within the scope of Google Analytics is not merged with other data from Google.

We have concluded a data processing agreement with Google.

Please click here to obtain an overview of data protection at Google.

c) HubSpot – CRM, website tracking and appointment booking

We use various functions of HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin, Germany (hereinafter “HubSpot”). For the technical provision of these functions, HubSpot Germany GmbH uses the group company HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA.

We work with the CRM software (Customer Relationship Management) of HubSpot, via which we manage our customer data and conduct online marketing. For this purpose, landing pages are analyzed and reports are created, among other things. In doing so, HubSpot uses so-called “web beacons” and sets cookies. In this context, the following personal data may be processed: IP address, geographical location, type of browser, duration of the visit, pages viewed as well as visitor sources by means of UTM parameters. As a rule, the IP address is processed on European HubSpot servers and only stored in shortened form; only in exceptional cases is it transmitted to a HubSpot server in the USA and shortened there. We use the collected information to continuously optimize our website and make it more user-friendly for you, as well as to analyze which of our services are of interest to customers, users and newsletter subscribers, and to contact them for advertising purposes.

To evaluate website use and to optimize our marketing activities, we additionally use the HubSpot tracking script (js.hs-scripts.com). This script is only loaded after your explicit consent. It sets the following analysis cookies: “__hstc” (cross-session visitor recognition), “hubspotutk” (unique visitor identifier), “__hssc” (session tracking) as well as “__hssrc” (session tracking). With the help of these cookies, we can recognize returning visitors, analyze usage behavior on our website and optimize our marketing activities. The tracking script is only activated after your statistics consent; without consent, it is not loaded.

On our contact pages, we also embed the HubSpot Meetings scheduler, via which you can book an appointment with us directly. In the course of the appointment booking, the data you enter – in particular name, e-mail address and appointment preferences – as well as technical information (including IP address, browser and device information) is transmitted to HubSpot and stored in our CRM system. Insofar as cookies are set by the Meetings scheduler embed, this is done on the basis of your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, Section 25 (1) TDDDG.

Since HubSpot’s technical infrastructure also includes servers in the USA, a transfer of your data to the USA is possible. This transfer is safeguarded by the conclusion of EU standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR as well as by the certification of HubSpot, Inc. under the EU-US Data Privacy Framework pursuant to Art. 45 para. 1 GDPR.

The processing within the scope of the CRM system and the tracking script is based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, Section 25 (1) TDDDG. The processing of your booking data via the Meetings scheduler is based on Art. 6 para. 1 sentence 1 lit. b GDPR to carry out pre-contractual measures. You can revoke your consent at any time by adjusting your cookie settings; the lawfulness of the processing carried out until revocation remains unaffected.

We have concluded a data processing agreement with HubSpot pursuant to Art. 28 GDPR and agreed the EU standard contractual clauses. HubSpot does not acquire any right to pass on your data.

You can find the data protection provisions of HubSpot at: https://legal.hubspot.com/de/privacy-policy

d) Contact forms and requests via HubSpot

To manage and process requests received via our website, we use the HubSpot service of HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin, Germany. The data you enter and submit in the form is not transmitted to HubSpot via an embedded HubSpot form, but exclusively via a direct API interface. This means that only form data actually submitted by you is passed on to HubSpot; partially completed forms can neither be recorded nor tracked by HubSpot.

In the course of the transmission, the following personal data may be transmitted to HubSpot and stored and managed in our CRM system: name, e-mail address, IP address, time stamp, form completions as well as further information voluntarily provided by you. We use the stored data exclusively to process your request and to contact you. The setting of cookies by HubSpot takes place exclusively via the tracking script, which – after your separate consent – is loaded separately (cf. section 11c of this privacy policy).

HubSpot Germany GmbH uses the group company HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA, to provide its services; access to your data from the USA can therefore not be completely ruled out. The transfer to the USA is safeguarded by the conclusion of EU standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR as well as by the certification of HubSpot, Inc. under the EU-US Data Privacy Framework pursuant to Art. 45 para. 1 GDPR.

The legal basis for the processing of your request data is Art. 6 para. 1 sentence 1 lit. b and f GDPR to carry out pre-contractual measures in response to your request or to safeguard our legitimate interest in exercising our business activity.

We have concluded a data processing agreement with HubSpot pursuant to Art. 28 GDPR and agreed the EU standard contractual clauses. HubSpot does not acquire any right to pass on your data.

You can find the data protection provisions of HubSpot at: https://legal.hubspot.com/de/privacy-policy

e) PostHog

On this website we use PostHog, a product analysis platform that enables us to analyze user behavior on our website and to further develop our offer on this basis. The platform includes functions such as event tracking, analysis of page views and user flows as well as the evaluation of click and scroll behavior.

The provider is PostHog Inc., 2261 Market Street #4008, San Francisco, CA 94114, USA. We use PostHog in the hosting variant “PostHog Cloud EU”, in which all data is stored and processed exclusively on servers in Frankfurt am Main, Germany.

PostHog processes technical information about the terminal device used (e.g. browser type, operating system, screen resolution) as well as information about the website visit (e.g. pages viewed, dwell time, click and scroll behavior, origin URL). For this purpose, cookies are used that enable cross-session recognition of the browser. No personal profile is created for anonymous visitors. The collected data is used exclusively to analyze website use and to improve the user experience.

In addition, we use the “Session Replay” function of PostHog. This enables us to record interactions on our website, e.g. page views, mouse movements, clicks and scroll behavior, in order to identify usage problems and improve the user experience. Input fields are automatically masked and not recorded (masking level “Normal”); however, visible text and images on the website may be recorded. Session recordings are automatically and irrevocably deleted after 30 days. Session Replay is – like the rest of the PostHog analysis – only activated after your active consent.

Although all data is stored and processed exclusively on servers in Frankfurt am Main, PostHog, Inc., based in the USA, is the contractual partner. Access to stored data by employees of PostHog, Inc. from the USA – for example for support or maintenance purposes – can therefore not be completely ruled out. In this case, any transfers are safeguarded by the certification of PostHog, Inc. under the EU-U.S. Data Privacy Framework pursuant to Art. 45 para. 1 GDPR as well as by the conclusion of EU standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR.

The legal basis for the entire data processing by PostHog including the session recording is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by adjusting your settings via our cookie consent management. The lawfulness of the processing carried out until revocation remains unaffected.

Since PostHog processes data on our behalf, we have concluded a data processing agreement with PostHog, Inc. pursuant to Art. 28 GDPR.

You can find further information on data protection at PostHog at: https://posthog.com/privacy

12. YouTube – video integration

We embed videos from YouTube, which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on our website within the scope of an iFrame and/or via a plugin. As part of the embedding of the videos, we have activated YouTube’s enhanced data protection mode.

If you play a YouTube video during your visit, a connection to the YouTube servers is established and the YouTube server is informed which of our pages you have visited. This allows YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your member account before visiting our website. In addition, YouTube sets various cookies when starting the service in order to improve its offered services and prevent misuse, according to its own information.

You can find further information on the handling of user data and the cookies set in YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy

Through the integration of YouTube, the Google Fonts of Google are also dynamically reloaded, without you being able to actively determine this as a website operator or visitor. The integration of these web fonts takes place via a server call, usually a Google server in the USA. As a result, the following may be transmitted to the server and stored by Google:

  • name and version of the browser used
  • website from which the request was triggered (referrer URL)
  • operating system of your computer
  • screen resolution of your computer
  • IP address of the requesting computer
  • language settings of the browser or operating system used by the user

You can find more detailed information in Google’s data protection notices, which you can access here.

The legal basis results from the consent you have given pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time by changing the cookie setting on our website.

13. Rights of the data subject

You have the following rights:

a) Information

Pursuant to Art. 15 GDPR, you have the right to request information about your personal data processed by us. This right to information includes information about

  • the processing purposes
  • the categories of personal data
  • the recipients or categories of recipients to whom your data has been or will be disclosed
  • the planned storage period or at least the criteria for determining the storage period
  • the existence of a right to rectification, erasure, restriction of processing or objection
  • the existence of a right to lodge a complaint with a supervisory authority
  • the origin of your personal data if it was not collected by us
  • the existence of automated decision-making including profiling and, if applicable, meaningful information about its details

b) Rectification

Pursuant to Art. 16 GDPR, you have the right to the immediate rectification of incorrect or incomplete personal data stored by us.

c) Erasure

Pursuant to Art. 17 GDPR, you have the right to demand the immediate erasure of your personal data from us, insofar as the further processing is not necessary for one of the following reasons:

  • the personal data is still necessary for the purposes for which it was collected or otherwise processed
  • for the exercise of the right to freedom of expression and information
  • for compliance with a legal obligation that requires the processing under the law of the European Union or the member states to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 GDPR
  • for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of this processing
  • for the establishment, exercise or defense of legal claims

d) Restriction of processing

Pursuant to Art. 18 GDPR, you can request the restriction of the processing of your personal data for one of the following reasons:

  • You contest the accuracy of your personal data.
  • The processing is unlawful and you object to the erasure of the personal data.
  • We no longer need the personal data for the purposes of the processing, but you need it for the establishment, exercise or defense of legal claims.
  • You have objected to the processing pursuant to Art. 21 para. 1 GDPR.

e) Notification

If you have requested the rectification or erasure of your personal data or a restriction of processing pursuant to Art. 16, Art. 17 or Art. 18 GDPR, we will notify all recipients to whom your personal data has been disclosed of this, unless this proves impossible or involves a disproportionate effort. You can request that we inform you of these recipients.

f) Transmission

You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format.

You also have the right to request the transmission of this data to a third party, insofar as the processing was carried out with the help of automated procedures and is based on consent pursuant to Art. 6 para. 1 sentence 1 lit. a or Art. 9 para. 2 lit. a or on a contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR.

g) Revocation

Pursuant to Art. 7 para. 3 GDPR, you have the right to revoke your consent at any time vis-à-vis us. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation. In the future, we may no longer continue the data processing that was based on your revoked consent.

h) Complaint

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of your personal data violates the GDPR.

i) Objection

Insofar as your personal data is processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data, insofar as there are grounds for this that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying the particular situation. If you wish to exercise your right of revocation or objection, an e-mail to datenschutz@elevatex.de is sufficient.

j) Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  1. is necessary for entering into, or performance of, a contract between you and us
  2. is authorized by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and your legitimate interests
  3. is based on your explicit consent

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and suitable measures to protect the rights and freedoms as well as your legitimate interests have been taken.

With regard to the cases mentioned in i) and iii), we take suitable measures to safeguard the rights and freedoms as well as your legitimate interests, which includes at least the right to obtain human intervention on our part, to express your own point of view and to contest the decision.

14. Amendment of the privacy policy

If we amend the privacy policy, this will be indicated on the website.

Last updated: 23/06/2026

ElevateX Freelancer

  • Agile Coach
  • Agile Manager
  • AI Developer
  • Android Developer
  • Angular Developer
  • App Developer
  • Apple Developer
  • Application Consultant
  • Application Engineer
  • Automation Engineer
  • Back-End Developer
  • Big Data Engineer
  • Blockchain Developer
  • Business Analyst
  • Business Intelligence Manager
  • C Developer
  • C# Developer
  • C++ Developer
  • CAD Designer
  • Cloud Engineer
  • Commissioning Engineer
  • Computer Vision Engineer
  • Construction Manager
  • Data Analyst
  • Data Architect
  • Data Engineer
  • Data Scientist
  • Development Engineer
  • DevOps Engineer
  • Django Developer
  • Electrical Designer
  • Electrical Engineer
  • Engineer
  • ERP Consultant
  • Front-End Developer
  • Full-Stack Developer
  • Hardware Developer
  • iOS Developer
  • IT Consultant
  • IT Project Manager
  • IT System Engineer
  • Java Developer
  • JavaScript Developer
  • Kotlin Developer
  • Machine Learning Engineer
  • Mechanical Engineer
  • Mobile Developer
  • Network Administrator
  • PHP Developer
  • Process Engineer
  • Product Manager
  • Project Manager
  • Prompt Engineer
  • Python Developer
  • Quality Engineer
  • Robotics Engineer
  • SalesForce Developer
  • SAP Consultant
  • Scrum Master
  • SQL Developer
  • Spryker Developer
  • Swift Developer
  • System Engineer
  • UI Designer
  • UX Designer
  • Web Designer
  • Web Developer
  • WordPress Developer

Freelance Locations

  • Freelancer Berlin
  • Freelancer Dortmund
  • Freelancer Düsseldorf
  • Freelancer Essen
  • Freelancer Frankfurt
  • Freelancer Germany
  • Freelancer Hamburg
  • Freelancer Köln
  • Freelancer Leipzig
  • Freelancer München
  • Freelancer Remote
  • Freelancer Stuttgart

For Clients

  • Your Inquiry
  • Why ElevateX
  • How ElevateX works
  • Testimonials
  • Success Stories
  • FAQ by Clients

For Freelancers

  • Apply Now
  • CV Review
  • Why ElevateX
  • Refer a Project
  • Trending projects
  • FAQ by Freelancers

Learn More

  • Blog
  • Resource Section
  • Newsletter
  • Work with IT-Freelancers
  • Become an IT-Freelancer
  • Cost of Vacancy Calculator

About Us

  • Who we are
  • Contact us
  • Support Your Community
  • Our Service Portfolio
  • Our Areas of Expertise
  • AI Tools for Dev Teams
ElevateX

Experts by Experts
Find top freelancers for your IT project.

©2026 ElevateX GmbH.
All rights reserved.

Contact

  • info@elevatex.de
  • +49 7161 30465 99

Legal

  • Legal Notice
  • Privacy Policy

Follow us