Privacy Policy

Website www.rootglobal.io, last amended: July 2022

We have created this privacy policy to inform you about how personal data is collected, processed and used when you visit our website.

1. Contact person

The website www.rootglobal.io  is provided by Root Global GmbH, Hedwig-Porschütz-Straße 9, 10557 Berlin (hereinafter referred to as “Root” or “we”). Rootis also the controller within the meaning of the EU General Data Protection Regulation (GDPR) for the collection, processing and use of personal data of website visitors (hereinafter referred to as “you”). Should you have any questions or suggestions regarding data protection, please do not hesitate to contact us. You are welcome to direct your data protection concerns to our data protection team by sending an email to maurice@rootglobal.io. Our full contact details are available here.

2. Data processing when you use our website

2.1 Visiting the site

In principle, it is possible to visit our website without providing additional personal data. Personal data is only collected if this is necessary for technical reasons to use our website or if you use certain functions or services offered on our website, e.g. the Contact Us button or the application form.

The following access data are automatically recorded every time our website is accessed:

  • date and time of access
  • name of the file requested
  • website from which the file was requested
  • access status (e.g. file transferred, file not found)
  • your web browser and your device’s operating system
  • the IP address of the requesting device

It is necessary to process this data to make it possible to visit the website and to guarantee the long-term functionality, availability and security of our systems. The legal basis for this data processing is Art. 6(1) lit b GDPR.

For the purposes described above, the access data specified is also temporarily stored in internal log files in order to generate statistical data on the use of our website, to further develop our website with regard to the usage habits of our visitors (e.g. if the proportion of mobile devices with which the pages are accessed increases) and for the general administrative maintenance of our website. The legal basis for this data processing is Art. 6(1) lit. f GDPR, based on our legitimate interest in appropriately optimising our website.

The information stored in the log files does not allow any conclusions about your person and we only store IP addresses in the log files in shortened, anonymised form.

2.2 Webflow

We use the external service provider Webflow (Webflow Inc., 398 11th Street, 2nd Floor, 94103 San Francisco, CA, USA) to build and host our website www.rootglobal.io. The service is only used to compile the designs of the subsite. We do not use Webflow, nor have we instructed Webflow, to collect, analyse or process user data. We have nonetheless concluded a data processing agreement with Webflow, Inc., pursuant to Art. 28 GDPR, to ensure that Webflow processes any data in accordance with our instructions and the European data protection principles. If Webflow transfers data to companies outside Europe (e.g. to the USA), Webflow has taken contractual and technical precautions to ensure compliance with the European data protection principles. However, when personal data is processed outside Europe, it may in individual cases be the case that the rights of EU citizens cannot or cannot fully be enforced.

2.3 Applying to Root

You can apply to us for advertised vacancies using our online form or via email. The purpose of data collection here is the selection of applicants for potential employment at Root. In order to receive and process your application, we collect the following applicant data: first and last name, email address, telephone number and application documents (curriculum vitae and cover letter). You may also voluntarily provide us with additional information that you may want us to consider when you apply (e.g. your salary expectations, availability or additional documents).

If you apply for a position at Root, in principle we will not pass on your applicant data to third parties. If you have any questions regarding data protection in the application process (e.g. with regard to your rights under data protection law), please contact us at maurice@rootglobal.io.

The legal basis for the processing of your applicant data is Art. 6(1) Sentence 1(b) and Art. 88(1) GDPR in conjunction with Section 26(1) Sentence 1 of the German Federal Data Protection Act (BDSG). We store your applicant data upon receipt of your application. If we accept your application and subsequently employ you, we will store your applicant data for as long as the data is necessary for your employment and as far as we are legally required to retain it. If we reject your application, we will store your applicant data for a maximum of six months after rejection of your application. The data will be deleted automatically after this period.

We use the external service provider Notion (Notion Labs, Inc., 930 Alabama Street, 94110 San Francisco, United States) for our application system. We have concluded a data processing agreement with Notion, pursuant to Art. 28 GDPR, to ensure that Notion processes the data in accordance with our instructions and the European data protection principles. If Notion transfers data to companies outside Europe (e.g. to the USA), Notion has taken contractual precautions to ensure compliance with the European data protection principles. However, when personal data is processed outside Europe, it may in individual cases be the case that the rights of EU citizens cannot or cannot fully be enforced. You can revoke consent and withdraw your application at any time.

2.4 Contacting Root

To contact Root Global you can use the Contact Us button on our website and send us an email.  When contacting us via email, we store and process your email address and name and surname, if included in your written email, to reply to your email and for any further inquiries. The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR. You can revoke your consent at any time.

3. Disclosure of data

In principle, we will only pass on the data we collect if:

  • you have given your express consent to this pursuant to Art. 6(1) lit. a GDPR;
  • disclosure is necessary pursuant to Art. 6(1) lit. f GDPR in order to assert, exercise or defend legal claims and there is no reason to assume that there is an overriding legitimate interest in not disclosing the data;
  • we are legally obliged to do so under Art. 6(1) lit. c GDPR;
  • or this is permitted by law and is required under Art. 6(1) lit. b GDPR for the processing of contractual relationships with you or for taking steps at your request prior to entering into a contract.

Part of the data processing described in this privacy policy may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may, in particular, include data centres that store our website and databases, IT service providers that maintain our systems, and consulting firms. If we pass data on to our service providers, they may use the data exclusively for the fulfilment of their tasks. We have carefully selected and commissioned the service providers. They are contractually bound by our instructions, have appropriate technical and organisational measures in place to protect the rights of data subjects, guarantee an appropriate level of data protection and are carefully monitored by us.

In addition, data may be disclosed in connection with official requests, court orders and legal proceedings if this is necessary to pursue or enforce rights.

4. Data transfer to third countries

As explained in this privacy policy, we use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union. If this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among others, the standard contractual clauses of the European Union or binding internal data protection regulations.

Where this is not possible, we base the transfer of data on exceptions to Art. 49 DSGVO, in particular your express consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures.

If a transfer to a third country is provided for and there is no adequacy decision or suitable guarantees, it is possible and there is a risk that authorities in the respective third country (e.g. intelligence services) may gain access to the transferred data in order to collect and analyse it, and that the enforceability of your affected rights cannot be guaranteed.

5. Your rights

You have the right to information about how we process your personal data at any time. When providing this information, we will explain the data processing to you and provide you with an overview of the data stored about you.

If data stored by us is incorrect or no longer up to date, you have the right to have this data corrected.

You may also demand that your data be erased. Should the erasure not be possible in exceptional cases due to other legal regulations, the data will be blocked so that it is only available for that legal purpose.

You are also entitled to have the processing of your data restricted, e.g. if you believe that the data we have stored is incorrect. You also have the right to data portability, which means that on request we will send you a digital copy of the personal data you have provided.

In order to assert your rights described here, you can contact us at any time using the contact details provided in Section 1 above. This also applies if you wish to receive copies of safeguards in order to prove an adequate level of data protection.

In addition, you have the right to object to data processing if it occurs based on Art. 6(1) lit. f GDPR or for direct marketing purposes. Finally, you have the right to lodge a complaint with our competent data protection supervisory authority. You can assert this right by contacting a supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement. The competent supervisory authority in Berlin is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.

Right of withdrawal and objection. Pursuant to Art. 7(3) GDPR, you have the right to withdraw the consent you gave us at any time. As a result of this, we will cease the data processing based on this consent with future effect. This withdrawal of your consent will not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.

If we process your data on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right under Art. 21 GDPR to object to the processing of your data, and to give us reasons which arise from your particular situation which, in your opinion, show that your legitimate interests override ours. If your objection is to data processing for direct marketing purposes, you have a general right of objection, which we will implement without requiring you to give reasons.

If you would like to make use of your right of withdrawal or objection, it is sufficient to simply notify us using the contact details provided above.