Responsible for the data processing and “controller” in terms of the GDPR is Next Matter GmbH, Gormannstraße 14, 10119 Berlin, Germany, E-mail: info@nextmatter.com („we“ or “us”). You can contact our data protection officer Karolina Stepka at kstepka@consulting.dataguard.de.
This privacy policy deals with the data processing related to our customers. If you are visiting our website (including https://app.nextmatter.com/), the website privacy policy applies additionally.
In providing the SaaS service, we act as a data processor on behalf of our customers pursuant to Art. 28 GDPR. A data processing agreement (“DPA”) is part of our customer agreements. The DPA can be found here.
The DPA covers all data and processing activities within the SaaS service (e.g. “customer content” like your workflow data).
This privacy policy solely covers data processing we perform for our own purpose as a controller (and not on your behalf as a processor), e.g. contract management, billing and invoicing etc.
In connection with customer relationships, we collect and process in particular the following data for our own purpose as a controller:
The legal basis for the processing of personal data for pre-contractual and contractual purposes is Art. 6(1)(b) GDPR if you yourself are our contractual partner or Art. 6(1)(f) GDPR if your employer is our contractual partner. This applies to the data processing in respect of a contract between you or your employer and us and includes, without limitation, the initiation of the contractual relationship, contract processing, implementation and support as well as performance of the contractual obligations.
We also process your data for our or third parties’ legitimate interests (Art. 6(1)(f) GDPR). This may be necessary in particular:
If required we collect your consent for the use of your data for marketing purposes (e.g. newsletter subscriptions) pursuant to Art. 6(1)(a) GDPR. You can withdraw such consent at any time.
We use the following external payment service providers:
Chargebee, 340 S. Lemon Ave #1537, CA 91789, Walnut, USA; contact: info@chargebee.com
The payment service providers are acting as independent data controllers and are processing data in their own responsibility. Please see the privacy notice of the payment service providers for more information:
We transmit your payment related data (including e.g. billing address, bank account or credit card data) to the payment service provider to the extent such data is required for the processing of the payment transaction. This is necessary to fulfil the agreement pursuant to Art. 6(1)(b) GDPR. Sometimes the payment service provider collects the data required for the processing of the payment transaction itself, e.g. on its own website or via a technical integration in the order process. The payment service providers may also process data on your previous payment history as well as probability values on future behaviour. Insofar the privacy policy of the payment provider applies.
We delete your personal data as soon as they are no longer required for the above-mentioned purposes. Personal data may be retained for the period during which claims can be asserted against us or by us (statutory limitation period of three or up to thirty years). In addition, we store your personal data to the extent that we are required to do so by law. Corresponding obligations to store data result in particular from the German Commercial Code (Handelsgesetzbuch) and the German Fiscal Code (Abgabenordnung). Accordingly, the storage periods are generally up to six or ten years. If required, we will be pleased to provide you with further information on the duration of data storage in relation to the specific purpose.
Please note that customer content (e.g. your workflow data) stored within the SaaS system will be deleted as agreed in the data processing agreement, usually upon termination or expiration of the contract.
Within our company, only those persons and departments receive your personal data that need them to fulfill their tasks with regard to the above-mentioned purposes. In the course of our activities, we sometimes also have to transfer data to external third parties and use external service providers. In particular, we may transfer your personal data to the following recipients and categories of recipients:
Insofar as we use services whose providers are partly located in third countries outside the European Economic Area or process personal data there and the EU Commission has not issued an adequacy decision for these countries pursuant to Art. 45 GDPR, we have taken appropriate precautions to ensure an adequate level of data protection. These include, among others, the standard contractual clauses of the European Union (SCC) or binding corporate rules (BCR). Where this is not possible, we base the data transfer on your express consent.
Where a third country transfer is envisaged and no adequacy decision or appropriate safeguards are in place, there is a risk that authorities in the respective third country (e.g. intelligence services) may gain access to the transferred data in order to collect and analyze it, and that enforceability of your data subject rights cannot be guaranteed.
In addition to the right to revoke your consent given to us, if applicable, you have right to request access to (Art. 15 GDPR) and rectification (Art. 16 GDPR) or erasure (Art. 17 GDRP) of personal data or restriction of processing (Art. 18 GDPR), the right to object (Art. 21 GDPR) and the right to data portability (Art. 20 GDPR).
You have the right to object against all types of processing described in this privacy information that are based on Art. 6(1)(f) GDPR, based on grounds relating to your particular situation (Art. 21(1) GDPR). To the extent we process your personal data pursuant to Art. 6(1)(f) GDPR for direct marketing purposes, you can object against such processing at any time without giving a particular reason.
You have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The competent supervisory authority for us is: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin, E-Mail: mailbox@datenschutz-berlin.de.
Responsible for the data processing and “controller” in terms of the GDPR is Next Matter GmbH, Gormannstraße 14, 10119 Berlin, Germany, E-mail: info@nextmatter.com („we“ or “us”). You can contact our data protection officer Karolina Stepka at kstepka@consulting.dataguard.de.
This privacy policy deals with the data processing related to our website. If you are using our SaaS service as a customer, our privacy policy for customers [LINK] and the data processing agreement (DPA) apply additionally.
We collect information and data that is automatically transmitted or generated by your browser each time you visit our website. Such information includes the IP address, the URLs of the site you visited before accessing our website (“referrer”), the browser used, the browser language, the operating system and user interface, the access device used, date and time of your access, the pages viewed on our website, and the time you spend on the website. Such data is stored for a period of 14 days and deleted automatically thereafter. Legal basis for the processing of such log data is Art. 6(1)(f) GDPR due to our following legitimate interest:
You can contact us e.g. via contact forms or chat functions on the website or by e-mail if you are interested in our services. In our contact forms, we usually ask you about your contact details (name, email address, company). The legal basis for the data processing is Art. 6(1)(b) GDPR insofar as your information is required to answer your inquiry or to initiate or execute a contract, otherwise your and our legitimate interest in answering your inquiry pursuant to Art. 6(1)(f) GDPR. Generally, your inquiries remain stored for a period of one year and are then deleted, unless there is a legal obligation to store them for a longer period (e.g. in the case of commercial or business letters six years) or the storage is otherwise necessary.
On our website you can subscribe to our blog newsletter. In this case, we will use the contact data you have provided for sending the newsletter with news, product updates and information by e-mail. The data processing is based on your consent pursuant to Art. 6 (1)(a) GDPR.
You can revoke your consent at any time, e.g. by using the “unsubscribe” link, which you will find at the end of each newsletter e-mail.
We use a double opt-in procedure, i.e. after initial registration, you will receive a notification e-mail where you must confirm by clicking on a link that you are indeed the owner of the e-mail address provided. If you confirm your e-mail address, we store your e-mail address, the time of registration and the IP address used for registration until you unsubscribe from the newsletter. The legal basis is our legitimate interest pursuant to Art. 6 (1)(f) GDPR in proving the proper registration for the newsletter.
In order to determine when our emails are opened and how they are used, we record and analyze the interactions with the newsletter or the accruing access data (e.g. opening rate or click rate) using standard market technologies provided to us by our newsletter service provider. For this purpose, our e-mails contain so-called web beacons (see Sec. 4 below). This allows us to determine whether and when an e-mail was opened by you. We also learn which of the links contained in the e-mails you click on. We use this access data for the continuous improvement of our offer, our content and customer communication as well as for statistical purposes. If you do not want this analysis of usage behavior, you can unsubscribe from the newsletters or deactivate graphics in your e-mail client. The legal basis is our legitimate interest in usage analysis pursuant to Art. 6(1)(f) GDPR.
We use cookies, web beacons and suchlike when you visit our websites or use our services.
Cookies are small text files that are stored by your browser on your computer or mobile device and which allow re-identification of your computer or mobile device, potentially across numerous websites. These cookies contain no personal data. Some of the cookies we use are deleted again upon expiry of the session, that is, when you close your browser (these are referred to as session cookies). Other cookies remain stored on your device and allow us, or our business partners to recognize your browser during subsequent visits (persistent cookies).
You may prevent cookies by configuring your browser software accordingly. However, please note that certain areas of the websites or certain services may then not work as intended (such as the SaaS service)
Web beacons are small graphics files (pixels) that may be embedded in our website for the purposes of recording user behavior. Similar methods include, for example, flash cookies, HTML5 cookies or other local (browser or device) storage methods that – in a similar way to cookies – allow data to be saved to your browser or device so that your browser or device can be recognized during subsequent visits or during a session.
We use cookies that are required for the provision of certain functionality of our website (e.g. the SaaS service). Some of our service providers may also use cookies, in particular for web analysis (see below).
4.1. Legal Basis
We use tools and cookies necessary for website operation based on your and our legitimate interest pursuant to Art. 6(1)(f) GDPR in the operation of the website and pursuant to § 25 (2) No. 2 TTDSG. Tools and cookies necessary for the provision of the SaaS service are based on Art. 6(1)(b) GDPR, § 25(2) No. 2 TTDSG.
We use other tools, in particular for analysis and marketing purposes based on your consent pursuant to Art. 6(1)(a) GDPR and pursuant to § 25(1) TTDSG, which is obtained via the cookie banner (see below). If you have given your consent to use certain tools, we may also transfer the data processed when using the tools to third countries on the basis of this consent.
You can revoke your consent at any time via the cookie banner. You will find the corresponding link at the bottom left of each page ("privacy settings").
4.2. Additional information
You can find more information about the external tools and cookies, including
We may use third party service providers, and disclose to such service providers personal data as required for the provision of the services. We use in particular technical service providers for the hosting and operation of the website. Third party service providers also include providers of external tools embedded in the website, as listed in the cookie banner (see Sec. 2.2 above).
We may make personal data available to our service providers for the fulfillment of their activities, if necessary. In doing so, we will of course also comply with all data protection requirements and oblige our service providers to do so to the extent necessary. The service providers may process the personal data exclusively on our behalf and not for their own purposes and must treat the data confidentially. To this end, we have concluded commissioned processing agreements in accordance with Art. 28 GDPR.
Insofar as we use services whose providers are partly located in third countries outside the European Economic Area or process personal data there and the EU Commission has not issued an adequacy decision for these countries pursuant to Art. 45 GDPR, we have taken appropriate precautions to ensure an adequate level of data protection. These include, among others, the standard contractual clauses of the European Union (SCC) or binding corporate rules (BCR). Where this is not possible, we base the data transfer on your express consent.
Where a third country transfer is envisaged and no adequacy decision or appropriate safeguards are in place, there is a risk that authorities in the respective third country (e.g. intelligence services) may gain access to the transferred data in order to collect and analyze it, and that enforceability of your data subject rights cannot be guaranteed.
In addition to the right to revoke your consent given to us, if applicable, you have right to request access to (Art. 15 GDPR) and rectification (Art. 16 GDPR) or erasure (Art. 17 GDRP) of personal data or restriction of processing (Art. 18 GDPR), the right to object (Art. 21 GDPR) and the right to data portability (Art. 20 GDPR).
You have the right to object against all types of processing described in this privacy information that are based on Art. 6(1)(f) GDPR, based on grounds relating to your particular situation (Art. 21(1) GDPR). To the extent we process your personal data pursuant to Art. 6(1)(f) GDPR for direct marketing purposes, you can object against such processing at any time without giving a particular reason.
You have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The competent supervisory authority for us is: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin, E-Mail: mailbox@datenschutz-berlin.de.
We would like to inform you below about data processing in connection with your application.
The data controller within the meaning of the General Data Protection Regulation (“GDPR”) for the processing of applicant data is Next Matter GmbH, Gormannstraße 14, 10119 Berlin, E-mail: info@nextmatter.com. You can reach our data protection officer Karolina Stepka at kstepka@consulting.dataguard.de.
1. We use your personal data that you provide to us throughout the application process (for example, in cover letters, resumes, references, applicant questionnaires, applicant interviews). In addition, we may process personal data that we have lawfully obtained from publicly available sources (e.g. professional social networks), from recruiters or contact with references. The data processing is carried out in accordance with Art. 88 GDPR, § 26 para. 1 p. 1 BDSG for recruiting purposes. This also applies to special categories of personal data (such as health data, religious affiliation, severe disability) if you have voluntarily provided such data to us. In this respect, the data processing is carried out in accordance with Art. 88 GDPR, § 26 para. 3 BDSG. However, we would like to evaluate all applicants only according to their qualifications and therefore ask you to refrain from providing such information in the application if possible.
2. Upon your express consent, we will retain your data beyond the end of a specific application process for a period of 12 months so that we can contact you later if you are considered for another position (inclusion in our “applicant pool”). If you apply for another position, the period starts again. Before the period expires, we will contact you by email to ask whether you agree to further storage. The legal basis for this data retention is Art. 6 para. 1a GDPR.
You can withdraw your consent to be included in the applicant pool at any time, e.g. by sending an e-mail to info@nextmatter.com.
3. We delete your data as follows
An application process is completed when the period has expired in which lawsuits for violation of the AGG (Allgemeines Gleichbehandlungsgesetz, German General Equal Treatment Act) can still be expected (usually six months after the rejection has been sent, if no lawsuit or assertion according to § 15 para. 4 AGG has been received by then).
If your application is successful, your data will be transferred to the personnel file, insofar as this is necessary and permissible.
4. We may engage external service providers who act exclusively on our behalf and are not permitted to process data for their own purposes, and may transfer personal data for these purposes to the external service providers, for example assessment centers, recruiters and personnel consultants, external consultants in the case of an aptitude diagnostic procedure, lawyers in the event of a dispute, if applicable
5. We do not carry out any automated decision-making or profiling pursuant to Art. 22 GDPR.
6. In addition to the right to revoke your consent given to us, you have right to request access to (Art. 15 GDPR) and rectification (Art. 16 GDPR) or erasure (Art. 17 GDRP) of personal data or restriction of processing (Art. 18 GDPR), the right to object (Art. 21 GDPR) and the right to data portability (Art. 20 GDPR), if the respective legal requirements are met. In addition, you have a right of appeal to the data protection supervisory authorities pursuant to Art. 77 GDPR.
We would hereby like to inform you about the processing of your personal data by Next Matter GmbH as your employer and the rights to which you are entitled under data protection law.
The data controller is your employer, Next Matter GmbH, Gormannstraße 14, 10119 Berlin, e-mail: info@nextmatter.com.
You can reach our data protection officer Karolina Stepka at kstepka@consulting.dataguard.de.
The categories of personal data processed include, in particular, your master data (such as first name, last name, name affixes, nationality, personnel number), contact data (such as private address, (mobile) phone number, e-mail address) and other data from the employment relationship (e.g. time recording data, vacation periods, periods of incapacity to work, data from employee discussions and target agreements, criminal records if applicable, social data, bank details, social security number, pension insurance number, salary data as well as the tax identification number, information on professional career, school-leaving certificate, vocational qualification, studies, data on professional training, data on interests, information on wage garnishments ). This may also include special categories of personal data (sensitive data), such as absences due to illness or reintegration measures relating to health impairments, health data and data on a tax-relevant religious affiliation.
Your personal data is generally collected directly from you as part of the recruitment process or during the employment relationship. In certain constellations, your personal data will also be collected from third parties due to legal requirements. This includes, in particular, event-related queries of tax-relevant information from the relevant tax office and information about periods of incapacity for work from the relevant health insurance. In addition, we may have received data from third parties (e.g. job placement agencies).
We process your personal data based on the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and all other relevant laws (e.g. BetrVG, ArbZG, etc.).
Primarily, our data processing serves the purpose of establishing, performing and terminating the employment relationship. The primary legal basis for this is § 26 (1) BDSG in conjunction with. Art. 88 GDPR. If the processing of your data in individual cases is based on consent pursuant to Art. 6 (1)(a) GDPR, you have the right to revoke the consent at any time with effect for the future.
We also process your data in order to fulfill our legal obligations as an employer, in particular in the area of tax and social security law. This is based on Art. 6 (1)(c) GDPR in conjunction with § 26 BDSG.
In individual cases, we process your data in order to protect legitimate interests of us or of third parties (e.g. authorities). This applies in particular to the investigation of criminal offences (legal basis Art. 6 (1)(f) GDPR in conjunction with § 26 para. 1 p. 2 BDSG).
Insofar as special categories of personal data are processed pursuant to Art. 9 (1) GDPR, this serves the exercise of rights or the fulfillment of legal obligations from labor law, social security law and social protection within the framework of the employment relationship (e.g. disclosure of health data to the health insurance, recording of severe disability due to additional leave and determination of the severely disabled levy). This is done on the basis of Art. 9 (2)(b) GDPR in conjunction with § 26 (3) BDSG. In addition, the processing of special categories of personal data may be based on consent pursuant to Art. 9 (2)(a) GDPR in conjunction with § 26 (2) BDSG (e.g., company health management).
If we want to process your personal data for a purpose not mentioned above, we will inform you in advance.
Within Next Matter GmbH, only those persons and positions (e.g. department, management, supervisors) receive your personal data that need them to fulfill their respective tasks and contractual and legal obligations.
In addition, we sometimes use external service providers to fulfill our contractual and legal obligations. The contractors and service providers we use act exclusively on our behalf in accordance with Art. 28 GDPR and may not process data for their own purposes.
In addition, we may transfer your personal data to other recipients to the extent necessary to fulfill our contractual and legal obligations as an employer, in particular:
What data protection rights can I assert as a data subject?
You can request information from us about the data stored about you. In addition, you may, under certain conditions, request the correction or deletion of your data. You may also have the right to restrict the processing of your data and the right to receive the data you have provided in a structured, common and machine-readable format. In addition, you have the right to lodge a complaint with a data protection supervisory authority.
Right to object
If we process your data to protect legitimate interests, you may object to this processing on grounds relating to your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
How long will my data be stored?
We delete your personal data as soon as it is no longer required for the above-mentioned purposes. After termination of the employment relationship, your personal data will be stored as long as we are legally obliged to do so. This regularly results from legal obligations to provide proof and to retain data, which are regulated, among other things, in the German Commercial Code and the German Fiscal Code. The storage periods are then regularly ten years.
In addition, personal data may be retained for the period during which claims can be asserted against us (statutory limitation period of three or up to thirty years). In addition, the data required for the company pension benefits will be processed until the end of your claims and will also be stored thereafter for as long as we are legally obliged to do so for the above reasons.
Will my data be transferred to a third country?
If we transfer personal data to service providers outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection or if other appropriate data protection guarantees (e.g. binding corporate rules or EU standard contractual clauses) are in place.
We do not perform any automated decision-making - including profiling - to bring about a decision on the establishment, performance or termination of an employment relationship.
