1. Who we are and what this policy is about

Welcome to http://www.speedinvest-heroes.com, the website of Speedinvest Heroes Consulting GmbH, registered in the Commercial Register of the Commercial Court Vienna under FN 465427 b (“Speedinvest Heroes”, “we”, “us”, “Controller” or “our”). We are a quality leader in HR consulting for start-ups and trusted advisor to many respected organizations. We provide a variety of services to these clients and other parties, including, but not limited to: (i) executive search (e.g. helping clients recruit executives for their organizations); (ii) board consulting (e.g. searching for directors, conducting board effectiveness reviews and appraisals of directors, and assisting in board successions); (iii) leadership strategy services; (iv) executive integration; (v) family business advisory services; (vi) diversity and inclusion services; (vii) CEO succession and (viii) professional search (collectively, and among others, our “Services”).

We respect the privacy of the Users (“you”, “your”) and are committed to protecting their Personal Data according to applicable law. For this reason, your Personal Data will be used exclusively on the basis of the applicable legal provisions, in particular, the Austrian Data Protection Act (Datenschutzgesetz – DSG), the General Data Protection Regulation (Regulation (EU) 2016/679 – GDPR) as well as the Austrian Telecommunications Act (Telekommunikationsgesetz 2021 – TKG 2021).

This privacy policy (“Policy”) is provided in accordance with Article 13 and 14 GDPR and explains to what extent and for what purposes we are collecting and subsequently processing Personal Data through our Site. This Policy also informs you of your rights regarding the collection and processing of your Personal Data. This Policy relates solely to the Site, if not stated otherwise.

Speedinvest Heroes is the Controller for the processing of your Personal Data on this Site.

2. Definitions

“ASaaS-Product” means the Active Sourcing as a Service product as provided on the Site and amended from time to time.

“Controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data, including the security measures concerning the operation and use of the Site. The Controller is Speedinvest Heroes.

“European Union” or “EU” includes – unless otherwise specified – all current member states of the European Union and the European Economic Area (EEA).

“Personal Data” means any information that either (a) personally identifies a natural person; or (b) pertains to an identifiable natural person, i.e. someone who can be identified, directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity, or (c) constitutes individually identifiable information about an individual consumer collected by us online through this Site and that we maintain in an accessible form, or that (d) we are otherwise required to protect under applicable data privacy laws (including, but not limited to, national, international and supranational data protection and privacy laws, directives, regulations and comparable legal acts).

“Processor” is the natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of the Controller, as described in this Policy.

“Processing” and variations such as “Process” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, restriction, erasure or destruction.

“Site” means any web page hosted at the domain www.speedinvest-heroes.com with regard to the ASaaS-Product.

“Tracker” indicates any technology – e.g Cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting – that enables the tracking of Users, for example by accessing or storing information on the User’s device.

“User” is the individual using the Site.

3. Processing of your Personal Data

Depending on your interaction with the Site, your Personal Data is Processed as follows:

3.1 Active Sourcing as a Service (ASaaS-Product)

As part of our services, we offer an ASaaS-Product and provide recruiting services in the B2B sector to entrepreneurs (“Business Partner(s)”).

If a Business Partner wishes to fill a vacant job position, the criteria for the respective job position can be specified on the Site. We will then inform the Business Partner whether we can support the request or not. The Business Partner will be contacted regarding the decision and then, if the request is supported, our services are provided for the ASaaS-Product, and the Business Partner will receive access to our ASaaS-Product platform and its output.

The Personal Data Processed by us within the scope of the services provided under the ASaaS-Product might contain the following Personal Data: 

• first and last name of the contact person of the Business Partner and/or the Business Partner, if he/she is a natural person;
• username of the contact person of the Business Partner and/or the Business Partner, if he/she is a natural person;
• email address of the contact person of the Business Partner and/or the Business Partner, if he/she is a natural person;
• payment information, billing address and/or VAT Number, of the Business Partner, if he/she is a natural person;
• password of the contact person of the Business Partner and/or the Business Partner, if he/she is a natural person;
• information about the position to be staffed provided by the contact person of the Business Partner and/or Business Partner, if he/she is a natural person; and/or
• IP-address of the contact person of the Business Partner and/or the Business Partner, if he/she is a natural person. 

4. Legal basis for the Processing

The Controller may process Personal Data relating to Users if one of the following applies:

• Users have given their consent for one or more specific purposes in accordance with Art. 6 (1) (a) GDPR;
• Processing of Personal Data is necessary for the performance of an agreement with the Users and/or for any pre-contractual obligations thereof in accordance with Art. 6 (1) (b) GDPR;
• Processing of Personal Data is necessary for compliance with a legal obligation to which the Controller is subject in accordance with Art. 6 (1) (c) GDPR, if applicable; or
• Processing of Personal Data is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party in accordance with Art. 6 (1) (f) GDPR relating to advertising, market research and surveys, unless the Users have exercised their right to object according to Art. 21 GDPR.

5. Detailed information on the Processing of Personal Data, including by Third-Party-Providers

Transmission of the Personal Data in the individual case takes place on the basis of the legal regulations and/or contractual agreement and – as far as necessary – for the handling of contracts among others to the following third parties:

• Legal representatives, notaries and other third parties involved in legal services;
• Courts, if applicable;
• Administrative authorities, if applicable;
• Participating contractual and business partners;
• Technical service providers;
• Mail carriers;
• Hosting providers;
• IT companies; and
• Communication agencies.

If the above recipients of your Personal Data are located outside the EEA and the country in question has also not been determined by decision of the EU Commission to have an adequate level of data protection, we ensure that the transfer is made on the basis of standard contractual clauses (currently 2010/87/EC and/or 2004/915/EC).

In particular, Personal Data is collected for the following purposes and using the services of the following Third-Party-Providers:  

5.1 Analytics

The services contained in this section enable the Controller to monitor and analyse web traffic and can be used to keep track of User’s behaviour.

• Google Analytics (Google Ireland Limited)

The Site uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google Ireland Limited”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the Site. We process your Personal Data on the basis of our prevailing legitimate interest to cost-efficiently generate easy to use website access statistics (Art. 6 (1) (f) GDPR). The information generated by the cookie about your use of the Site (including your IP address and the URLs of the accessed pages) will be transmitted to Google Ireland Limited. We do not store any of your Personal Data collected in connection with Google Analytics. The Site uses an IP anonymization feature provided by Google Ireland Limited. Your IP address will therefore be truncated/anonymized by Google Ireland Limited as soon as it receives it. On our behalf, Google Ireland Limited will use this information for the purpose of evaluating your use of the Site, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to us. Google Ireland Limited will not associate your IP address with any other data held by Google Ireland Limited. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this Site. Furthermore you can prevent Google Ireland Limited’s collection and use of your Personal Data by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en-GB. You can also refuse the use of Google Analytics on this Site by clicking on the following link: https://developers.google.com/analytics/devguides/collection/gajs/?hl=de#disable. An opt-out cookie will be set on the computer, which prevents the future collection of your Personal Data when visiting this website: Further information concerning Google Ireland Limited’s terms of use and privacy statement can be found at http://www.google.com/analytics/terms/gb.html or at https://www.google.at/intl/en_uk/policies/.

• Rebrandly (RadiateCapital Limited)

Rebrandly is a service provided by RadiateCapital Limited, 90 Leinster Road – Rathmines – Dublin 6, D06 F3P4, Dublin, Ireland (“RadiateCapital Limited”) that allows the Controller to create personalized URLs and to measure their effectiveness, as well as User interactions with them. Rebrandly may also enable the Controller to retarget Users. Find more information about the Processing of Personal Data in RadiateCapital Limited’s privacy policy available at https://www.rebrandly.com/privacy-policy. The data transfer is conducted in accordance with Art. 6 (1) (f) GDPR (legitimate interest to create personalized URLs and to measure their effectiveness, as well as User interactions with them).

5.2 Handling of payments

Unless otherwise specified, the Site Processes any payments by credit card, bank transfer or other means via external payment service providers. In general, and unless where otherwise stated, Users are requested to provide their payment details and Personal Data directly to such payment service providers. Speedinvest Heroes is not involved in the collection and processing of such information instead, it will only receive a notification by the relevant payment service provider as to whether payment has been successfully completed.

• PayPal, PayPal button and widgets (PayPal (Europe) S.à r.l. et Cie, S.C.A.)

Paypal is an online payment service. The service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal (Europe) S.à r.l. et Cie, S.C.A.”) is responsible for the European area. Find more information about the Processing of Personal Data in PayPal (Europe) S.à r.l. et Cie, S.C.A.’s privacy policy available at https://www.paypal.com/de/webapps/mpp/ua/privacy-full. The data transfer is necessary for the performance of the agreement regarding the ASaaS-Product and/or for pre-contractual measures when payment information is required.

• Stripe (Stripe, Inc.)

Stripe is a payment provider by Stripe, Inc., 185 Berry Street, Suite 550 San Francisco, CA 94107, USA (“Stripe, Inc.”). Find more information about the Processing of Personal Data in Stripe, Inc.’s privacy policy available at https://stripe.com/at/privacy. The data transfer is necessary for the performance of the agreement regarding the ASaaS-Product and/or for pre-contractual measures when payment information is required.

5.3 Managing contacts and sending messages

This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with the User. These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.

• Mailchimp (Intuit Inc.)

Mailchimp is an email address management and message sending service provided by Intuit Inc., 5100 Spectrum Way, Mississauga ON L4W 5G1, USA (“Intuit Inc.”). Find more information about the Processing of Personal Data in Intuit Inc.’s privacy policy available at https://www.intuit.com/privacy/statement/. The data transfer is necessary for marketing activities and is conducted in accordance with Art. 6 (1) (f) GDPR (legitimate interest with regard to advertising, market research and surveys).

• HubSpot Email (HubSpot, Inc.)

HubSpot Email is an email address management and message sending service provided by HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA (“HubSpot, Inc.”). Find more information about the Processing of Personal Data in HubSpot Inc.’s privacy policy available at https://legal.hubspot.com/de/privacy-policy. The data transfer is necessary for the performance of the agreement regarding the ASaaS-Product and/or for pre-contractual measures when communication with the Business Partner is required. 

5.4 SPAM protection

This type of service analyzes the traffic of the Site, potentially containing Users’ Personal Data, with the purpose of filtering it from parts of traffic, messages and content that are recognized as SPAM.

• Google reCAPTCHA (Google Ireland Limited)
  Google reCAPTCHA is a SPAM protection service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google Ireland Limited”). The use of reCAPTCHA is subject to the Google privacy policy and terms of use. Find more information about the Processing of Personal Data in Google Ireland Limited’s privacy policy available at http://www.google.com/analytics/terms/gb.html or at https://www.google.at/intl/en_uk/policies/. The data transfer is necessary for the performance of the agreement regarding the ASaaS-Product and is also conducted in accordance with Art. 6 (1) (f) GDPR (legitimate interest to analyze the traffic of the Site with the purpose of filtering it from parts of traffic, messages and content that are recognized as SPAM). 

5.5 Traffic optimization and distribution

This type of service allows the Site to distribute their content using servers located across different countries and to optimize their performance. The Personal Data Processed depends on the characteristics and the way these services are implemented. Their function is to filter communications between the Site and the User’s browser.

• Cloudflare (Cloudflare Inc.)
  Cloudflare is a traffic optimization and distribution service provided by Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, USA (“Cloudfare Inc.”). The way Cloudflare is integrated means that it filters all the traffic through the Site, i.e., communication between the Site and the User’s browser, while also allowing analytical data from the Site to be collected. Find more information about the Processing of Personal Data in Cloudflare Inc.’s privacy policy at https://www.cloudflare.com/privacypolicy/. The data transfer is necessary for the performance of the agreement regarding the ASaaS-Product and is conducted in accordance with Art. 6 (1) (f) GDPR (legitimate interest to optimize the site performance and to collect analytical data from the Site).

5.6 User database management

This type of service allows the Controller to build user profiles by starting from an email address, a personal name, or other information that the User provides to the Site, as well as to track User activities through analytics features. This Personal Data may also be matched with publicly available information about the User (such as social networks’ profiles) and used to build private profiles that the Controller can display and use for improving the Site. Some of these services may also enable the sending of timed messages to the User, such as emails based on specific actions performed on the Site.

• HubSpot CRM (HubSpot, Inc.)

HubSpot CRM is a user database management service provided by HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA (“HubSpot, Inc.”). Find more information about the Processing of Personal Data in HubSpot, Inc’s privacy policy available at https://legal.hubspot.com/de/privacy-policy . The data transfer is necessary for the performance of the agreement regarding the ASaaS-Product and is conducted 

in accordance with Art. 6 (1) (f) GDPR (legitimate interest for a user database management). 

• candidate.ly (Gustav Technologies, Inc.)

candidate.ly is a software that supports staffing and recruiting teams with candidate presentation and candidate marketing provided by Gustav Technologies, Inc., 61 Greenpoint Ave #684 Brooklyn, NY 11222, USA (“Gustav Technologies, Inc.”). Find more information about the processing of Personal Data in Gustav Technologies, Inc.’s privacy policy available at https://www.gustavtech.com/privacy-policy. The data transfer is necessary for the performance of the agreement regarding the ASaaS-Product.

6. Marketing activities

After having obtained the User’s express consent, we may use the Personal Data for marketing purposes and sending newsletters regarding our products and services. The User can revoke the consent and/or object this use of Personal Data in accordance with Art. 21 GDPR at all times by sending an email to office@speedinvest-heroes.com or by the “unsubscribe” link in the newsletter. 

7. Cookies

Our Site makes use of cookies. Cookies are small text files downloaded by your Internet browser and stored on the device you use to access the Site (e.g., your desktop computer, tablet or smartphone). Depending on their purpose, cookies log specific User-related information such as your User preferences, authentication information, security parameters, data concerning the device you access the Site with and statistical information regarding your use of the Site. Where necessary during your visit of the Site or when revisiting the Site, your Internet browser transmits the cookies including the contained information back to the servers they were initially downloaded from. The analysis and Processing of such information allows us to ensure the functionality of the Site, improve your online experience and optimize the structure and content of the Site. The cookies we use can be categorized as follows:

Session Cookies: These are cookies that allow our Site to collect information about what you do during a browsing session each time you visit the Site. When connecting to our server, your device will be allocated a session ID, which enables our server to identify your device during the session and facilitates Site usability. These cookies are temporary and are set to be deleted when you leave the Site;

Persistent Cookies: These are cookies that are stored by your Internet browser for more than a session and are set to expire within a defined time period. Persistent cookies enable us to remember your settings and information, so you do not have to keep re-entering them whenever you visit our Site. They also measure how you use and interact with the Site and enable us to personalize the Site. For example, they may allow us to alter the rotation of images on the Site so that different images will be displayed on your next visit;

First-Party Cookies: These are cookies that we store and access on your device in our capacity as Controller and/or Processor of your Personal Data when you visit our Site. They might include cookies related to third-party service providers, provided that we control and determine the purposes and means of the Processing of your Personal Data logged by such cookies. As a result, first-party cookies might log user-related Personal Data accessible to and Processed by third parties on our behalf and subject to our instructions.

Third-Party Cookies: These are cookies that are stored and accessed on your device by third parties determining the purposes and means of the Processing of your Personal Data logged by such cookies.

You may influence the scope and extent to which we use cookies when you visit our Site. In particular, you may prevent cookies from being stored on your device by adjusting the respective settings on your Internet browser. For more information on how to do so in the settings of your particular Internet browser, please see the following information:

Internet Explorer:

https://privacy.microsoft.com/en-us/internet-explorer-ie11-preview-privacy-statement

Chrome:

https://www.google.com/intl/en/chrome/browser/privacy/

Firefox:

https://support.mozilla.org/en-US/products/firefox/protect-your-privacy

Safari:

http://www.apple.com/privacy/manage-your-privacy/

However, please be aware that this might render certain functions of our Site inoperable or more difficult to use. Depending on the Internet browser you use, you might also be able to specifically reject third-party cookies. In this context, please note, however, that third parties might still have access to your Personal Data to the extent that such data is logged by first-party cookies.

8. Social Plugins

This Site contains social plugins of the following social networks: 

• Facebook provided by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland; https://www.facebook.com/about/privacy; 

• LinkedIn provided by LinkedIn Ireland Unlimited Company, Attn: Legal Dept. (Privacy Policy and User Agreement) Wilton Plaza Wilton Place, Dublin 2 Ireland. https://www.linkedin.com/help/linkedin/answer/79728?lang=de;

• Xing provided by New Work SE, Am Strandkai 1, 20457 Hamburg, Germany https://www.xing.com/imprint

If you visit a webpage containing such plugins your browser will connect directly to the servers of Facebook, LinkedIn and Xing. The content of the plugin will be transferred into your browser from the respective provider and embedded into the webpage. These provides receive information that you have visited the Site even if you don’t have a profile with the respective social network or even if you are not logged in.

In case you are logged on to a social network the provider can match your visit of the Site with your profile. If you interact with the plugin (for example by clicking “like”) the information will be transferred to the servers of the social network directly and will be stored there. Moreover, this information will be published on your account and displayed under your “contacts”.

8. Data Security

Data transfer on the internet (e.g. communicating via email) may imply certain security risks. For this reason, Speedinvest Heroes cannot guarantee full protection of the User’s Personal Data against third party access. However, we have adopted a wide range of security measures to protect Personal Data against wilful or random misuse, loss, destruction or access by an unauthorised person. Our security measures are regularly evaluated and updated.

9. Links to other web pages

You will find links to other web pages on our Site. Our privacy and data protection declaration is not applicable to these Sites. We kindly ask you to visit these websites directly to receive the relevant data protection declaration and privacy policy. We can therefore not be held liable for these web pages.

10. Duration of the Processing

We Process your Personal Data as long as necessary. As soon as your Personal Data is no longer required, it will be anonymized or deleted.

We store the Personal Data necessary for the fulfillment of legal obligations in any case in accordance with the statutory retention and documentation obligations, e.g. according to the Austrian Business Code (UGB) or the Federal Fiscal Code (BAO). In addition, we take into account the statutory limitation periods, which, for example, according to the Austrian General Civil Code (ABGB) can be up to 30 years in certain cases.

11. Your rights

Subject to applicable law, you have the right to

1. obtain information about your Personal Data Processed by us, the purposes of the Processing, the categories of Personal Data Processed, the recipients of the Personal Data, the storage period, the rights you are entitled to, the origin of the Personal Data and the existence of automated decision-making;
2. request the correction, deletion or blocking of incorrect Personal Data or Personal Data not Processed in line with the applicable legal requirements;
3. revoke your consent to have your Personal Data Processed at any time with future effect by letter or email, provided however that any Personal Data prior to your revocation may still be Processed;
4. obtain the delivery of Personal Data Processed in a standard, machine-readable format; and
5. complain to the competent authority as follows: 

Österreichische Datenschutzbehörde

Barichgasse 40-42,

A-1030 Vienna,

+43 1 521 520,

email: dsb@dsb.gv.at

https://www.dsb.gv.at/

12. Contact

Please contact us to exercise your rights in relation to the Personal Data Processed by us or to update or change your Personal Data:

Speedinvest Heroes Consulting GmbH

Stiftgasse 21/28

A-1070 Vienna

email: office@speedinvest-heroes.com 

13. Changes to this Policy

Due to ongoing further development, this Policy will continue to be adapted. Changes will be announced on this Site. Therefore, you should regularly access this Policy in order to inform yourself about the current version.