This privacy policy is intended to explain in a clear, transparent, and well-structured way how we process your personal data and to provide further information relevant in this context. Your personal rights are our highest priority, and we make every effort to protect and safeguard these rights.

This privacy policy was last updated on 20/07/2025.

If you have any questions or other inquiries regarding data protection in our company, you are welcome to contact us at dataprotection@e-mission.de .

Contents

e-Mission Privacy Policies

1. Controller
2. Contact details for data protection contact / data protection officer
3. Data subject rights
4. Purpose and legal basis for processing personal data
   1. Visiting our website
   2. Contacting us via our website
   3. Newsletter
   4. Use of cookies
   5. Social plug-ins
   6. External media
5. Data protection information for applicants
   1. Transfer to third countries
   2. Service provider JOIN
   3. Types of personal data
   4. Retention of personal data
   5. Use of social media and email for the application process
   6. Right of access and option to withdraw
6. Data protection information for social media
7. Data protection information for Facebook fan page and Instagram profile
   1. Responsibilities, data protection officer and processing by Facebook and Instagram
   2. Your rights
   3. Categories and purposes of the processed personal data
      1. Provision of statistical analyses of page usage by Facebook
      2. Visibility of users’ personal data
      3. Communication via private or public message
8. Disclosure of personal data
9. Security measures
10. Links to other websites

1. Controller

e-Mission GmbH, Hildegardstr. 16a, 10715 Berlin (hereinafter referred to as “we” or “e-Mission”) is the controller within the meaning of the EU General Data Protection Regulation (“GDPR”).

2. Contact details for data protection contact / data protection officer

If you have questions about data protection at e-Mission or would like to exercise your data protection rights, you can contact our data protection team at any time at dataprotection@e-mission.de .

e-Mission has appointed a data protection officer in accordance with Art. 37 GDPR. You can contact the data protection officer at any time by email at: dataprotection@e-mission.de .

3. Data subject rights

Depending on the individual situation, you have the following data protection rights. You can exercise these rights at any time by contacting us using the details provided in Sections 1 and 2:

Right of access

You have the right to obtain information about the personal data we process about you, as well as access to your personal data and/or copies of this data. This includes information about the purpose of use, the categories of data used, their recipients and authorized persons with access, and, where possible, the planned duration of data storage or, where this is not possible, the criteria used to determine that duration.

Right to rectification

You have the right to request that we correct inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to request completion of incomplete personal data — including by means of a supplementary statement.

Right to object

If the processing of your personal data is based on Art. 6(1) sentence 1 lit. f GDPR, you have the right to object to the processing of this data at any time for reasons arising from your particular situation. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

Right to withdraw consent

If processing is based on consent (Art. 6(1) sentence 1 lit. a, or Art. 9(2) lit. a GDPR), you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. To do so, you can contact us at any time using the details above.

Right to erasure

You have the right to request that personal data concerning you be deleted without undue delay. In addition, we are obliged to delete personal data without undue delay if one of the following reasons applies:

• The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
• You object to the processing in accordance with Section 3.3 above and there are no overriding legitimate grounds for the processing.
• The personal data has been processed unlawfully.
• Erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.

This does not apply where processing is necessary:

• for compliance with a legal obligation requiring processing under Union or Member State law to which we are subject.
• for the establishment, exercise or defense of legal claims.

Right to restriction of processing

You have the right to request restriction of processing if one of the following conditions is met:

• You contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data;
• the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
• we no longer need the personal data for the purposes of the processing, but you require it for the establishment, exercise or defense of legal claims; or
• you have objected to processing pursuant to Section 3.3 above pending the verification whether our legitimate grounds override yours. If processing has been restricted under this Section 3.6, such personal data may — apart from storage — only be processed with your consent or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State. If you have obtained restriction of processing, we will inform you before the restriction is lifted.

Right to lodge a complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

4. Purpose and legal basis for processing personal data

4.1 Visiting our website

For hosting our learning platform, we use Google Cloud (Google Cloud Platform) provided by Google and the cloud software service Kubernetes Engine. Our selected servers are located in the Frankfurt/Main region, Germany. However, Google Cloud operates on the principle of a multi-tenant environment, which means that data can also be replicated between several geographically distributed data centers to protect data center failover resilience. According to Google, a transfer of personal data in anonymized form to third countries outside the EU is therefore possible.

Information on the data processing agreements concluded with Google can be found here: https://cloud.google.com/security/gdpr/resource-center/contracts-and-terms?hl=de and Google’s privacy information here: https://cloud.google.com/security/privacy .

4.2 Contacting us via our website

If you contact us via our contact form (name, email address, phone, message) as well as by email or phone, your details are voluntarily processed with your knowledge to handle the contact request and its processing within the framework of contractual or pre-contractual relationships pursuant to Art. 6(1) lit. b GDPR, as well as based on our legitimate interest pursuant to Art. 6(1) lit. f GDPR.

The collected data is initially stored and then used to respond to your request and establish contact. Once processing is completed, the data will be deleted unless legal retention is required.

Persons under 16 years of age may not submit data without the consent of their parents. We assure you that we do not knowingly collect personal data from children, use it in any way, or disclose it improperly to third parties.

4.3 Newsletter

If you have chosen to subscribe to our newsletter by email with current information about product launches, interesting offers, and current promotions from e-Mission, you will receive the offers and advertising mentioned. In this context, we process the email address you provide, user name, and the date of your consent.

For sending newsletters, we use the service provider SendinBlue GmbH, Köpenicker Straße 126, 10179 Berlin (“SendinBlue”). SendinBlue is a service with which newsletter distribution can be organized and analyzed. The data you enter for receiving the newsletter (see above) is stored on SendinBlue servers. Our newsletters sent via SendinBlue allow us to analyze the behavior of newsletter recipients. Among other things, it can be analyzed how many recipients opened the newsletter message and how often which link in the newsletter was clicked. All links in the email are so-called tracking links that allow your clicks to be counted.

If you do not want analysis by SendinBlue, you can revoke your consent pursuant to Art. 6(1) lit. a GDPR at any time with effect for the future by emailing dataprotection@e-mission.de or by clicking the unsubscribe link at the end of the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

Data entered for setting up the newsletter will be deleted by us and by SendinBlue in the event you unsubscribe. If this data was transmitted to us for other purposes and elsewhere, it will remain with us.

Further details can be found in SendinBlue’s privacy policy at: de.sendinblue.com/legal/privacypolicy/ .

We have concluded a data processing agreement with SendinBlue in which we oblige SendinBlue to protect our customers’ data and not to pass it on to third parties.

4.4 Use of cookies

On this website, usage data is collected and stored in anonymized form. For this purpose, so-called “cookies” may be used. A cookie is a small file stored on your computer or mobile device. A cookie has a unique ID assigned to your device and thus enables the website to store your actions and preferences (e.g., location, language, font size, and other display settings) for a certain period of time. This means you do not have to re-enter information each time you return to the website or navigate from one page to another. Cookies can also help improve your browsing experience. They are not used to personally identify you and are not combined with data about the holder of the pseudonym. We use this information to determine the attractiveness of our website and to continuously improve its content. We distinguish between technically necessary cookies and cookies for statistical evaluations.

(1) Technically necessary cookies

Our website uses technically necessary cookies to store your cookie consent settings. These cookies do not process any personal data.

If you wish to revoke these consents, simply delete the cookie in your browser. When you re-enter or reload the website, you will be asked again for your cookie consent.

(2) Cookies for statistical evaluations (web analytics)

Cookies that are not strictly necessary for the functioning of our website are generally only used with your prior explicit consent pursuant to Art. 6(1) lit. a GDPR. On this website we use statistical cookies that help us as the website operator understand how visitors interact with our website by collecting and evaluating information about user behavior anonymously.

Google Analytics

If you have consented to the “Statistics” cookie, this website uses Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This includes, for a limited time, your consent pursuant to Art. 49(1) lit. a GDPR for data processing outside the EU and the EEA, in this case in the USA. In the USA, despite the service provider’s obligation, the high European level of data protection cannot be fully guaranteed. If data is transferred to the country concerned, there is a risk that this data could be processed by US authorities for control and surveillance purposes without effective legal remedies or enforceable data subject rights.

Affected by the data transfer outside the EU and the EEA is your IP address, but in an anonymized, shortened form. Only in exceptional cases may the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

On behalf of e-Mission, Google will use this information under a pseudonym to evaluate your use of the website, compile reports on website interactions, and provide other services related to website and internet use to e-Mission.

Objection to data collection

You can prevent the collection of your data by Google Analytics by not selecting the use of Google Analytics under “Statistics” when visiting our website (see cookie banner). More information on how Google Analytics handles user data can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de .

Lead Forensics

Our website contains the tracking code from Lead Forensics. Lead Forensics tracks activities on the website and provides EAO information via the IP address of the requesting computer (this data is not anonymized), the date and duration of the user’s visit, and the web pages visited. The “Lead Forensics” tool complies with current data protection law because it only provides information available in the public domain. The Lead Forensics tool uses IP tracking to identify visitors and does not use cookies. It is not, and cannot be, used to identify who visited the website. It provides information about the company. Further information can be found at www.leadforensics.com .

4.5 Social plug-ins

On our website, we embed content from our official channels (e.g. Facebook, LinkedIn) in various places based on our legitimate interest in optimizing our online offering pursuant to Art. 6(1) lit. f GDPR. This makes it possible for the companies operating these social networks to determine which content you have visited on e-mission.de. In particular, if you are logged in to one of the listed sites with your personal profile at the same time, the operators of the social networks may associate the information with your account.

To prevent the operators of the above social networks from collecting the above data through your visit to our online offering, log out of the respective social network before visiting our site and delete any existing cookies if necessary. To prevent general access to your data on our and other websites, you can disable social plug-ins via a browser add-on (e.g. Disconnect).

4.6 External media

To provide our course content in an illustrative way, we use videos. To provide the videos, we use plugins from the provider Vimeo LLC, 555 West 18th Street, New York, New York 10011 (“Vimeo”). Vimeo is a U.S. video platform.
When you visit one of our pages equipped with Vimeo videos, a connection is established to Vimeo’s servers. In doing so, the Vimeo server is informed which of our pages you have visited. In addition, Vimeo obtains your IP address. However, we have configured Vimeo so that Vimeo will not track your user activity and will not set cookies unless you have given us your explicit consent.
The use of Vimeo is in the interest of an appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6(1) lit. f GDPR. If corresponding consent was requested, processing is carried out exclusively on the basis of Art. 6(1) lit. a GDPR; consent can be revoked at any time.

Vimeo’s data processing also includes, for a limited time, your consent pursuant to Art. 49(1) lit. a GDPR for data processing outside the EU and the EEA, in this case in the USA. In the USA, despite the service provider’s obligation, the high European level of data protection cannot be fully guaranteed. If data is transferred to the country concerned, there is a risk that this data could be processed by US authorities for control and surveillance purposes without effective legal remedies or enforceable data subject rights.

Further information on data processing can be found at Vimeo Inc. at https://vimeo.com/privacy .

5. Data protection information for applicants

We collect and use your personal data that you provide to us as part of the application process. Your personal data is processed solely for the purpose of selecting applicants.
Processing of your personal data takes place provided there is a legal basis pursuant to Art. 5 and 6 GDPR. We process your data to fulfill our (pre-)contractual obligations in the context of the application procedure within the meaning of Art.

5.1 Transfer to third countries

For our internal organization and therefore also for the application process, we use Google Workspace (provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043 USA) and can therefore not rule out that your data may be transferred by Google to a third country, in this case the USA.
In the USA, despite the service provider’s obligation, the high European level of data protection cannot be fully guaranteed. If data is transferred to the country concerned, there is a risk that this data could be processed by US authorities for control and surveillance purposes without effective legal remedies or enforceable data subject rights.

5.2 Service provider JOIN

As part of the application process, we work with the service provider JOIN Solutions AG, Landsgemeindeplatz 6, 9043 Trogen, Switzerland (hereinafter “Join”). Join provides an applicant portal through which you can apply for our job postings. In addition, Join posts our job postings on other websites and apps of third-party providers and supports us in applicant management. Apps and third-party websites are subject to their own privacy policies and must be reviewed by you before using the services. We collect your data only for the purposes set out in this applicant privacy information.
e-Mission does not have full access to the data collected in your applicant profile via Join. e-Mission also cannot trace which data Join processes about you.
Please review Join’s privacy policy before using the Join applicant portal: https://join.com/de/datenschutz/ and the general terms and conditions at: https://join.com/terms/ .

5.3 Types of personal data

“Personal data” means information relating to an identified or identifiable person. The following categories of data may be stored, provided you have supplied them to us in the course of your application:

• for compliance with a legal obligation requiring processing under Union or Member State law to which we are subject.
• Personal identification – e.g., your name, date of birth, gender, nationality;
• Contact details – e.g., private address, telephone number, email address;
• Qualifications and CV – qualifications, memberships in professional associations or licenses, degrees, language skills, competencies and abilities;
• Information about immigration and work authorization – including ID card number, social security number, visa or work permit;
• Information about equal opportunity and diversity – where permitted by local law and provided on a voluntary basis, data on race and ethnic origin (stored anonymously for monitoring equal opportunity);
• Information about your application procedure – e.g., notes from interviews, evaluation results;
• Security and other checks – e.g., references, birth certificate, driver’s license, reliability checks (including from publicly available information and publicly accessible profiles on social networks such as XING, LinkedIn);
• Other personal data you voluntarily provide to us during the application process or in interviews in oral or written form, including in particular other information from your CV; and
• Informal data – e.g., opinions communicated during the application process or in interviews.

5.4 Retention of personal data

In general, we retain applicants’ personal data only as long as needed to fulfill the purpose for which it is collected or provided.
In some cases, we must retain certain records for a specific period as part of our legal or regulatory obligations even after the end of the hiring process. Your personal data will be fully anonymized as soon as knowledge of it is no longer required for the purpose, and at the latest six months after completion of the application process. Application documents submitted during the process will be destroyed by e-Mission in accordance with data protection requirements.

5.5 Use of social media and email for the application process

Based on our legitimate interest within the meaning of Art. 6(1) lit. f GDPR, we maintain online presences within social networks and platforms to communicate with applicants and job seekers active there and to inform you about our current job offers. When accessing the respective networks and platforms, the terms and conditions and data processing policies of the respective operators apply.
Unless otherwise communicated, we process your data in accordance with the information in our applicant privacy notices for the purpose of selecting applicants.
Below you will find an overview of third-party providers and their content, including links to their privacy policies, which contain further information on data processing and options to object:

• LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, privacy policy: https://www.linkedin.com/legal/privacy-policy
• XING Spain, Consell de Cent, 334-336, 1º 1ª, 08009 Barcelona, Spain, privacy policy: https://privacy.xing.com/de/datenschutzerklaerung

You can also send us your application documents by email. Please note, however, that emails are generally not sent encrypted and you, as the sender, are responsible for encryption. We therefore cannot accept responsibility for the transmission route of the application between the sender and receipt on our server. As an alternative to applying via social media and email, you can also send your application documents to us by post.

5.6 Right of access and option to withdraw

You have the right at any time to withdraw your application, to obtain information about your stored data, and to withdraw consents already given to e-Mission GmbH. If you wish to exercise any of these rights or generally have questions about data protection, please send your statement or request to: dataprotection@e-mission.de

6. Data protection information for social media

Based on our legitimate interest within the meaning of Art. 6(1) lit. f GDPR, we maintain online presences within social networks and platforms in order to communicate with customers, interested parties, and applicants active there and to inform you about our current portfolio and job offers. When accessing the respective networks and platforms, the terms and conditions and data processing policies of the respective operators apply.
Unless otherwise communicated, we process your data in accordance with the information in our privacy notices for the purpose of communication with customers, interested parties, and applicant selection.
Below you will find an overview of third-party providers and their content, including links to their privacy policies, which contain further information on data processing and options to object:

• LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, privacy policy: https://www.linkedin.com/legal/privacy-policy
• XING Spain, Consell de Cent, 334-336, 1º 1ª, 08009 Barcelona, Spain, privacy policy: https://privacy.xing.com/de/datenschutzerklaerung
• Indeed Ireland Operations Limited, 124 St. Stephen’s Green, Dublin 2, Ireland, privacy policy: https://de.indeed.com/legal/gdpr_de
• Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland, privacy policy: https://twitter.com/de/privacy

If you contact us via the social media channels mentioned, we process your username and the text of your inquiry as well as any other details you provide in your message in order to handle your request and answer your questions.

Processing is based on legal provisions that allow us to process personal data insofar as this is necessary to respond to your request, e.g. pursuant to Art. 6(1) b GDPR, or based on our legitimate interest in providing you with the requested information pursuant to Art. 6(1) f GDPR.
In the case of a public message, the data you provide is also visible to all other visitors of our company profiles.

7. Data protection information for Facebook fan page and Instagram profile

7.1 Responsibilities, data protection officer and processing by Facebook and Instagram

By using our Facebook fan page (“fan page”) or our Instagram profile, e-Mission GmbH i. G., Hildegardstr 16a, 10715 Berlin (hereinafter referred to as “we” or “e-Mission”) is the controller for the necessary data processing within the meaning of Art. 4(7) GDPR for providing the service.

Excluded from this is data processing in connection with the so-called “Page Insights,” for which we are jointly responsible with Facebook Ireland Limited (“Facebook”).

Please note that use of our fan page or Instagram profile also results in further processing of your personal data by Facebook, which is not limited to the “Page Insights” option.

Which information Facebook collects and processes when using Facebook and Instagram is described by Facebook in its data policy, cookie policy, and Insights data policy. There you will also find information about ways to contact Facebook. The following is a list of these policies:

• Facebook information about Page Insights data (Facebook Ireland Limited): https://www.facebook.com/legal/terms/information_about_page_insights_data
• Facebook Data Policy (Facebook Ireland Limited): https://www.facebook.com/privacy/explanation
• Facebook Cookie Policy (Facebook Ireland Limited): https://www.facebook.com/policies/cookies
• Instagram Privacy Policy (Facebook Ireland Limited): https://help.instagram.com/519522125107875/?helpref=hc_fnav&bc[0]=Instagram- Hilfebereich&bc[1]=Richtlinien und Meldungen
• Instagram Cookie Policy (Facebook Ireland Limited): https://help.instagram.com/1896641480634370/?helpref=hc_fnav&bc[0]=Instagram- Hilfebereich&bc[1]=Richtlinien und Meldungen

Note: The data collected about you may be transferred by Facebook and Instagram to countries outside the European Union.

If you have questions about data protection on our fan page, you are welcome to contact us at dataprotection@e-mission.de.

7.2 Your rights

Depending on the situation, you have different data protection rights; see Chapter 3.

Depending on the situation, you have different data protection rights; see Chapter 3.

7.3 Categories and purposes of the processed personal data

Below we explain which data e-Mission receives from users and/or from Facebook as part of the use of the Facebook fan page and Instagram profile.

7.3.1 Provision of statistical analyses of page usage by Facebook

Some of the data collected by Facebook during use is made available to e-Mission as statistical evaluations in anonymized form. These statistical evaluations relate only to visitors of our fan page or our Instagram profile. They are aggregated values that do not allow any conclusions about individual users; therefore, we have no access to personal data processed by Facebook.

However, this does not necessarily mean that data processing by Facebook is anonymized (see Facebook data policy in 6.1).

7.3.2 Visibility of users’ personal data

When using certain interactive functions of Facebook (e.g. commenting or the “like” button), additional personal information is visible to e-Mission because comments or likes by users are visible to other users and to the provider of the fan page and Instagram profile. This can enable a direct assignment to a user.

e-Mission has no influence over the interactive functionalities or the visibility of comments, likes, or other user activities on the fan page or Instagram profile. In this respect, e-Mission is not the controller within the meaning of data protection law. The type, scope, and duration of storage of “likes” and comments are determined by Facebook; Facebook is also responsible for the lawfulness of this processing.

The type and scope of collection of personal data when visiting a fan page or an Instagram profile also depend on user behavior and can, to some extent, be influenced by the user.

For example, it is possible to visit our fan page or Instagram profile without leaving comments or clicking “like”.

In addition, it is possible to reduce personal data processing when using our fan page or Instagram profile by logging out of Facebook, disabling the “stay logged in” function, deleting cookies on the device, and closing and restarting the browser. In this way, information that can be used to identify the user can be deleted to a large extent. In this way, our fan page and the Instagram profile can be used without revealing the Facebook identifier.

Please note that interactive functions on the fan page or Instagram profile are generally only possible after logging in to Facebook. If you access interactive functions (Like, Comment, Share, etc.), a Facebook login screen appears. After you log in, you are again recognizable to Facebook or Instagram as a specific user.

7.3.3 Communication via private or public message

On our fan page and via our Instagram profile, you can send us a public or private message. This allows you to contact us with questions about e-Mission, our fan page or Instagram profile, or other inquiries.

When you contact us, we process your username and the text of your inquiry as well as any additional details you provide in the message in order to handle your request and answer your questions.

Processing is based on legal provisions that allow us to process personal data insofar as this is necessary to respond to your request

pursuant to Art. 6(1) lit. b GDPR or based on our legitimate interest in providing you with the requested information pursuant to Art. 6(1) lit. f GDPR. In the case of a public message, the data you provide is also visible to all other visitors of our fan page.

8. Disclosure of personal data

Your personal data will not be transferred to third parties for purposes other than those already mentioned and those listed below.

a) For other purposes

We will only pass on your personal data to third parties if: you have given your express consent pursuant to Art. 6(1) sentence 1 lit. a GDPR,

• the disclosure is necessary pursuant to Art. 6(1) sentence 1 lit. f GDPR for the establishment, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data, and
• in the event that there is a legal obligation for the disclosure pursuant to Art. 6(1) sentence 1 lit. c GDPR.

9. Security measures

We use technical and organizational security measures to protect the personal data you provide to us from manipulation, loss, destruction, or unauthorized access. Our security measures are continuously improved and adapted in line with the state of the art. It cannot be ruled out that unencrypted data disclosed may be viewed by third parties. Please note that no secure transmission can be guaranteed for data transfers over the internet (e.g. when communicating by email). Sensitive data should therefore either not be transmitted at all or only via a secure (SSL) connection.

10. Links to other websites

This privacy statement applies to the e-Mission website at e-mission.de. If you leave the e-Mission website, it is recommended that you carefully read the privacy policy of every website that collects personal data.