TERMS OF USE
Terms of Use for the PANDA Directory
PANDA's mission is to connect female professionals and executives throughout Germany and beyond, empowering them to achieve greater productivity and success. Our services are designed to unlock networking opportunities for our members by providing a platform for networking, exchanging ideas, learning new skills, discovering professional and business opportunities, recruiting, and making informed decisions within a reliable network.
For more information about how we use your data, please see our Terms of Use.
1. Introduction
Below we provide information about the processing of personal data when using [this service/service].
our website https://we-are-panda.com/
our social media profiles.
Personal data is any data that relates to a specific natural person, e.g. their name or IP address.
1.1. Contact details
The controller pursuant to Article 4(7) of the EU General Data Protection Regulation (GDPR) is:
PANDA GmbH, Augsburger Straße 5, 86415 Mering, Germany
Email: datenschutz@we-are-panda.com
Legally represented by Isabelle Hoyer and Stuart B. Cameron
Our data protection officer can be contacted via heyData GmbH, Schützenstraße 5, 10117 Berlin, www.heydata.eu , email: datenschutz@heydata.eu .
1.2. Scope of data processing, processing purposes and legal bases
The scope of data processing, processing purposes, and legal bases are explained in detail below. The following are generally possible legal bases for data processing:
Article 6 paragraph 1 sentence 1 letter a GDPR serves as our legal basis for processing operations for which we obtain consent.
Article 6(1)(b) GDPR is the legal basis insofar as the processing of personal data is necessary for the performance of a contract, e.g., when a user purchases a product from us or we perform a service for them. This legal basis also applies to processing that is necessary for pre-contractual measures, such as inquiries about our products or services.
Article 6(1)(c) GDPR applies if we fulfill a legal obligation by processing personal data, as may be the case, for example, in tax law.
Article 6(1)(f) GDPR serves as the legal basis when we can rely on legitimate interests for the processing of personal data, e.g. for cookies that are necessary for the technical operation of our website.
1.3. Data processing outside the EEA
Insofar as we transfer data to service providers or other third parties outside the EEA, adequacy decisions of the EU Commission pursuant to Art. 45 para. 3 GDPR guarantee the security of the data during the transfer, insofar as these exist, as is the case, for example, for Great Britain, Canada and Israel.
When data is transferred to service providers in the USA, the legal basis for the data transfer is an adequacy decision by the EU Commission if the service provider has additionally certified itself under the EU US Data Privacy Framework.
In other cases (e.g., when no adequacy decision exists), the legal basis for data transfer is generally, unless we provide a different indication, standard contractual clauses. These are a set of rules adopted by the EU Commission and form part of the contract with the respective third party. According to Article 46(2)(b) GDPR, they guarantee the security of data transfer. Many providers have issued additional contractual guarantees beyond the standard contractual clauses, which protect the data beyond the scope of the standard contractual clauses. These include, for example, guarantees regarding data encryption or the third party's obligation to inform data subjects if law enforcement agencies wish to access their data.
1.4. Storage duration
Unless expressly stated otherwise in this privacy policy, the data we store will be deleted as soon as it is no longer required for its intended purpose and there are no legal obligations to retain it. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted, meaning the data will be blocked and not processed for other purposes. This applies, for example, to data that we are required to retain for commercial or tax law reasons.
1.5. Rights of those affected
Data subjects have the following rights with regard to their personal data:
Right to information,
Right to rectification or erasure,
Right to restriction of processing,
Right to object to processing,
Right to data portability,
Right to withdraw consent at any time.
Data subjects also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of their personal data. Contact details for the data protection supervisory authorities can be found at https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.
1.6. Obligation to provide data
Customers, prospective customers, or third parties are only required to provide us with the personal data necessary for establishing, executing, and terminating a business or other relationship, or which we are legally obligated to collect. Without this data, we will generally have to refuse to enter into a contract or provide a service, or we may no longer be able to perform an existing contract or other relationship.
Mandatory fields are marked as such.
1.7 No automatic decision-making in individual cases
We generally do not use fully automated decision-making pursuant to Article 22 GDPR for establishing and maintaining a business relationship or other relationship. Should we use these procedures in individual cases, we will inform you separately, provided this is required by law.
1.8. Making contact
When you contact us, for example by email or telephone, we store the data you provide (e.g., names and email addresses) in order to answer your questions. The legal basis for this processing is our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in responding to inquiries addressed to us. We delete the data collected in this context once storage is no longer necessary, or restrict processing if there are statutory retention obligations.
2. Data processing in the app
2.1. Downloading the app
Our app is available for download in Apple's App Store and Google's Play Store (hereinafter "Stores"). When users download the app, the necessary information is transmitted to the Stores, specifically username, email address, account number, time of download, payment information, and the unique device identifier. We have no control over this data collection and are not responsible for it. We only process the data to the extent necessary for downloading the mobile app to the user's mobile device.
2.2. Hosting
Our app is hosted by the provider Hivebrite. The provider is Kit United, 5 rue des italiens, 75009 Paris, France. The provider processes personal data transmitted via the app, such as content, usage, meta/communication data, and contact information. Further information can be found in the provider's privacy policy at https://hivebrite.io/privacy-policy .
It is in our legitimate interest to provide an app, so the legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR.
2.3. Informational use of the app
When users use our app, we collect the data that is technically necessary for us to offer users the functions of our app and to ensure its stability and security. This constitutes our legitimate interest, so the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR.
The data processed in this respect are:
IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the requirement (specific interface)
Access status/HTTP status code
each data volume transferred
Operating system and its interface
Operating system language and version
2.4. Access to functions or data
The app requests the user's access to device functions or data in order to function. By granting this access, the user consents to the associated data processing, making the legal basis for this processing Article 6(1)(a) GDPR. Users can withdraw their consent at any time by disabling access in their device settings. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
The data processed or access functions used in this respect are:
existing photographs and (entire) storage
2.5. Data processing for the provision of functions
Within the app, we process data to provide the user with app functions. The legal basis for this processing is the user agreement concluded with the user regarding the app.
The data processed in this respect are
Only the data entered into the app by the user themselves,
Universal Unique Identifier of the terminal device (UUID),
Other identifiers besides UUID and
Photos
2.6. Our App
Users can open a customer account. We process the data requested in this context on the basis of our contract. The legal basis for this processing is therefore Article 6(1)(b) GDPR.
The specific personal data processed in this context is determined by the respective input form used for registration. Data is only shared with one or more data processors, such as cooperating partner companies, after the explicit prior consent of the data subject.
Registration also results in the storage of the IP address assigned by the data subject's internet service provider (ISP), as well as the date and time of registration. This data is stored to prevent misuse of our services and to enable the investigation of criminal offenses if necessary. Therefore, storing this data is necessary to protect the data controller. This data will not be disclosed to third parties unless there is a legal obligation to do so or disclosure is required for law enforcement purposes.
Registration for events
Our app offers forms for applying to various events we organize. The data entered during this application process is visible in the application form's input fields. This data is collected and stored solely for the purpose of using our service.
The data in question is as follows:
First name, last name, email address, phone number, postal code, city
current job title, current employment type, current company
academic background, industry
Who else should definitely be at the event? Name 3 more people you would recommend (first name, last name, email address) > optional information
How did you find out about Panda?
Upload your CV (please as a PDF)
As part of this process, we also store your IP address and the date and time of registration. This serves as a safeguard for us in the event that a third party misuses your data and registers on our site without your knowledge.
Your data will not be shared with third parties as a matter of principle. An exception to this is the forwarding of your CV to the corporate partners of the event for which you have applied to participate. This forwarding will only occur at your explicit request and with your explicit consent. This consent will be obtained as part of your application process as follows:
PANDA CV Book* Before the event, we offer you the opportunity to have your CV featured in the 'PANDA CV Book'. The CV Book will be forwarded to our partner companies. Companies interested in your profile may contact you and invite you to a personal interview at the PANDA event. If you would like to participate, we will use the CV we have on file for this purpose (unless you would like to provide us with a different version).
IMPORTANT: Your CV will be accessible to partner companies for a period of four weeks – after which your contact information will be deleted. Participation in the CV-Book is, of course, voluntary and intended to offer additional value. Your profile will not be forwarded without your consent.
Yes, I would like to be included in the CV book.
No, I don't want to appear in the CV book.
2.7. Payment service providers
We use payment processors to process payments; these processors are themselves data controllers within the meaning of Article 4 No. 7 GDPR. Insofar as they receive data and payment information entered by us during the ordering process, we thereby fulfill the contract concluded with our customers (Article 6 Paragraph 1 Sentence 1 Letter b GDPR).
These payment service providers are:
Stripe Payments Europe, Ltd., Ireland
3. Compliance with child safety laws and reporting requirements
Our app complies with applicable laws and regulations regarding child safety.
Our app ensures that all content shared within the app is suitable for a diverse audience, including children. User-generated content is moderated to prevent inappropriate material from being accessed.
All CSAM (Child Safety Abuse Material) content will be automatically removed if it is flagged or reported via our moderation functions, or if we are contacted directly for this purpose.
We will systematically take steps to report confirmed CSAM content to the National Center for Missing and Exploited Children .
CSAM encompasses any visual representation, including but not limited to photographs, videos and computer-generated images, that involves the use of a minor in sexually explicit behavior.
Contact person for child safety
You can contact go@we-are-panda.com if CSAM content is detected.
Privacy and data protection
Our app is committed to protecting user data, especially that of children under 13 years of age, in accordance with applicable regulations.
The privacy policy is clearly displayed and accessible via the app settings and our website.
All data is encrypted and securely stored during transmission.
Advertising and monetization
Our app contains no advertising or monetized content.
Transparency and disclosure
Data security: Detailed information can be found in the Google Play data security form.
Content ratings: IARC 3+, L, E, 3, 3, USK 0
Validation and updates
Regular internal tests are conducted to ensure compliance with Google Play's child safety standards, including functionality tests and content audits.
The guidelines are reviewed quarterly or as needed to adapt them to updated child safety standards.
4. Changes to this Privacy Policy
We reserve the right to amend this privacy policy with effect for the future. The current version is always available here.
5. Questions and comments
For questions or comments regarding this privacy policy, please feel free to contact us using the contact details provided above.
Subscribe to the newsletter now
Receive quarterly updates on events, initiatives, and insights from the PANDA universe. By subscribing, you agree that PANDA GmbH may send you news and information via email.
*You can unsubscribe from the newsletter at any time using the unsubscribe link at the bottom of each email. Further information on how we handle personal data can be found in our privacy policy .