TERMS OF USE

Terms of Use for the PANDA Directory

PANDA has made it its mission to network female specialists and executives throughout Germany and beyond in order to help them achieve even greater productivity and success. Our services are designed to open up networks and opportunities for our members by giving you the chance to meet, exchange ideas, learn new things, discover career and business opportunities, find employees, and make decisions within a trustworthy network.

Further information on how we use your data can be found in our Terms of Use.

1. Intro

In the following, we inform you about the processing of personal data when using

our Website https://we-are-panda.com/
our profiles on social media.

Personal data is any data that can be related to a specific natural person, such as their name or IP address.

1.1. Contact Details

The controller pursuant to Art. 4 Para. 7 of the EU General Data Protection Regulation (GDPR) is:

PANDA GmbH, Augsburger Straße 5, 86415 Mering, Germany Email: datenschutz@we-are-panda.com

Legally represented by Isabelle Hoyer and Stuart B. Cameron

Our data protection officer can be reached via heyData GmbH, Schützenstraße 5, 10117 Berlin, www.heydata.eu, E-Mail: datenschutz@heydata.eu

1.2. Scope of Data Processing, Processing Purposes and Legal Bases

We detail the scope of data processing, processing purposes, and legal bases further below. In principle, the following legal bases for data processing are considered:

Art. 6 Para. 1 Sentence 1 lit. a GDPR serves as the legal basis for processing operations for which we obtain consent.
Art. 6 Para. 1 Sentence 1 lit. b GDPR is the legal basis insofar as the processing of personal data is necessary for the fulfillment of a contract, e.g., if a user purchases a product from us or we perform a service for them. This legal basis also applies to processing operations that are necessary for pre-contractual measures, such as inquiries about our products or services.
Art. 6 Para. 1 Sentence 1 lit. c GDPR applies when we fulfill a legal obligation with the processing of personal data, as may be the case, for example, under tax law.
Art. 6 Para. 1 Sentence 1 lit. f GDPR serves as the legal basis when we can invoke legitimate interests for the processing of personal data, e.g., for cookies that are necessary for the technical operation of our website.

1.3. Data Processing Outside the EEA

Insofar as we transmit data to service providers or other third parties outside the EEA, adequacy decisions by the EU Commission pursuant to Art. 45 Para. 3 GDPR guarantee the security of the data upon transfer, where available, as is the case for Great Britain, Canada, and Israel, for example.

When transferring data to service providers in the USA, the legal basis for the data transfer is an adequacy decision by the EU Commission if the service provider has additionally certified under the EU-US Data Privacy Framework.

In other cases (e.g., if no adequacy decision exists), the legal basis for the data transfer is generally Standard Contractual Clauses, unless we provide different information. These are a set of rules adopted by the EU Commission and are part of the contract with the respective third party. Pursuant to Art. 46 Para. 2 lit. b GDPR, they ensure the security of the data transfer. Many of the providers have provided contractual guarantees that go beyond the Standard Contractual Clauses, protecting the data further than the Standard Contractual Clauses. These include, for example, guarantees regarding the encryption of the data or regarding an obligation of the third party to notify data subjects if law enforcement agencies wish to access the data.

1.4. Storage Duration

Unless expressly stated otherwise within this privacy policy, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and no legal retention obligations prevent the deletion. If the data is not deleted because it is necessary for other legally permissible purposes, its processing will be restricted, meaning the data will be blocked and not processed for other purposes. This applies, for example, to data that we must retain for commercial or tax reasons.

1.5. Rights of the Data Subjects

Data subjects have the following rights vis-à-vis us regarding their personal data:

Right of access,
Right to rectification or erasure,
Right to restriction of processing,
Right to object to processing,
Right to data portability,
Right to withdraw consent granted at any time.

Data subjects also have the right to lodge a complaint with a data protection supervisory authority about the processing of their personal data. Contact details of the data protection supervisory authorities can be found at https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.

1.6. Obligation to Provide Data

Customers, prospective customers, or third parties must only provide us with the personal data that is necessary for the establishment, execution, and termination of the business relationship or other relationship, or which we are legally obligated to collect. Without this data, we will generally have to refuse to conclude a contract or provide a service, or we will no longer be able to carry out an existing contract or other relationship.

Mandatory information is marked as such.

1.7 No Automated Individual Decision-Making

For the establishment and execution of a business relationship or other relationship, we generally do not use fully automated decision-making pursuant to Article 22 GDPR. Should we use these procedures in individual cases, we will inform you separately if this is legally required.

1.8. Contacting Us

When you contact us, e.g., via email or telephone, the data communicated to us (e.g., names and email addresses) will be stored by us in order to answer questions. The legal basis for the processing is our legitimate interest (Art. 6 Para. 1 Sentence 1 lit. f GDPR) in answering inquiries addressed to us. We delete the data arising in this context after storage is no longer necessary, or we restrict the processing if legal retention obligations exist.

2. Data Processing in the App

2.1. App Download

Our app is available for download in Apple’s App Store and Google’s Play Store (hereinafter “Stores”). When users download the app, the necessary information is transmitted to the Stores, specifically the username, email address, and customer number of the account, the time of download, payment information, and the individual device identifier. We have no influence on this data collection and are not responsible for it. We only process the data to the extent necessary for downloading the mobile app onto the user’s mobile device.

2.2. Hosting

Our app is hosted by the provider Hivebrite. The provider is Kit United, 5 rue des italiens, 75009 Paris, France. The provider processes the personal data transmitted via the app, e.g., content, usage, meta/communication data, or contact details. Further information can be found in the provider's privacy policy at https://hivebrite.io/privacy-policy.

It is our legitimate interest to provide an app, so the legal basis for the data processing is Art. 6 Para. 1 Sentence 1 lit. f GDPR.

2.3. Informational Use of the App

When users use our app, we collect the data that is technically necessary for us to offer users the functions of our app and to ensure stability and security. This constitutes our legitimate interest, so the legal basis is Art. 6 Para. 1 Sentence 1 lit. f GDPR.

The data processed in this regard are:

IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific interface)
Access status/HTTP status code
Amount of data transferred in each case
Operating system and its interface
Language and version of the operating system

2.4. Access to Functions or Data

The app requests the user's access to functions of the end device or to data on the end device in order to be able to execute app functions. By allowing access, the user gives their consent to the associated data processing, so the legal basis is Art. 6 Para. 1 Sentence 1 lit. a GDPR. Users can withdraw their consent at any time by ending access in the end device settings. The withdrawal does not affect the lawfulness of the processing until the withdrawal.

The data processed or access functions used in this regard are:

existing photo recordings and (entire) storage

2.5. Data Processing for the Provision of Functions

In the app, we process data to provide the user with the app's functions. The legal basis for the processing is the user agreement concluded with the user regarding the app.

The data processed in this regard are:

Only the data entered by the user themselves into the app,
Universal Unique Identifier of the end device (UUID),
Other identifier besides UUID, and
Photos

2.6. Our App

Users can open a customer account. We process the data requested in this context on the basis of our contract. The legal basis for the processing is therefore Art. 6 Para. 1 Sentence 1 lit. b GDPR.

Which personal data is processed in this context is apparent from the respective input mask used for registration. Data is only transferred to one or more processors, such as cooperating partner companies, after explicit prior consent from the data subject.

Furthermore, registration stores the IP address assigned by the data subject's Internet Service Provider (ISP), the date, and the time of registration. This data is stored because it is the only way to prevent misuse of our services, and this data makes it possible to investigate committed criminal offenses if necessary. In this respect, the storage of this data is necessary to safeguard the controller. This data is generally not passed on to third parties, unless there is a legal obligation to pass it on or the transfer serves the purpose of criminal prosecution.

Registration for Events

We offer the opportunity to apply for various events organized by us via forms in our app. The data entered during this application process can be seen in the input mask of the application form. They are collected and stored exclusively for the use of our service.

The data involved are:

First name, last name, email, phone number, postal code, place of residence
current job title, current type of employment, current company
academic background, industry
who should definitely be at the event? Name 3 other people you would like to recommend (first name, last name, email) > voluntary information
how did you find out about PANDA?
upload CV (as a PDF)

In this context, the IP address, date, and time of registration are also stored. This serves as a safeguard on our part in the event that a third party misuses your data and registers on our site without your knowledge.

The data is generally not passed on to third parties. An exception to this is the forwarding of the CV to corporate partners of the event for which you applied to us as a participant. This forwarding only takes place upon an explicit request and after explicit release by you. This is obtained during your application as follows:

PANDA CV-Book* Before the event, we offer you the opportunity to appear with your CV in the 'PANDA CV-Book'. The CV-Book is forwarded to our partner companies. Companies interested in your profile can contact you and invite you to a personal introductory meeting at the PANDA Event. If you would like to be included, we will use the CV we have on file for this purpose (unless you would like to provide us with a different version).

IMPORTANT: Your CV is accessible to the partner companies for a period of four weeks – after which your contact information will be deleted. Participation in the CV-Book is voluntary, of course, and is intended to offer additional added value. Your profile will not be forwarded without your consent.

Yes, I would like to appear in the CV-Book.
No, I would not like to appear in the CV-Book.

2.7. Payment Service Providers

We use payment processors to handle payments, which are themselves controllers under data protection law within the meaning of Art. 4 No. 7 GDPR. Insofar as they receive data and payment data entered by us during the order process, we are thereby fulfilling the contract concluded with our customers (Art. 6 Para. 1 Sentence 1 lit. b GDPR). These payment service providers are:

Stripe Payments Europe, Ltd., Irland

3. Compliance with child safety laws and reporting requirements

Our app complies with applicable child safety laws and regulations.

Our app ensures that all content shared in the app is suitable for a mixed audience, including children. User-generated content is moderated to prevent inappropriate material from being accessible. All CSAM (Child Safety Abuse Material) content will be automatically removed if flagged or reported via our moderation functions or if we are contacted directly for this purpose. We will systematically take action to report confirmed CSAM content to the National Center for Missing and Exploited Children.

CSAM includes any visual depiction, including but not limited to photos, videos, and computer-generated images, that involves the use of a minor in sexually explicit conduct.

Contact Person for Child Safety

You can go@we-are-panda.com if CSAM content is discovered.

Privacy and Data Protection

Our app is committed to protecting user data, particularly from children under 13, in accordance with applicable regulations.

The privacy policy is clearly displayed and accessible via the app settings and our website.

All data is encrypted during transmission and stored securely.

Advertising and Monetization

Our app does not contain advertising or monetized content.

Transparency and Disclosure

Data Security: Detailed information can be found in the Google Play Data Safety form.

Content Ratings: IARC 3+, L, E, 3, 3, USK 0

Validation and Updates

Regular internal tests are conducted to ensure compliance with Google Play standards for child safety, including functionality tests and content audits.

Policies are reviewed quarterly or as needed to align with updated child safety standards.

4. Changes to This Privacy Policy

We reserve the right to change this privacy policy with effect for the future. A current version is available here.

5. Questions and Comments

We are happy to answer any questions or comments regarding this privacy policy using the contact details provided above.

SIGN UP FOR THE NEWSLETTER NOW

Receive quarterly updates on events, initiatives, and insights from the PANDA universe. By subscribing, you agree that PANDA GmbH may send you news and information via email.

*You can unsubscribe from the newsletter at any time via the unsubscribe link at the end of each email. For more information on how we handle personal data, please refer to our privacy policy.