Endava strongly believes in protecting the confidentiality and security of your personal data. This document is referred to as our “Privacy Notice” and describes how we use the personal data that we collect. Please take the time to read this Privacy Notice as it explains how we collect, use, and store your personal information, and the rights you have in relation to the protection of your personal information.
We respect your privacy. If, at any time, you have any concern about how your personal information is being processed by us, please contact us.
Our contact details
Endava Berlin GmbH at:
Platz der Luftbrücke 4-6
We are Endava Berlin GmbH, incorporated in Germany with registered number Berlin (Charlottenburg) HRB 58797 B with our registered office at Platz der Luftbrücke 4-6, DE-12101 Berlin.
When we say “we”, “us”, or “our”, we mean Endava and its group companies including its parent company and its affiliated companies (“Endava Group”), which may act as a data controller in respect to your personal data.
This notice covers information we collect about you in connection with www.exozet.com (this “Website”) and applies to visitors to this Website, job applicants, and customers who engage in our services.
Unless otherwise stated in this notice, Endava is the provider of this Website and is the data controller of the personal information which we collect about you through this Website and our relationship with you. We are registered with the German Data Protection Authority, Berliner Beauftragter für Datenschutz und Informationsfreiheit.
Visitors to our website, job applicants, and customers
When someone visits www.exozet.com, we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. We collect this information in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting either of our websites. We will not associate any data gathered from this site with any personally identifying information from any other source. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
When you visit our website, information is automatically sent to the server of our website by the browser used on your device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion: IP address of the requesting computer, date and time of access, name and URL of the retrieved file, website from which access is made (“referrer URL”), if applicable, the search engine you use, the browser used, and, if applicable, the operating system of your computer and the name of your access provider. We collect such information to ensure comfortable use of our website by you, the evaluation of system security and stability as well as for administrative purposes. The data will be deleted within no more than seven days, unless continued storage is required for evidentiary purposes, in which case all or part of the data will be excluded from deletion until the investigation of the relevant incident is finally resolved.
Which personal information do we collect?
Where you apply for a role with Endava
If you are hired as a result of the application process, we will store the data you provide during the application process in your personnel file for the purpose of the usual organisational and administrative process, naturally in compliance with further legal obligations.
If we do not hire you, we will automatically delete the data submitted to us six months after the final decision is made. We will not delete the data, however, if we must store the data for legal reasons such as evidence of equal treatment of applicants, until any legal action is concluded. If you expressly consent to a longer storage of your data, e.g. for your inclusion in a database of applicants (talent pool), the data will be processed further on the basis of and on the period of time defined by your consent. You may withdraw your consent at any time.
Where you are a customer
You may choose to contact us through e-mail, post, and by telephone. The data you provide will be used for the purpose of processing your request. We will delete your data once we have responded to your inquiry and there is no further legal obligation or legal basis for us to store your data.
Other ways in which we may use your personal information
We also use your personal information
- to provide you with any other information, products, and services that you request from us;
- to ensure that content from our Website is presented in the most effective manner for you and your device, and to fulfil other business purposes such as product development and website administration;
- to allow you to participate in interactive features on our Website when you choose to do so;
- for record keeping, statistical analysis, internal reporting, analytics, and research purposes;
- to ensure data security and to provide you with access to any secure areas of our Website;
- to investigate any complaint you make;
- to train our staff;
- to provide evidence in any dispute or anticipated dispute between you and us;
- to support the effective operation of our Website and to make improvements to it;
- for business and disaster recovery, document retention/storage, IT service continuity (e.g. backups); and
- to protect the rights, property, and/or safety of Endava Group, our customers, and our personnel.
The legal basis for data processing
We take appropriate measures to ensure that all processing of your personal information by us or by our service providers is lawful. The lawful basis for the processing of your personal information will depend on the purposes for which we process your information.
The legal grounds for our processing of your personal information are as follows:
- where you have provided your consent for receipt of our newsletter by email;
- to the extent that you have given us your permission to do so, we will use relevant personal data to enable us to provide you with information about products, special offers, and services that may be of interest to you;
- to comply with our legal obligations when recruiting staff (e.g. as part of our background screening checks, we will request proof of the right to work);
- where this is necessary for the performance of a contract with you, or in order to take steps at your request before entering into a contract with you; and
- where necessary for our legitimate interests:
- in responding to contact requests and making follow-up communications,
- in recruiting staff, and
- in carrying out the purposes listed under “Other ways in which we may use your personal information” above.
Where we are legally required to obtain your consent to process special categories of personal data (including data concerning your health, religion, or ethnic origin), we will ask you for it at the relevant time. Consent given can be revoked at any time. Please note that the revocation will only apply to processing activity yet to be carried out. Processing carried out prior your revocation of your consent being effective is not affected. If you choose not to give your consent, we may not be able to perform some of the tasks we need to in order to provide certain products or services to you and may in some cases need to end our relationship with you as a consequence.
Who do we share your personal information with?
We may share your personal information with other companies in the Endava Group based on one of the legal basis defined above for the purposes of
- marketing and business-winning purposes, either between various business sectors or geographies, so that the most suitable people can follow up on the opportunities;
- internal and external audits;
- data hosting; and
- potential recruitment opportunities within the Endava Group.
Based on one of the legal basis defined above, we also may share your personal information with
- third-party provider(s) who provide the following types of services to us: website hosting, support and maintenance, and pre-employment screening;
- our accountants, auditors, lawyers or similar advisers when we ask them to provide us with professional advice;
- investors and other relevant third parties in the event of an actual or potential sale or other corporate transaction related to an entity in the Endava Group;
- third parties to whom we may choose to sell, transfer, or merge parts of our business assets. Alternatively, we may seek to acquire other businesses or merge with them. If this happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
- relevant third parties for the purposes of doing what a court, regulator or government, or crime prevention agency (including the police) requires us to do, for example, complying with a search warrant or court order or acting as required or permitted by applicable laws or regulation; and
- third parties if authorised by you to do so in relation to a specific disclosure.
The performance of services by a third-party service provider may be subject to a separate privacy statement provided to you by such third party. You should read this statement carefully.
How do we protect your personal information?
The security and confidentiality of your personal information is extremely important to us. We have technical, administrative, and physical security measures in place to
- protect your personal information from unauthorised access and improper use,
- secure our IT systems and safeguard the information, and
- ensure we can restore your information in situations where the data is corrupted or lost in a disaster recovery situation.
Where appropriate, we use encryption or other security measures which we deem appropriate to protect your personal information. We also review our security procedures periodically to consider appropriate new technology and updated methods. While no measure is impenetrable, we do our best to ensure that your personal information remains safe.
Overseas transfer of personal data
We may transfer your personal information to other countries. The countries in the European Economic Area are considered to provide the same level of protection to personal information as in Germany. Companies outside the European Economic Area with whom we may share your personal data include our other group companies, IT providers, and other suppliers. If your personal information is transferred to any country outside the European Economic Area, either to another Endava Group company or a third party, we make sure that this is done using specific, legally approved safeguards according to data protection laws. The safeguard we use are standard contractual clauses of the EU Commission.
How long do we keep your personal information?
We keep your personal information for no longer than is necessary for the purposes for which the personal information is collected. When deciding how long we should keep your personal information, we take into account factors such as
- legal obligation(s) under applicable law to retain data for a certain period of time,
- (potential) disputes, and
- guidelines issued by relevant data protection authorities.
If you would like further information about how long we keep your personal information for a particular purpose, please contact our Data Protection Officer at email@example.com.
When you use our Website, we will process your personal information collected by cookies in accordance with our Cookies Notice.
The rights of users and data subjects
This section explains your rights in relation to your personal information. These rights are not absolute, and each is subject to certain exceptions or qualifications.
|Right||What does it mean?|
|1. The right to be informed||You have the right to be provided with clear, transparent, and easily understandable information about how we use your personal information and your rights. This is why we are providing you with the information in this Privacy Notice.|
|2. The right of access||You have the right to obtain access to your personal information (if we are processing it), and certain other information (similar to that provided in this Privacy Notice).|
|3. The right to rectification||You are entitled to have your personal information corrected if it is inaccurate or incomplete.|
|4. The right to erasure||This is also known as ‘the right to be forgotten’ and enables you to request the deletion or removal of your personal information if there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.|
|5. The right to restrict processing||You have the right to ‘block’ or suppress further use of your personal information. When processing is restricted, we can still store your personal information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.|
|6. The right to data portability||You have the right to obtain and reuse your personal information for your own purposes across different services.|
|7. The right to object||You have the right to object to certain types of processing, including processing for direct marketing (which we do only with your consent).|
We usually act on requests and provide information free of charge but may charge a reasonable fee to cover our administrative costs of providing the information for
- baseless or excessive/repeated requests, or
- further copies of the same information.
Alternatively, we may be entitled to refuse to act on the request.
Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request, but if the request is going to take longer to process, we will come back to you and let you know. On some occasions we may need to verify your identity and will take you through the process on how this is carried out.
If you are unhappy with how we have handled your information, please contact our Data Protection Officer at firstname.lastname@example.org.
If you are not satisfied with our response to your complaint or believe our processing of your personal information does not comply with data protection laws, you can make a complaint to the relevant data protection regulator in your jurisdiction, your habitual residence, place of work, or place of alleged infringement.
Information about our use of Google services
On our Website, we use the following services operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, hereinafter referred to as “Google”: Google Analytics, Google Maps, Google Fonts, YouTube. Through certification according to the EU-US Privacy Shield, Google guarantees that it will follow the EU’s data protection regulations when processing data in the United States.
Our website uses Google Maps to display our location and to provide directions. If you access the Google Maps components integrated into our website, Google will store a cookie on your device via your browser. Your user settings and data are processed to display our location and create a route description. We cannot prevent Google from using servers in the USA. Our purpose lies in optimising the functionality of our website.
Our Website uses Google Fonts to display external fonts. To enable the display of certain fonts on our Website, a connection to the Google server in the USA is established whenever our Website is accessed. Our purpose lies in the optimisation and economic operation of our site. When you access our site, a connection to Google is established from which Google can identify the site from which your request has been sent and to which IP address the fonts are being transmitted for display. Google offers detailed information at https://adssettings.google.com/authenticated and https://policies.google.com/privacy.
We use YouTube on our Website. This is a video portal operated by YouTube LLC., 901 Cherry Ave., San Bruno, CA 94066, USA, hereinafter referred to as “YouTube”. YouTube is a subsidiary of Google. Through certification according to the EU-US Privacy Shield, Google and its subsidiary YouTube guarantee that they will follow the EU’s data protection regulations when processing data in the United States. Our purpose lies in improving the quality of our website.
A connection to the YouTube server in the USA will be established as soon as you access any of our webpages on which a YouTube video is embedded. This connection is required in order to be able to display the respective video on our website within your browser. YouTube will record and process at a minimum your IP address, the date and time the video was displayed, as well as the website you visited. In addition, a connection to the DoubleClick advertising network of Google is established. If you are logged in to YouTube when you access our site, YouTube will assign the connection information to your YouTube account. To prevent this, you must either log out of YouTube before visiting our site or make the appropriate settings in your YouTube account. For the purpose of functionality and analysis of usage behaviour, YouTube permanently stores cookies on your device via your browser. If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Further details can be found in our Cookies Notice.
Via the cookie banner on our website, it is possible to block external content from YouTube, so that individual or all videos may be unblocked later. Furthermore, all YouTube videos are loaded in the extended data privacy mode via the “youtube-nocookie.com” domain.
The following information will inform you about the contents of our newsletter as well as the registration, transmission, and statistical evaluation procedures as well as your rights of objection. By subscribing to our newsletter, you declare your agreement with receiving the newsletter and the procedures described.
Content of the newsletter
We send newsletters, e-mails, and other electronic notifications containing advertising information (hereinafter referred to as “newsletters”) only with the consent of the recipient or a legal permission in accordance with sec. 6 subsec. 1 lit a GDPR. If the contents of the newsletter are specifically described within the scope of registration, they are decisive for the consent of the user. Generally, our newsletters contain information about the work of and news from Endava (this may include, in particular, references to Medium articles, events with our experts, our services or online appearances).
Double opt-in and logging
The registration to our newsletter is made in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with external e-mail addresses.
The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Likewise the changes of your data stored with MailChimp are logged.
Use of the mailing service provider “MailChimp”
The newsletter is sent via “MailChimp”, a newsletter mailing platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The e-mail addresses of our newsletter recipients, as well as their other data described in the context of these notes, are stored on MailChimp’s servers in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. MailChimp may also use this information to optimise or improve its own services, e.g. to technically optimise the sending and display of newsletters, or for commercial purposes to determine from which countries the recipients are from. However, MailChimp does not use the data of our newsletter recipients to write to them or pass them on to third parties.
To subscribe to the newsletter, the only information that needs to be entered is your e-mail address.
Statistical data and analysis
The newsletters contain a so-called “web-beacon”, i.e. a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. Within the scope of this retrieval, technical information such as information about the browser and your system, as well as your IP address and time of retrieval are collected. This information is used to technically improve the services on the basis of the technical data or the target groups and their reading behaviour on the basis of their retrieval locations (which can be determined with the help of the IP address) or access times.
Statistical surveys also include determining whether newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our nor MailChimp’s aim to observe individual users. The evaluations rather help us to recognise the reading habits of our users and to adapt our content or to send different content according to the interests of our users.
Online access and data management
You can cancel the newsletter subscription, i.e. revoke your consent, at any time. At the same time, your consent to its being sent via MailChimp and the statistical analyses will expire. A separate revocation of the sending via MailChimp or the statistical analysis is unfortunately not possible.
You will find a link to cancel the newsletter subscription at the end of each newsletter.
Sharing our content in social networks
We have integrated buttons with which you can share the link to many of our sites on the following social networks:
- Facebook, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
- Twitter, operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
- Xing, operated by XING AG, Dammtorstraße 29‑32, 20354 Hamburg, Germany
- LinkedIn, operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
In our website, we not use so-called social plug-ins, which establish a connection to the servers of the aforementioned social networks directly when a page is opened. However, when you open a “share” link on one of our pages, a new window will open with an external link to the selected social network. In this new window, if you are not automatically logged in, you can log in to the selected social network. This process does not transfer any data to us. The newly opened window will only load the data to access the social network you have selected.
You can find the privacy policies of the aforementioned social networks here:
- Facebook: https://www.facebook.com/policy.php
- Twitter: https://twitter.com/de/privacy
- Xing: https://privacy.xing.com/de/datenschutzerklaerung
- LinkedIn: https://www.linkedin.com/legal/privacy-policy
Updating this notice
We may amend this Privacy Notice from time to time as a result of legal, technical, or business developments. When we update this Privacy Notice, we will take appropriate measures to inform you, which will be consistent with the significance of the changes we make. Where consent is necessary, we will obtain your consent to any material changes made and inform you where changes are required by applicable data protection laws.
For further information about your rights, about this Privacy Notice generally or to make a complaint please contact us:
by e-mail: email@example.com
by phone: +49 30 24 65 600
in writing to: Endava Berlin GmbH, Platz der Luftbrücke 4-6, DE-12101 Berlin
Source reference: This privacy statement has been prepared using parts of the Model Data Protection Statement provided by Anwaltskanzlei Weiß & Partner as well as the MailChimp privacy information provided by Rechtsanwalt Dr. Thomas Schwenke.