Privacy

1. General Information Regarding Data Processing

When visiting our website, we process data about your browser, your operating system, location, and IP address to ensure the functionality of the website, the safety of the connection and a frictionless user experience. The purpose of this is for statistical, optimisation, and security functions.

1.1. Goose Freelancer Services as Data Controller: The responsible controller for the processing of personal data on this website within the meaning of the EU General Data Protection Regulation (GDPR) is:

Goose Freelancer Services UG ("we/us" or "Goose")

Hobrechtstr. 24

12047 Berlin

privacy@goosefreelancer.com

We are registered with the commercial register at the local court of Charlottenburg under HRB 277824 B, represented by the managing directors Tuleka Prah and Jose Castillo Quiala.

We understand that our website may be visited by users all over the world, and that various national existing or future privacy regulations may be applicable now or in the future. It is our understanding that by complying with the GDPR - the so-called “privacy gold standard” – we will also comply with other national privacy regulations. If you wish to exercise any rights under a specific privacy regulation other than the GDPR, please specify such regulation, when contacting us.

2. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

Right of Access (Art. 15 GDPR):

You have the right to request information about whether we process your personal data and to receive a copy of that data.

Right to Rectification (Art. 16 GDPR):

You have the right to request the correction of inaccurate or incomplete personal data.

Right to Erasure (Art. 17 GDPR):

Also known as the "right to be forgotten," you can request that we delete your data under certain conditions (e.g., if the data is no longer necessary for the original purpose).

Right to Restriction of Processing (Art. 18 GDPR):

You can ask us to suspend the processing of your data (e.g., while we verify the accuracy of your data).

Right to Data Portability (Art. 20 GDPR):

You have the right to receive your data in a structured, commonly used, and machine-readable format, or to have it transferred directly to another controller.

Right to Withdraw Consent (Art. 7(3) GDPR):

If you have given us your consent to process your data, you have the right to withdraw this consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to Object (Art. 21 GDPR):

1. Objection to Direct Marketing (Art. 21(2) GDPR): You have the right to object at any time to the processing of your personal data for direct marketing purposes (including profiling related to such marketing). If you object, we will no longer process your data for these purposes. No reasons are required.

2. Objection based on specific grounds (Art. 21(1) GDPR): You have the right to object to processing based on our "legitimate interests" (Art. 6(1)(f) GDPR) on grounds relating to your particular situation. In this case, we will no longer process the data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms.

How to Exercise Your Rights?

To exercise these rights, please contact us at privacy@goosefreelancer.com. We usually respond within one month.

Right to Lodge a Complaint (Art. 77 GDPR)

If you believe that our processing of your data violates data protection law, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement.

3. Processing of Data, Storage, and Security

3.1. We process professional and related personal data in compliance with the GDPR and the German Federal Data Protection Act (BDSG).

3.2. Storing and deleting data: We retain professional and personal data only for as long as is necessary to fulfil the purposes for which it was collected or as required by law. Once the purpose has been fulfilled, this data will be deleted or anonymised in accordance with regulatory requirements.

     3.2.1. Statutory Retention Periods (German Law): As a company based in Germany, we are subject to statutory retention obligations under the German Commercial Code (Handelsgesetzbuch - HGB) and the Fiscal Code (Abgabenordnung - AO). Even if you request deletion, we may be required by law to keep certain data:

  • 10 Years: Accounting documents, invoices, booking vouchers, and financial records (e.g., invoices we sent you, payment records) (§ 147 AO)
  • 6 Years: Commercial and business letters (e.g., emails, contract offers, support tickets that result in a business transaction) (§ 257 HGB)

3.3. Data security: For the best possible security of user data our service through the Website is provided via a secure SSL connection between your server and the browser. That means that the data shall be transferred in encrypted form.

3.4. Recipients of personal data: We share data with the following categories of recipients which act as service providers ("Processors"), who act and are contractually bound to data protection standards (Art. 28 GDPR) or other recipients (“Controllers”):

  • Hosting & Infrastructure: Providers who host our website and databases (e.g., AWS, Google Cloud)
  • Analytics Providers: Tools that help us understand website usage (e.g., Google Analytics)
  • Professional Advisors: Lawyers, tax advisors, or auditors, where necessary for our legal compliance

3.5. International data transfer (third countries): We process data primarily within the European Union (EU) / European Economic Area (EEA). However, some of our service providers (particularly software and cloud providers) are based in the USA.

When we transfer data to a "third country," we ensure an appropriate level of data protection through one of the following mechanisms:

  • Adequacy Decision (Art. 45 GDPR): We prioritise providers in countries recognised by the EU Commission as safe. For transfers to the USA, we rely on the EU-US Data Privacy Framework (DPF), provided the recipient is certified under this framework.

     3.5.1. Standard Contractual Clauses (SCCs) (Art. 46 GDPR): If a provider is not certified under the DPF or is located in a country without an adequacy decision, we sign the EU Standard Contractual Clauses with them. We also implement additional security measures (such as encryption) where necessary or perform a Transfer Impact Assessment to protect your data.

3.6. We do not use automated decision-making including profiling when processing data on our website.

4. Changes to Our Privacy Statement

We reserve the right to adapt this privacy statement so that it always complies with the current legal requirements or to implement changes to our services in the privacy statement, e.g., when introducing new services. The current data protection declaration applies to every visit of the website.