PRIVACY POLICY, DATA PROTECTION & COOKIE POLICY
INTRODUCTION
Data protection is a high priority for Pressforward. This privacy statement will allow you to understand what we do with your personal data, whether you are one of our clients, a prospective client, a candidate, receiving your services, or are visiting this website.
PressForward is committed to protecting and safeguarding your privacy rights in order to comply and meet our legal obligations. This privacy statement applies to prospective candidates, candidates, prospective clients, clients,suppliers, website users, freelancers and employees.
The data protection declaration of Pressforward is based on the teams from the Data Protection Regulation (DSGVO).
Why is personal information required on our sites?
PressForward’s website is generally possible without any indication of personal data. If a website visitor wants to use special services of our enterprise via our website, processing of personal data could become necessary. If the provision of personal data is necessary and there is no legal basis for this, we will always obtain the consent of the persons interested in using our services.
The processing of personal data must always be in line with the DSGVO and in accordance with the state-specific (Berlin) data protection regulations applicable to PressForward. By means of this data protection declaration, we inform our site visitors about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, this data protection declaration clarifies the rights to which site visitors and our customers are entitled.
What is personal data?
Personal data is data with which a person can be directly or indirectly identified. This includes all data that is or can be assigned to a person. This includes names, identification numbers, location data, online identifiers, telephone numbers, account data, a vehicle license plate number, appearance, customer number or address.
As a controller, PressForward has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, internet-based data transmissions can always be vulnerable to security risks, so absolute protection cannot be guaranteed. Therefore, site visitors are free to transmit personal data to use by an alternative means, for example by telephone. This data protection declaration includes the following terms:
Data Subjects
‘data subject’ is any identified or identifiable natural person
Personal data
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Processing
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Restriction of Processing
‘Restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;
Profiling
‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;
Pseudonymization
‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
Filing system
‘filing system’ means any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis;
Controller
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Processor
‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Recipient
‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
Third Party
‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
Consent
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them.
CONTACT INFORMATION
PressForward Personaldienstleistungen
Oliver Zauritz
Grimnitzstr. 2
10318 Berlin
If you have any questions or concerns regarding data processing or data protection, please contact our Data Security Officer Oliver Zauritz at oliver@pressforward.works. We will process inquiries as quickly as possible.
GENERAL INFORMATION
Candidate Information/Candidate Sharing
As part of our operations, we notify potential candidates of a potential employment relationship that we have identified through research or via candidate application. This processing is carried out pursuant to Article 6 (f) of the DS-GVO on the basis of legitimate interest. The interest serves the placement of qualified candidates with contractual partners as the relevant field of activity of PressForward and the protection of its business interests,
If we collect your data from a third party online platform/website that prohibits data scraping in its terms of use, we will take this into account when determining whether to collect your data from such sources. We use this data to work out whether you might be interested in, or might benefit from, our services or that of our clients, and to assess whether and how we might be able to assist you. If we think we can help, we will contact you via messages on the respective platform, such as LinkedIn.
There is no forwarding of personal data of data subjections to clients if the candidate expresses no interest. If there is interest in placement for the specified position, further processing of the personal data will take place (see: Candidate Placement).
This data is transmitted electronically. Personal data is only transferred to third parties and third countries if it is necessary to protect legitimate interests and secure measures are taken to ensure the protection of the data.
The rights of data subject are outlined under the Data Subject Rights notice and can be asserted if necessary.
Candidate Placement
Should the candidate be interested in the job description/placement after the cover letter, the candidate consents to the further processing of their personal data pursuant to Article 6 (l) of the DS-GVO.
The purpose of this consent is the placement of the candidate to a more desirable position. The processed personal data are processed for the purpose of establishing an employment relationship pursuant to the § 26 (1) of the new Bundesdatenschutzgesetzes (BDSG). Information may be transferred to a potential employer in the context of a potential establishment of an employment relationship. The processed data may include information about the current employer, academic qualifications, knowledge of foreign languages, skills and qualifications, provided resumes, etc.
Third parties and third countries may only be transferred data to the extent necessary for the fulfillment of the purpose and in compliance with legal requirements. During processing, it is ensured that secured measures are taken by third parties to provide appropriate protection of personal data.
The personal data will be stored for a period of up to 24 months after the end of the candidate placement, application process. The personal data will be deleted at the end of this period, unless there are any statutory retention obligations or with express permission of the data subject. The rights of the data subject are indicated under the Data Subjects Rights notice and can be exercised if necessary.
Inclusion in the talent pool
The data subject is given the opportunity to be included in the talent pool at any time. The purpose of inclusion in the talent pool is to be informed free of charge about a possible and unlimited amount of potentially interesting positions by submitting personal data.
If we collect your data from a third party online platform/website that prohibits data scraping in its terms of use, we will take this into account when determining whether to collect your data from such sources. We use this data to work out whether you might be interested in, or might benefit from, our services or that of our clients, and to assess whether and how we might be able to assist you. If we think we can help, we will contact you via messages on the respective platform, such as LinkedIn.
The data will only be transferred to third parties and third countries to the extent necessary for the fulfillment of purpose and in compliance with legal provisions. During processing, it is ensured that secured measures are taken by third parties to provide appropriate protection of personal data. Inclusion in the database is for a maximum of 2 years and can be extended by renewed consent. The data subject has the possibility to revoke their consent at any time. The rights of the data subject regarding processing of personal data are available under the Data Subject Rights notice and can be asserted if necessary.
Data Subject Rights
If we process personal data about you, you have various rights that you can exercise:
Right to Confirmation
Every data subject has the right, granted by the GDPR, to obtain confirmation from the controller as to whether their personal data are being processed. If a data subject wishes to exercise this right of confirmation, they may, at any time, contact the controller.
Right of Access
Any person affected by the processing of personal data has the right, granted by the GDPR, to obtain information about their data being stored at any time and free of charge and a copy of that information. Furthermore, the GDPR has granted the data subject access to the following information:
The purposes of processing;
The categories of personal data being processed;
The recipients or categories of recipients to whom the personal data have or will be disclosed, in particular, in the case of recipients in third countries or international organizations;
If possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
The existence of a right to obtain the rectification or erasure of personal data, or to obtain the restriction of processing by the controller, or a right to object to such processing;
The existence of a right to appeal to a supervisory authority;
If the personal data are not collected from the data subject: any available information about the origin of the data;
The existence of automated decision-making, including profiling, pursuant to Article 22(1) and Article 22 (4) of the GDPR, and meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
Furthermore, the data subject shall have the right to obtain information as to whether personal data have been transferred to a third country or an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.
If a data subject wishes to exercise this right of access, they may contact the controller at any time.
Right to Rectification
Every person affected by the processing of personal data has the right granted by the GDPR to demand immediate rectification of any inaccurate personal data. Furthermore, the data subject has the right to request the completion of incomplete personal data - also by means of supplementary declaration - taking into account the purposes of the processing.
If a data subject wishes to exercise this right of rectification, they may contact the controller at any time.
Right to Erasure/Right to be Forgotten
Any data subject concerned by the processing of personal data has the right to ask for erasure of their personal data from the controller without delay, on the grounds of the following conditions:
The personal data were collected or otherwise processed for such purposes for which they are no longer necessary;
The data subject revokes consent on which the processing was based pursuant to Article 6(1a) DS-GVO or Article 9(21) DS-GVO and there is no other legal basis for processing;
The data subject objects to the processing pursuant to Article 21(1) DS-GVO and there are no overriding legitimate grounds for processing, or the data subject objects to the processing pursuant to Article 21(2) DS-GVO;
The personal data have been processed unlawfully;
The erasure of personal data is necessary for compliance with a legal obligation under the EU or Member State law to which the control is subject;
The personal data has been collected in relation to information security services offered pursuant to Article 8(1) DS-GVO.
If one of the aforementioned reasons applies, and a data subject wishes to arrange for the erasure of personal data stored by PressForward they may, at any time, contact PressForward and an employee will arrange for the erasure request to be complied with immediately.
If the personal data was made public by PressForward and our company is responsible pursuant to Article 17(1) DS-GVO PressForward shall implement appropriate measures, including technical measures, taking into account the available technology, the costs of implementation, in order to inform other data controlled, which process the published personal data that the data subject has requested from those other data controllers, to erase all links to the personal data or copies or replications of the personal data, unless the processing is necessary. An employee of PressForward will arrange the necessary on a case by case basis.
Right to the Restriction of Processing
Any person concerned by the processing of personal data has the right granted by the GDPR to obtain the restriction of processing from the control when one of the following conditions is met:
The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of personal data;
The processing is unlawful, the data subject objects to the erasure of the personal data and requests the restriction of use on the personal data instead;
The controller no longer needs the personal data for the purposes of processing, but the data subject needs it for the assertion, exercise, or defense in a legal claim;
The data subject has objected to the processing pursuant to Article 21(1) of the GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.
If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of personal data stored by PressForward, they may, at any time, contact PressForward. PressForward will arrange the restriction of processing immediately.
Right to Data Portability
Any person affected by the processing of personal data has the right to receive their personal data in a structured, commonly used and machine-readable format by the controller based on GDPR. Data subjects are entitled to obtain their personal data from a data controller in a format that makes it easier to reuse the data in another context, and to transmit this data to another data controller without hindrance.
Furthermore, when exercising the right to access pursuant to Article 20(1) of the GDPR, the data subject shall have the right to have personal data be transferred from one controller to another where technically feasible and if this does not adversely affect the rights and freedoms of other individuals.
In order to assert the right to data portability, the data subject may contact PressForward at any time.
Right to Object
Any person affected by the processing of personal data has the right to object, on grounds relating to their particular situation to the processing of their data at any time, which is carried out on the basis of Article 6 (1e) or Article 6 (1f) of the DS-GVO, including profiling based on those provisions.
PressForward shall end processing of data immediately in the event of an objection unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
If PressForward processes personal data for marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning them such as marketing, which includes profiling to the extent that is related to such direct marketing. When the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89 (1), the data subject, on grounds relating to their particular situation, shall have the right to object to processing of personal data concerning them, unless the processing is necessary or the performance of a task carried out for reasons of public interest.
In order to assert the right to object, the data subject may contact PressForward at any time.
Automated individual decision-making, including profiling
Any person affected by the processing of personal data has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. This does not apply if the decision:
Is necessary for entering into, or performance of, a contract between the data subject and a data controller;
Is authorized by Union or Member State Law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
Is based on the data subject’s explicit consent.
If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and the data controller, or (2) it is made with the data subject’s explicit consent, PressForward shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, which include the right to obtain the data subject’s involvement on the part of the controller to express their point of view and to contest the decision.
If the data subject wishes to assert their right concerning automated decision-making, they may contact PressForward at any time.
If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can complain to the supervisory authority. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for PressForward:
Berlin Data Protection Authority
State Commissioner for Data Protection: Maja Smoltczyk
Address: Friedrichstraße 219, 10969 Berlin
Telephone number: 030/138 89-0
E-mail address: mailbox@datenschutz-berlin.de
Website: https://www.datenschutz-berlin.de/
—
Cookie Policy
What Are Cookies
As is common practice with almost all professional websites this site uses cookies, which are tiny files that are downloaded to your computer, to improve your experience. This page describes what information they gather, how we use it and why we sometimes need to store these cookies. We will also share how you can prevent these cookies from being stored however this may downgrade or 'break' certain elements of the sites functionality.
How We Use Cookies
We use cookies for a variety of reasons detailed below. Unfortunately in most cases there are no industry standard options for disabling cookies without completely disabling the functionality and features they add to this site. It is recommended that you leave on all cookies if you are not sure whether you need them or not in case they are used to provide a service that you use.
Disabling Cookies
You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of this site. Therefore it is recommended that you do not disable cookies. This Cookies Policy was created with the help of the Cookies Policy Generator.
The Cookies We Set
Surveys related cookies
From time to time we offer user surveys and questionnaires to provide you with interesting insights, helpful tools, or to understand our user base more accurately. These surveys may use cookies to remember who has already taken part in a survey or to provide you with accurate results after you change pages.
Forms related cookies
When you submit data through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence.
Site preferences cookies
In order to provide you with a great experience on this site we provide the functionality to set your preferences for how this site runs when you use it. In order to remember your preferences we need to set cookies so that this information can be called whenever you interact with a page is affected by your preferences.
Third Party Cookies
In some special cases we also use cookies provided by trusted third parties. The following section details which third party cookies you might encounter through this site.
This site uses Google Analytics which is one of the most widespread and trusted analytics solutions on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.
For more information on Google Analytics cookies, see the official Google Analytics page.
Third party analytics are used to track and measure usage of this site so that we can continue to produce engaging content. These cookies may track things such as how long you spend on the site or pages you visit which helps us to understand how we can improve the site for you.
From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most.
As we sell products it's important for us to understand statistics about how many of the visitors to our site actually make a purchase and as such this is the kind of data that these cookies will track. This is important to you as it means that we can accurately make business predictions that allow us to monitor our advertising and product costs to ensure the best possible price.
The Google AdSense service we use to serve advertising uses a DoubleClick cookie to serve more relevant ads across the web and limit the number of times that a given ad is shown to you.
For more information on Google AdSense see the official Google AdSense privacy FAQ.
Several partners advertise on our behalf and affiliate tracking cookies simply allow us to see if our customers have come to the site through one of our partner sites so that we can credit them appropriately and where applicable allow our affiliate partners to provide any bonus that they may provide you for making a purchase.
We also use social media buttons and/or plugins on this site that allow you to connect with your social network in various ways. For these to work the following social media sites including; LinkedIn, Twitter, TikTok, Facebook, Instagram, will set cookies through our site which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.
More Information
Hopefully that has clarified things for you and as was previously mentioned if there is something that you aren't sure whether you need or not it's usually safer to leave cookies enabled in case it does interact with one of the features you use on our site.
For more general information on cookies, please read the Cookies Policy article.
However if you are still looking for more information then you can contact us through one of our preferred contact methods:
Email: info@pressforward.works
To manage your cookie settings through the US site, visit http://www.aboutads.info/choices/ or the EU site https://youronlinechoices.eu/
Google Analytics
Google Analytics is used on this website, a web analytics service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses cookies. The cookies are used to analyze their usage behavior on our website. The information is transmitted to servers in the USA for analysis, which is processed anonymously by shortening the IP address, which prevents identification of the website user. For this purpose, Google Analytics on our website has been extended by the code "anonymizeIp" to ensure an anonymized collection of IP addresses.
The analysis of the information provides information about website usage and what activities have taken place by the user. The information is provided to us in the form of reports and overviews in order to optimize our range of services for you. Google will transfer and process the information to third parties in the event of a legal obligation.
You can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser add-on. Opt-out cookies prevent the future collection of your data when visiting this website. To prevent collection by Universal Analytics across different devices, you must perform the opt-out on all systems used.
LinkedIn
PressForward has integrated components of the LinkedIn Corporation on this website. The legal basis for this is Article 6(1) DSGVO.
LinkedIn is an Internet-based social network that enables users to be linked to existing business contacts and to make new business contacts. The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA.
For data protection issues outside the USA: LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.
With each individual call-up of our website that is equipped with a LinkedIn component (LinkedIn plug-in), this component causes the browser used by the data subject to download a corresponding representation of the component from LinkedIn. Further information on the LinkedIn plug-ins can be retrieved at https://developer.linkedin.com
As part of this technical procedure, LinkedIn receives knowledge of which specific sub-page of our website is visited by the data subject.
If the data subject is logged in to LinkedIn at the same time, LinkedIn recognizes which specific sub-page of our website the data subject is visiting with each call-up of our website by the data subject and for the entire duration of the respective stay on our website. This information is collected by the LinkedIn component and assigned by LinkedIn to the respective LinkedIn account of the data subject. If the data subject activates a LinkedIn button integrated on our website, LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores this personal data.
LinkedIn always receives information via the LinkedIn component that the data subject has visited our website if the data subject is simultaneously logged into LinkedIn at the time of calling up our website; this takes place regardless of whether the data subject clicks on the LinkedIn component or not. If the data subject does not want this information to be transmitted to LinkedIn, they can prevent the transmission by logging out of their LinkedIn account before accessing our website.
It is not excluded that processing by LinkedIn also takes place via servers in the USA. LinkedIn uses so-called SCC (Standard Contractual Clauses), which are approved by the EU Commission and are intended to ensure compliance with the European data protection standard.
Xing
PressForward has integrated components of Xing on this website with Article 6 (1) of the DS-GVO serving as the legal framework.
Xing is an Internet-based social network that enables users to link up with existing business contacts and to make new business contacts. Individual users can create a personal profile of themselves on Xing. Companies can, for example, create company profiles or publish job offers on Xing.
The operating company of Xing is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.
Each time one of the individual pages of this website operated by the controller is called up and on which a Xing component (Xing plug-in) has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Xing component to download a representation of the corresponding Xing component from Xing. Further information on the Xing plug-ins can be found at https://dev.xing.com/plugins. Within the scope of this technical procedure, Xing receives information about which specific subpage of our website is visited by the data subject.
If the data subject is logged in to Xing at the same time, Xing recognizes which specific subpage of our website the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the Xing component and assigned by Xing to the respective Xing account of the data subject. If the data subject activates one of the Xing buttons integrated on our website, for example the "Share" button, Xing assigns this information to the personal Xing user account of the data subject and stores this personal data.
Xing always receives information via the Xing component that the data subject has visited our website if the data subject is simultaneously logged into Xing at the time of calling up our website; this takes place regardless of whether the data subject clicks on the Xing component or not. If the data subject does not want this information to be transmitted to Xing, he or she can prevent the transmission by logging out of his or her Xing account before accessing our website.
The data protection provisions published by Xing can be accessed at https://www.xing.com/privacy, provides information about the collection, processing and use of personal data by Xing. Furthermore, Xing has published a privacy policy at https://www.xing.com/app/share.
Calendly
The service Calendly from Calendly, LLC is offered to you to make appointments with us. When using the tool, you enter your name, email address and other data to make an appointment with us. You can also make an appointment without using Calendly, by sending us a request via email.
For more information about the processing of personal data by Calendly, please visit https://calendly.com/de/pages/privacy.
JotForms
Jotform is an online form builder that allows us to create robust forms and surveys to collect important data. We use jotforms to get the necessary data from a client to onboard a project, it may include details of positions to fill, data about company contact persons and the company itself. Jotforms collects and stores form responses that are submitted via third party server providers such as Amazon Web Services or Google Cloud. You can refer to Jotforms commitment to GDPR Compliance here https://www.jotform.com/gdpr-compliance/ and their privacy policy here https://www.jotform.com/privacy/.
Hubspot
Hubspot is a sales and marketing CRM system used for business to business purposes. To ensure the confidentiality, integrity, and availability of data stored in Hubspot, we adhere to a data policy agreement. We take appropriate measures to protect data from unauthorized access, modification, and disclosure, and restrict access to authorized personnel for legitimate business purposes only. Our clients receive the necessary tools to manage their data, maintain their compliance with data protection regulations, and trust that their data is secure.
You can read Hubspot’s GDPR compliance here https://www.hubspot.com/data-privacy/gdpr and their privacy policy here
https://legal.hubspot.com/privacy-policy.
RecruitCRM
We use RecruitCRM to store data and manage candidate information. You can view Recruit CRMs privacy policy or GDPR commitment on their website.
Recruit CRM may store your data in a Data Centre inside or outside Europe.
You can ask your recruiter at any point to delete your data or simply ask them for an “Update resume link” which you can use to update your profile information/resume or simply delete your data from their system.
https://recruitcrm.io/legal/gdpr
https://recruitcrm.io/legal/privacy