Privacy Policy

As of: June, 2025. This is a translation of the original German version of this document.

In this privacy policy, we inform you about which personal data we collect when you visit our website https://www.work4all.de/, use our software “work4all” or contact us in this context, and how we process this data. You will also find information about your corresponding rights.

1. Controller, Contact, Data Protection Officer

work4all GmbH (also “we” and “us”) is the “controller” within the meaning of the EU General Data Protection Regulation (“GDPR”) and is therefore responsible for the lawfulness of the processing of your data. You can reach us at the following contact details:

work4all GmbH
Max-Planck-Str. 6–8, 50858 Cologne, Germany
Phone: +49 2234 6903 0
Email: info@work4all.de

Our data protection officer can be reached at:
Leopoldstr. 21, 80802 Munich, Germany
Email: consulting@datenschutzexperte.de

2. Processed Data, Purposes of Processing, Legal Basis

2.1 Website

When you visit our website, we collect various data about your device and your usage behavior. These data are not per se personal data but could theoretically be assigned to you in combination with other data. However, we do not combine them with other sources and do not process them to identify you. We collect various technical and activity data, including:

  • Technical data such as IP address, server log files, device information, operating system, browser information, time, referrer URL
  • Approximate location
  • Activity data (including interaction data), e.g. mouse movements, usage/navigation/click/scroll behavior on the website (page views, dwell time, click paths etc.)
  • Possibly the information that you arrived via another website or via advertising placed by us on another website, such as LinkedIn or Bing
  • If you are logged into LinkedIn or Facebook/Meta during your visit, your LinkedIn profile or Facebook ID
  • Other cookie settings

We collect and process these data to display the website to you. Without your IP address, for example, no communication would be possible between our website server and your browser, so you could not access the site. Furthermore, we collect and process these data to ensure the security of our website. In particular, this enables us to determine whether a human or a bot or something else is accessing our site, and to prevent misuse. The legal basis is our legitimate interest in operating a secure and properly functioning website (Art. 6(1)(f) GDPR). Finally, we also process these data for analysis purposes, i.e. to understand how visitors navigate our website and interact with advertisements placed by us on other websites such as LinkedIn or Facebook. Using this information, we can improve our website according to visitor needs, measure the effectiveness of our advertising, and optimize our marketing campaigns (so-called conversion tracking, remarketing, campaign analysis/optimization, audience analysis). The legal basis for this is our legitimate interest in optimizing our website and advertising campaigns (Art. 6(1)(f) GDPR).

We store your cookie settings so that we know whether you consent to optional cookies or not. The legal basis is the necessity to fulfill our legal obligation not to set optional cookies without your consent. Your cookie settings are stored until you delete all cookies via your browser. In that case, you will be asked again about your cookie preferences upon your next visit.

(a) Cookies
We use technically necessary and optional cookies to collect activity data. Information about individual cookies including their storage duration can be found in our cookie window. The cookie window appears automatically on your first visit to our website and can otherwise be opened via a button in the lower left corner of the site. You can decide via the cookie settings on our website which cookies you allow. You can change your settings at any time. Please note that you cannot refuse technically necessary cookies. You can also manage and delete cookies via your browser. Most browsers accept cookies automatically. However, you can configure your browser to block cookies, or download and install a browser add‑on or plug‑in. You can also delete cookies set in your browser. Please note that blocking or deleting cookies may impair your user experience and cause some functions or parts of our website to not function properly or not be fully available or accessible to you.

(b) SalesViewer
We use the service SalesViewer (see also table under point 3 below). SalesViewer matches the IP addresses of visitors to our website against a company database (so-called IP address matching) and can thus identify company visitors. SalesViewer also collects activity data (as described above) from these company visitors. We use SalesViewer for B2B lead generation, to optimize our website according to visitor interests, and for marketing purposes. We do not use data collected via SalesViewer to personally identify you. The legal basis is our legitimate interest in optimizing our website and effective marketing (Art. 6(1)(f) GDPR).

Here you can object to the processing of your data with SalesViewer. An opt‑out cookie for this website will be set on your device. If you delete your cookies in your browser, you must click the link again to disable tracking with SalesViewer.

(c) Conversion Tracking
We use various tools (see table under point 4 below) for so-called “conversion tracking.” Conversion tracking allows us to measure the effectiveness of advertising we place on other websites and to determine whether they lead to visits, purchases, or registrations on our website. For this purpose, we receive information from the used tools when a visitor arrives via one of our ads (e.g. on Google, Facebook, Instagram, Bing, or LinkedIn) to our website. We also receive activity data about the visitor’s behavior on our website. The legal basis is our legitimate interest in assessing the efficiency of our advertising campaigns or how successful our marketing measures are (Art. 6(1)(f) GDPR). Technically, conversion tracking often works via a cookie set by the respective tool provider when you click on one of our ads. You can prevent the setting of cookies via your cookie settings. Please note that if you have a Meta or LinkedIn profile and are logged in during your visit to our website or have a cookie set by Meta or LinkedIn in your browser, Meta or LinkedIn may associate your visit behavior with your profile and use the obtained information for their own advertising purposes or to display relevant ads.

(d) Google Services
For the analysis and marketing purposes described above, we use Google Analytics and Google Ads (see also table under point 4). These tools are services of Google LLC, headquartered in Mountain View, California, USA. We use Google Tag Manager for the technical integration of these tools on our website, for data exchange between the tools, and to manage our analytics and marketing tools. Google Tag Manager functions like a container in which the analytics and marketing tools used on the website are tagged and stored using so‑called tags. A tag is a code fragment that determines which data may be collected by the used tools and under which conditions.

You can find the browser add‑on to deactivate Google Analytics here.

Further information on data processing when visiting websites that integrate Google services, as well as on your related options (e.g. to deactivate personalized advertising), can be found here and here.

2.2 Communication

We process data that you transmit to us in the context of communication. You can contact us in various ways: via contact forms or chat functionality on our website, via e‑mail, via WhatsApp, or by telephone. In doing so, we generally ask for your name, your company, your business email address, and your telephone number. If you contact us via our website, you also have the option to specify your concern in a message field or by clicking checkboxes. We process these data and any additional data you provide in communication for the purpose of processing your request. Depending on the nature of your request, the legal basis is Article 6(1)(b) GDPR, i.e. processing is necessary for the performance of pre‑contractual measures initiated by your request (e.g., arranging a demonstration of our software or requesting a trial), or for the fulfillment of a contract concluded with you for our software (e.g., if you report an issue with the software), or Article 6(1)(f) GDPR, i.e. processing is necessary for our legitimate interest in providing support and assistance.

2.3 Contracts

If you rent or purchase our software, we collect and process the usual contractual data such as contact details, payment data, billing data, and contract details (contract content, conclusion etc.). We process these data for contract execution and software provision. The legal basis is Art. 6(1)(b) GDPR.

2.4 Software

(a) User Data
Depending on whether our software is installed on‑premise or used via our cloud, we may store your user or access data such as your email address and password. We process these data to provide and enable use of the software. Legal basis: Art. 6(1)(b) GDPR.

(b) Activity Data
If you use our software, we collect and process data about your usage behavior such as click behavior or the most frequently used features. We process these data to improve our software. Legal basis: your consent.

(c) Interfaces (API) and AI Tools
If you use any of the interfaces provided in our software, such as to Microsoft 365 or Google Maps, or the AI tools integrated into the software, metadata may be transmitted to us. We use these data exclusively to provide the respective interface or AI feature. We are not responsible under data protection law for personal data that you enter into the software or import from other sources.

(d) Support
We process data that you provide to us as a user of our software in support requests or that become known to us during support, so that we can support you appropriately and resolve your problem. In addition, we assign internal ticket numbers to support inquiries to process them efficiently. Legal basis: Art. 6(1)(b) GDPR for contract performance and our legitimate interest in providing customer support (Art. 6(1)(f) GDPR).

3. Retention Period

If you are bound to us by a contract, we store the relevant data including data from our communication and support requests for the duration of the contract. After termination, we retain accounting and tax-relevant data or documents (e.g. invoices) for ten years and business correspondence considered as business letters for six years to comply with legal retention obligations. Other documents related to the contractual relationship are kept for three years to enable assertion, exercise, or defense of legal claims. Personal data from communications with you that you provided independently or outside a contractual relationship—such as a demo or trial inquiry—are stored until the inquiry is concluded or processed. We then store these data for up to three years in case you resume communication and a contract is initiated or concluded. In justified individual cases, we may retain data longer, e.g., if you test our software over an extended period or repeatedly, and we have reason to believe you may later decide to purchase the software and the data remain relevant in this context. Otherwise, we retain your personal data only as long as required for the purposes described in this Privacy Policy. We delete the data thereafter unless statutory retention obligations or a specific individual case, such as the assertion, exercise, or defense of legal claims, require longer storage.

4. Sharing and Transfer

We collect and process your data with the help of various service providers or third-party tools:

Service Provider / Tool (if applicable: third country) Purpose Categories of (personal) data
Amplitude Analytics for product improvement (software) Activity data
Bing/Microsoft Advertising (USA) Conversion tracking, remarketing, campaign optimization Technical data, activity data, user ID
Cookie-Bot/Usercentrics Management of cookie consents (“consent management”) IP address, cookie settings
Facebook/Meta Pixel (USA) Conversion tracking, remarketing, campaign evaluation, audience analysis Technical data, activity data, Facebook ID (for logged-in users)
Google Analytics (USA) Analytics to optimize the website Technical data, activity data
Google Ads (USA), including features like “enhanced conversions”, “store sales”, or “customer match” Conversion tracking, improving conversion tracking accuracy, remarketing, display of interest-based ads in the Google network, comparison of user/customer data with existing Google customers for audience analysis and campaign management Technical data, activity data
Pseudonymous ID for attribution
Hashed conversion data from other tools
Lists of encrypted user/customer data (e.g. names, email addresses, addresses, mobile advertiser ID, and customer-specific identifiers), which are automatically deleted after the customer match process
Google Tag Manager (USA) Technical integration and management of web analytics and marketing tools Technical data, activity data
Google Recaptcha (USA) Bot detection, spam protection Technical data, activity data
LinkedIn/Insight Tag (USA) Conversion tracking, remarketing, audience analysis Technical data, activity data, LinkedIn profile (if logged in)
Microsoft Outlook (USA) Email communication Email data
SalesViewer B2B lead generation through identification of business visitors (IP address matching with business databases), website optimization, marketing IP address, activity data
TeamViewer Live support, remote maintenance, software demo/presentation Technical data, possibly hostname or computer name, user account association (if applicable), session data
Userlike (Customer) service via live chat Phone number, name, email, chat data
Webflow (USA) Website creation and hosting Server log files, technical data
Zeeg Appointment scheduling Name, contact data, appointment

Your IP address is generally processed by service providers and third-party tools in a truncated or masked form. As a website operator and user of third-party tools, we either do not receive your IP address at all or only in truncated/masked form. Therefore, identification of your person based on your IP address is not possible. Apart from this, we do not use your IP address or other technical or activity data to personally identify you.

Some of our service providers are headquartered in the USA, a country outside the EU or EEA (“third country”), which may involve data transfers to the USA. For such transfers, there is an adequacy decision by the European Commission (“EU–U.S. Data Privacy Framework”), which certifies that personal data transferred to certified organizations in the USA are adequately protected. All of our US-based providers are certified under this framework. In addition, data transfers are secured by standard contractual clauses to ensure an adequate level of protection.

5. Your Rights

You have the following rights under GDPR with respect to our processing of your personal data:

  • Access (Art. 15): You may request confirmation whether we process personal data about you, and if so, information about the purposes, categories, recipients, storage duration, etc., and a copy of the data.
  • Rectification (Art. 16): You have the right to correct inaccurate data and complete incomplete data.
  • Erasure (“right to be forgotten”) (Art. 17): You have the right to have your data erased if one of the conditions in Art. 17(1) applies, e.g., data is no longer necessary, or consent is withdrawn and no other legal basis exists.
  • Restriction of processing (Art. 18): You may request restriction of processing if you contest accuracy or have exercised your right to object under Art. 21.
  • Data portability (Art. 20): You have the right to receive data you provided in a structured, commonly used and machine-readable format and to transmit those data to another controller, if processing is based on consent or contract and carried out by automated means.
  • Objection (Art. 21): You may object at any time to processing based on legitimate interest.
  • Right to object to direct marketing (Art. 21(2)): You may object at any time to processing for direct marketing purposes.
  • Withdrawal of consent: If processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing up to the withdrawal.

If you wish to exercise any of your rights or have questions, complaints, or other concerns regarding processing, please contact us using the contact details above.
Complaint (Art. 77): You have the right to lodge a complaint with a supervisory authority, e.g. in your country of residence or workplace, or the authority responsible for us (Cologne). A list of German state data protection authorities and European supervisory authorities can be found on the respective links.