Data Protection Agreement

This following is the Data Protection Agreement for HeavenHR, the human resource management software operated in the Internet by HeavenHR GmbH.

By way of this Data Protection Agreement, we would like to inform you of the personal data we collect from you and how we use these data when you visit and use HeavenHR.

By way of your approval of this Data Protection Agreement necessary for registration with HeavenHR, you consent for us to collect, process and use your personal data as described below, which shall take place in the context of the establishment, performance and management of your use relation regarding HeavenHR.

In accordance with the German Federal Data Protection Act, "personal data" means "specific information about personal or material relations of a identified or identifiable natural person." Expressed in other terms, your personal data constitutes information that refers to you or says something about you personally or can be associated with you. To facilitate simplicity and better comprehension, we will speak in this data protection policy about "your data" to refer to your personal data.

The protection of your data is important to us. This protection can only be ensured if you know what happens with your data on HeavenHR. We therefore ask you to take the time to carefully read this data protection policy. We adhere strictly to the applicable provisions in data protection law and we implement technical and organizational measures in order to protect your data.

1. The Data We Collect from You and the Type and Purpose of Processing and Use

  1. 1.1. Company profile

    Upon the initial registration for a company profile, we ask for the following data from you:

    • e-mail address
    • company name
    • postal code and town
    • phone number
    • number of employees

    As soon as your company account is activated, you can determine your login data. Your email address will be used as your username. You can define your password yourself. You can use these data to log into your HeavenHR company profile at any time.

    Your password and your email address cannot be seen by other persons. We use your email address in order to contact you.

    You can change your password and your email address at any time.

    Within the framework of the company profile, you can record various information, both regarding your company and your employee base. This includes the following data:

    Company Information:

    • address
    • contact information
    • contact person for the accounting department, including first and last name, email address and telephone
    • contact person in the human resources department, including first and last name, email address and telephone
    • tax information on the company
    • insurance information on the company
    • administrator of the company profile, including first and last name and email address
    • locations of your company
    • departments of your company

    There is also the possibility to store signatures of authorized persons in the system in order to use these on the contract templates available in the system.

    Employee Information:

    • last name, first name
    • address
    • contact information (e.g. e-mail, phone numbers)
    • date and place of birth
    • citizenship
    • bank account
    • tax information
    • insurance information (social insurance agency)
    • information on the employment relation, including basic data and features and details concerning the employment relation
  2. 1.2. Employee Profile

    As soon as you have been set up as an employee of your (future) employer in HeavenHR, you will receive an activation link at your email address. When you call up this link, you will reach the registration page via your Internet browser. Your email address will already be entered in the registration form. You can then select your own password, which only you will know. When registering for the first time, we request you to approve our terms and conditions of use and this Data Protection Agreement.

    By way of your email address and the password you have set, you can log in to your HeavenHR employee profile at any time.

    Your password and your email address cannot be seen by other persons. Your email address will be used so that your (future) employee can contact you.

    You can change your password and your email address at any time.

    As soon as your employee account is activated, you can check the data existing there concerning your person and modify the data if necessary. Some of the data will already have been provided by your (future) employer, if you have already communicated these data to your (future) employer. You may add other data yourself.

    Within the framework of your employee profile, you can specify the following data:

    • last name, first name
    • address
    • contact information (e.g. email, phone numbers)
    • date and place of birth
    • citizenship
    • additional information, such as your profile in social networks (Xing, LinkedIn, etc.)
    • bank account
    • tax information
    • insurance information (social insurance agency)

    Should you so desire, you can also upload an additional profile picture.

    Your employer will already have stored data relevant to your profile concerning your employment relation, including:

    • information about your employment relation, including basic data, features and details of the employment relation (e.g. full or part time, any time limitations, weekly working hours, vacation days per year, any agreements on trial period, termination periods, information on your compensation)

    If foreseen by your (future) employer, you can upload to HeavenHR certain documents necessary for your employment relation and provide them to your (future) employer. Likewise, certain contractual and other documents can be digitally signed via HeavenHR.

  3. 1.3. Settlement Data

    For the registration and use of HeavenHR, we generally do not charge you any fee. Certain additional functionalities of HeavenHR may be subject to fees, however. In this case, we will expressly notify you before any use. No fees will be incurred without your approval, though you will naturally not be able to use the corresponding fee-based functionality.

    If you would like to use fee-based functionalities, settlement data such as your name, address, credit card information and/or bank data must be specified for this purpose. We will use your settlement data in this case exclusively to settle fee-based functionalities in accordance with the scope of the use.

  4. 1.4. Type of Data Processing and Use

    As soon as you register online with HeavenHR, the ensuing communication and processing and storage of your data are encrypted. For this purpose you be connected to secured servers. Your data is then transferred according to the highest security standards using 256 Bit-SSL encryption in the secured https mode.

  5. 1.5. Purpose of Data Processing and Use

    The data stored in HeavenHR serves to manage all procedures in the human resources area. Accounts for new employees can be set up using such data, and the data of existing employees can be updated and managed. The management of the hiring process, including the drafting and settlement of the contract, can be made via HeavenHR.

    Through the design of HeavenHR, it is possible to structure the human resources work. As a result of the browser-based access, site-independent access is possible both for the company and for employees.

    Because only one profile is set up per employee, which can be processed both by the company and the employee, it is ensured that both the company and the employee will always be working with the latest master data. Data are jointly recorded both in the account setup and activation process and in the further administration of the data.

    HeavenHR offers digital human resource file management, in which personal information may be retrieved, administered and updated through the access possibility of employees.

    The organizational management process relating to the employment relation is also possible via HeavenHR. Vacations or the reimbursement of outlays, including the uploading of the documents necessary for this purpose, can be requested using HeavenHR. The competencies and authorizations necessary to manage such processes are ensured through inherent system settings. Changes in the employment relation, such as promotions, salary increases or transfers, can be recorded and manage directly via HeavenHR.

    Automatic reminders of key events or deadlines can be stored and used. If an employee leaves the company, documents for the settlement process, including the handling of residual vacation days or any severance payments, can be created directly using HeavenHR.

    If requested, HeavenHR collects, processes and uses your data to provide additional services, such as payroll accounting or the brokerage of insurance policies through HeavenHR, its associated companies HeavenHR Gesundheit & Vorsorge GmbH and HeavenHR Lohnabrechnung GmbH and third-party service partners. HeavenHR may likewise send information related to its services to the stored contact data, e.g. regarding upcoming updates, general innovations and notes regarding use and new products and offerings of HeavenHR, its associated companies and third-party service partners. Further, HeavenHR collects, processes and uses your data in an anonymized and aggregated form for sector specific analyses.

    HeavenHR also offers a subscription to a newsletter on its webpage. With the newsletter subscription, you will regularly receive the latest information.

  6. 1.6. Your Consent

    By concluding your registration, you consent for us to set up a profile page for you under your name, on which any voluntary information you provide will also appear and any profile picture you have uploaded will be shown.

    You further consent for your profile page to be viewed by the company for which you work.

    You agree for HeavenHR GmbH to use the data stored in your profile in order to send you by

    • regular mail
    • e-mail and/or
    • telephone

    newsletters and advice regarding upcoming updates, general innovations, instructions on use and new products and services of HeavenHR GmbH, HeavenHR Gesundheit & Vorsorge UG (limited liability) or HeavenHR Lohnabrechnung UG (limited liability) and in order to contact you regarding brokerage of tailored insurance policies and financial services and to transfer your data to the providers for the creation of customized offers. You may revoke your consent at any time with effect for the future, e.g. by e-mail to:

  7. 1.7. Logfiles

    Each time you retrieve a website, certain information is automatically sent by your browser to the server of the website and then stored by the server in a log file. These contain information about:

    • the type and version of the browser you use;
    • the operating system you use;
    • the website from which you have come to their current website;
    • the host name (IP address) of your computer; and
    • the time when you visited the site.

    Subject to any legal storage requirements, we delete or anonymize your IP address after you leave the website of HeavenHR.

    Otherwise, we use the information transmitted by your browser to our server in anonymized form, i.e. without it being possible to draw conclusions about your identity, in order to analyze and improve our services. In this way, we can discover potential errors or ascertain the peak days and times when HeavenHR is used.

  8. 1.8. Cookies

    "Cookies" are small text files used by websites that your browser stores on your computer. "Session cookies" are stored temporarily in the working memory and are automatically deleted again when you close your browser. "Permanent cookies" are stored for defined extended periods of time on your hard disk; they are automatically deleted after the expiration of a fixed interval.

    Cookies are intended above all to make the use of the website more easy, effective and safe. We use cookies in order to be able to identify you continuously during your session after logging into HeavenHR. At the end of your session, the corresponding session cookie automatically expires.

    You can set your browser to generally not accept cookies or to only accept them after you have expressly confirmed them. You can easily learn how this works using the help function in your browser. If no cookies are accepted by your browser, however, the functionalities of HeavenHR might be restricted or completely unavailable.

    You can find more information about Cookie Settings using Google Chrome, Mozilla Firefox, Safari 9 und Windows Explorer here:

    To understand how to manage cookie settings in other browsers you can use the help function in your browser.

    If you only want to accept our own cookies but not the cookies of our service providers and partners, you can select the setting in your browser "Block cookies from third-party providers.".

  9. 1.9. Google Analytics

    This website is using functions from the web analysis service provider Google Analytics. Provider is the Google Inc. 1600 Amphitheatre Parkway Mountain View, CA94043, USA. Google Analytics is using so called cookies. These are little text files that are being saved on your computer and allow us an analysis of your usage of our web site. The information created through this cookie regarding your way of using this website are usually transferred to a server from Google in the USA and saved.

    We point out that Google Analytics is extended on this website by the code "gat._anonymizeIp();" in order to warrant anonymized processing of IP addresses (so-called "IP masking"). This means that your IP address will be shortened before being processed in member states of the European Union and all other states parties to the agreement within the European Economic Area (EEA). Only in exceptional cases the IP address will be transferred to the Google servers in the USA and will be shortened there.

    On behalf of HeavenHR GmbH, Google will use this information to evaluate your using of this web site, to create reports regarding web site activity and to deliver other services to HR. your browsers IP address collected in the scope of Google Analytics usage will not be brought together with other data from Google.

    You can set your browser to generally not accept cookies or to only accept them after you have expressly confirmed them. You can easily learn how this works using the help function in your browser. If no cookies are accepted by your browser, however, the functionalities of HeavenHR might be restricted or completely unavailable.

    You can furthermore avoid the collection of the data created through the cookie, containing information about your usage of our web site such as your IP address and the transferring to Google as well as the data processing through google through installing a browser plugin:

    You can find more detailed information on the terms and conditions of use and data protection at

  10. 1.10. Google AdWords

    We are using remarketing technology provided by the company Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). This technology enables us to target users that have visited our online pages or used online services in and showed interest in the service with targeted advertising on pages of google network partners. The advertisement happens through the use of cookies. Cookies are small text files that are being saved on the user's computer. Thanks to this small text document we can analyze the behavior of homepage visitors; and show them targeted recommendations and interest-based ads.

    We are collecting information for Google AdWords with the DoubleClick-Remarketing-Pixel. By visiting the Deactivation page for DoubleClick or the Deactivation Page of the NAI you can deactivate the DoubleClick-Cookies.

  11. 1.11. CrazyEgg

    We are using a web analysis technology "CrazyEgg" provided by the CrazyEgg Inc. USA. We use the CrazyEgg analysis service to obtain information regarding how our site visitors are using our Homepage. Through the technology of the CrazyEgg Inc.; visitor information is collected and transferred to the servers of the CrazyEgg Inc. This technology enables us to visualize how visitors are using our homepage. For example, we can see aided by heat map technology which parts of our homepage are the most visited and the most clicked on.

    For this we also use cookies. CrazyEgg does not collect information through our websites for any advertising purpose, nor do they collect any personally identifiable information via our homepage. However, you may not wish to be tracked by CrazyEgg in any way. You can object to the collection and storage by CrazyEgg through certain settings in your browser.

    To understand the purpose and scope of data collection and the treatment and use of this data by CrazyEgg as well as your options to opt out of data collection and protect your privacy, please visit CrazyEgg's privacy policy:

  12. 1.12. Mixpanel

    In order to statistically evaluate activities on our page, we are using the Technologies of Mixpanel, Inc., 589 Howard Street, #4 San Francisco, CA 94105, USA.

    This service allows us to collect statistical data regarding the use of our homepage. We collect for example information about the devices that are used to visit our homepage. This helps us, to improve content on this page for our visitors.

    We also use this data to improve and optimize our homepage continually to make it more appealing for every user. We can achieve this through the use of cookie technology and a pixel that is integrated on every page. Further information you can obtain through visiting Mixpanel Privacy Policy which you can access under:

    If you want to opt out of the collection and processing of your data through Mixpanel please visit this link:

  13. 1.13. Intercom

    In order to improve user experience for our customers we are using the service Intercom provided by the company Intercom Inc. to offer a customer support through emails and live chat. Regarding personal data, we are transferring your name and email address to Intercom.

    Intercom, Inc. Is complies with the Safe Harbor Framework which aims to reach a higher level of data security for companies that are not based in the EU. More information on data privacy at Intercom you can find under

    To disable the java script code execution from Intercom you can install a java script blocker (e.g. or

2. Transmission or Disclosure of Your Data to Third Parties

In principle, we will not transmit your data to third parties without your consent.

A technical disclosure might occur, however, if and to the extent this is necessary for the operation of HeavenHR or for other reasons in order to establish, conduct or manage your use relation with us. This can be the case, for example, if HeavenHR is hosted by an external service provider, i.e. an external service provider operates the servers for HeavenHR.

In addition, we are obliged by law to disclose data in specific cases at the order of a competent authority, if and to the extent this is necessary for purposes of criminal prosecution, for law enforcement authorities of the federal states to avert danger, to fulfill the legal duties of the constitutional agencies of the Federal Government and the federal states, the Federal Information Service, the Military Counterintelligence Service or the Federal Criminal Authority within the framework of their duties to prevent risks relating to international terrorism or to enforce rights to intellectual property.

Should you use our fee-based offerings, then we must provide your payment data to the necessary degree to a service provider (e.g. a bank or credit card company) in order to facilitate the corresponding transaction.

3. Protection of Your Data

We will deploy technical and organizational measures in order to protect your data from any manipulation, loss or unauthorized access by third parties. These measures include, for example, the use of firewalls and antivirus programs and manual safety precautions. We check and improve our security measures on an ongoing basis in keeping with technological progress.

4. Modification of this Data Protection Policy

We further develop HeavenHR on an ongoing basis in order to be able to always provide you better service. We will update and adjust this data protection policy accordingly if and to the extent necessary.

We will naturally inform you of any modifications of this data protection policy. We will do this both by sending an email to the email address you have provided to us and through an automatic notice upon your first login to HeavenHR after this data protection policy has been updated. Should we require further consent from you regarding our handling of your data, we will naturally obtain your consent before any corresponding changes become effective.

You can retrieve the current version of the data protection policy for HeavenHR at any time in the Internet at We will keep older versions of this data protection policy available for you. You may request these from us by simply sending us an e-mail.

5. Information, Revocation of Your Consent and Authorization, Blockage or Deletion of Your Data

You may request information about what data we have stored about you. You may moreover request us at any time to rectify inaccurate data about yourself or to block or delete your data.

Since we have to verify your identity for those purposes, we do favor postal queries to HeavenHR GmbH, Bergmannstraße 72, 10961 Berlin. If necessary, we will request proof of your identity before processing your concern. This serves to protect your data from manipulation or deletion by third parties

However, if and to the extent storage rights or duties are stipulated by law, we will block the corresponding data from any further use.

You may revoke in whole or in part with effect for the future consents that you have given us by approving this data protection policy to collect, process and use your personal data. This also applies to any subsequent further consent to collect, process or use your personal data. The consequence of such revocation may be that you might not be able to use HeavenHR any longer or might only be able to use HeavenHR in a restricted fashion.

6. Controller and Contact Person

HeavenHR GmbH is the "controller" in the terms of data protection law for own services which HeavenHR GmbH performs at your request. You may retrieve corresponding information about HeavenHR GmbH and the address or commercial register data from our imprint at

Should you have any questions regarding this data protection policy or regarding our collection, processing or use of your data, please contact us by email at, or by regular mail at HeavenHR GmbH, Bergmannstraße 72, 10961 Berlin.

Version: 09/2016