We respect the privacy of our customers, users and employees. As a company that provides intranets for businesses, we need to collect, store and process data about our customers. Our customers also use our platform to store and use their own personal data, for example about their employees. Data protection is therefore a very high priority for us.
We are committed to processing personal data in accordance with this Privacy Policy and applicable laws. This privacy statement contains information about what personal data we collect, what the basic principles of data processing are and what rights you have in relation to your personal data. Through our intranets, we also act from time to time as a data processor for our customers (e.g., for companies or organizations that use our platform), which means that we process personal data on a contractual basis on behalf of our customers according to their specifications. We therefore urge you to also read the privacy policy of our customers.
We may update this Privacy Policy in connection with the development of our business or changes in applicable laws, so please review this Privacy Policy from time to time.
Data Controller
The data controller in connection with the processing of personal data pursuant to this Privacy Policy is:
COLLYOU UG (haftungsbeschränkt).
Lüßweg 30
82418 Murnau
Represented by:
Robert Rohlfs, Thorsten Mötje
Telephone: 089 237 491 76
E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
We may also refer to Sion-hub as "SION", "we" or "us" in this Privacy Policy. It is our responsibility to process personal data in accordance with this Privacy Policy and applicable data protection laws.
Data protection officer: Tim Lavagi
For what purposes is personal data collected and used and what is the legal basis for processing personal data?
We collect, store and process personal data only for predefined purposes. We also always make sure that there is at least one legal basis for processing personal data. The main purposes and applicable legal bases for processing personal data are:
To provide our services. Personal data is collected and used to manage the overall customer relationship, as well as to fulfill our obligations and to bill for services. The legal basis for this processing is a contract between SION and the customer.
Sales and Marketing. We also collect and use personal data for marketing purposes, including direct marketing and contacting potential customers. We may also use personal data to place advertisements on digital media platforms such as social media and search engines or to target our business. The legal basis for this processing is in particular our legitimate interest. However, an individual can prohibit direct marketing at any time by sending an email to This email address is being protected from spambots. You need JavaScript enabled to view it.. We do not sell or rent personal data to third parties for marketing purposes.
Customer Communications. We also collect and use Personal Data for customer communications, including handling support requests and customer feedback, and notifying users about the Service. The legal basis for this processing is the fulfillment of contractual obligations and our legitimate interest.
Collaboration with partners. We may share personal data about potential or existing customers with our local business partners and resellers in order to handle contact requests and provide local SION sales, marketing, support and customer service. These partners usually have a contractual relationship with SION and are bound by confidentiality obligations. As data controllers, they process personal data in accordance with their own privacy policies. Some of these partners may also be located outside the EU/EEA. In this case, we ensure that appropriate safeguards are in place for the transfer of data.
Analytics and Business Development. We also use the personal data as well as the anonymized data generated by the use of our service to develop our own digital service. The legal basis for this processing is primarily our legitimate interest.
Human Resources and Recruitment. Personal data of employees and applicants is collected and used mainly for human resources management, payment of salaries, fulfillment of other rights and obligations related to employment contracts, compliance with legal requirements related to employment, and evaluation and selection of applicants for vacancies. The legal basis for this processing may be the performance of a contract between SION and the employee, consent (applicants) and the fulfillment of legal obligations related to employment.
What personal data is collected and from what sources?
The personal data we hold relates primarily to the following groups of people: potential and existing customers, potential and existing employees, and various other roles within a customer organization, such as project staff and contract contacts.
The personal data we collect and use is largely provided by the individual. Some data is also created and generated during the use of our service. For both job applicants and potential clients, we also receive personal data from external or public sources as we are constantly seeking both new employees and new clients. This includes companies or services such as LeedFeader, Fonecta, Dista Oy, Discover.org, and contact lists created by virtual assistants UpWork.
As for potential employees, we could also get information from public sources such as LinkedIn, Monster, StackOverflow and CV boards. However, with respect to applicants and people we interview, we only use information provided by the applicant herself or with her consent from other sources, such as references.
SION websites
When you visit SION's websites, you are not required to provide any personal information. However, when you contact us through the chat feature on SION's websites, when you sign up to receive information from us, or when you sign up to use our platforms, you are required to provide some personal information about yourself and we may collect some navigational information in accordance with our Cookie Policy.
Personal Data
"Personal Data" refers to any information you submit to us that personally identifies you. This may include, for example, your name, email address, company name, address, phone number, and other information about you and/or your company. This may also include publicly available information about you, information that is available about you online through websites such as Facebook, LinkedIn, Twitter and Google.
In addition to other uses identified in this Privacy Policy, we may also use your personal information to:
Improve your browsing experience by personalizing SION's websites;
Send you information that we think may be of interest to you by email or otherwise;
Link the analytics information we store to personally identifiable information you submit to us; and
Contact us for marketing purposes related to our business that we believe may be of interest to you.
Navigation Information
This refers to information about your computer, device, visits to SION's websites, including your IP address, geographic location, browser type, referral source, dwell time, page views and heat mapping. We use navigational information to operate and improve SION's websites and may also use it to provide you with personalized information about SION. Due to the nature of the information being collected, it is possible that Navigation Information may contain personally identifiable information.
Service providers
SION's websites integrate some services provided by third parties. We may share some of your information with these service providers in order for them to provide their services, including removing repetitive information from prospect lists, analyzing data, providing marketing assistance, conducting customer and/or user profiling, and providing customer service.
SION endeavors to enter into data processing agreements with each service provider prior to implementing third party services on SION's websites or services to ensure that your personal data is used, stored and transferred securely and in accordance with European Union law. Nevertheless, SION does not control or assume responsibility for the content or practices of these service providers, including their data storage and transfer policies, and this Privacy Policy does not apply to those features, which are subject to their own policies and terms.
SION's External Websites
SION and Services' websites may contain links to other websites operated by third parties. The provision of these links does not imply our endorsement of those other websites or their content, owners or practices. This Privacy Policy does not apply to those other websites, which are subject to their own terms and policies. SION does not control or assume any responsibility for the content or practices of these other entities.
Customer testimonials & quotes
We may post customer testimonials and quotes on SION's websites, which may contain some personally identifiable information. SION obtains the consent of each customer and featured individual before we publish their name.
Data we collect and process about our customers:
Company name
Name of contact person
End user profile information as provided by the customer or user.
Work email and work phone
Billing details
Marketing opt-in's / opt-out's / opt-out's.
Email address for marketing messages
Contact details for support issues
Contact details for billing and contract processing
and similar data.
Data we collect and store about our employees:
Name and contact details
Social security number
E-mail
Salary payment and withholding tax data
Health data and union data only in furtherance of legal obligations related to employment.
Data we collect and store about our applicants:
Basic contact information
Application and resume
With consent, data from other sources, e.g. LinkedIn, references and previous colleagues or supervisors.
Data entered by users
Our customers and employees in their companies may use the company intranet solution to store and process personal data if they are considered a data controller; in these situations, we act as their data processor under a contract. In these cases, we process personal data only on behalf of the relevant customer on their instructions and only for as long as we have a valid contract. Further details on this processing can be found in our customers' privacy policies. As a data controller, the customer has full control (and also responsibility) over what personal data it wishes to enter into the Platform and on what legal basis it has the right to process and transfer it to SION, including obtaining necessary permissions if required. SION does not verify the data entered by the customer on the Platform.
Who processes personal data and is it shared with third parties?
Personal data is mainly stored in electronic form and only authorized personnel within our company have access to the data. The more sensitive the data, the fewer people have access to it (e.g. health data about employees).
We may also use third-party vendors for data storage (e.g., cloud storage), digital marketing, payment processing, and other processing of personal data. In these cases, we ensure that we have a written contract with the service provider with data processing provisions and otherwise that the confidentiality of personal data is ensured and that the data is otherwise lawfully processed and transferred. Some of these service providers include Google and Stripe at the time of this Policy.
We may also disclose or transfer personal data to comply with legal obligations or if a government agency requires disclosure. We may also disclose personal data if we are involved in a business sale, such as a merger or acquisition.
If our service providers or data transmitters are located outside the EU, we will ensure that the transfer of data complies with all legal requirements.
We may also transfer pseudonymized or anonymized data when it is not possible to identify an individual. If this type of data is no longer considered personal data, we may also transfer the data to third parties for purposes other than those described in this Privacy Policy.
Is personal data transferred outside the EU?
By default, personal data is not transferred outside the EU. However, in various situations, data may be transferred outside the EU if our service provider is located there.
When personal data is transferred outside the EU, we ensure that (1) the transferee is located in a country with adequate safeguards (as determined by the EU Commission from time to time), the (2) transferee is Privacy Shield certified (if it is a U.S. company), or (3) the transfer is made using model clauses published by the EU Commission.
How long will the data be stored?
We will not store personal data longer than is necessary for its purpose or required by contract or law. Retention periods for personal data may vary depending on the purpose and situation. Retention periods may also be based on applicable laws (e.g. accounting, tax law, employment contract law). We may also update data from time to time. For content that our customers enter into a platform we provide, it is their responsibility to plan retention periods.
How is data stored and kept secure?
Personal data is stored and secured in accordance with general industry standards and practices. We keep personal data confidential. Subcontractors we use to process personal data are also selected based on their privacy practices. For our own systems and data storage, we use only well-established service providers and robust software tools. Access to personal data is also protected by user-specific logins, passwords and user rights. Our premises are also safe and secure.
Is it mandatory to provide personal data? What happens if you do not provide it?
We need to collect and process a certain amount of personal data in order to provide the service and ensure that an authorized person enters into a contract on behalf of our client, provides the agreed services, and identifies the registered users of our platform. In the context of employment, we also need to process at least the personal data necessary to fulfill employment contracts and legal obligations related to employment.
In recruitment situations, it is not mandatory to provide us with information. Everything is done on a voluntary basis. However, if you do not provide necessary information, we may not be able to process your application.
Does SION's website use cookies and what are they?
We use cookies to provide our service. If you disable cookies, the service may stop working.
We also use cookies on SION's various websites to provide our website visitors with the best possible user experience. Cookies are small text files that are placed on a web user's computer and are designed to store a modest amount of data about a particular user. Cookies tell us how users use SION's websites. We may use cookies to develop SION's websites and services, analyze SION's websites, and target and optimize marketing efforts. If you do not wish to receive cookies, you can set your web browser to disable them. Please note that most browsers automatically accept cookies. If you disable cookies, you should understand that our services or our SION websites may not function properly.
What rights does an individual have in relation to their personal data?
Access to data
You have the right to confirm whether we process your personal data and also what data we have about you. You are also entitled to some additional information described in the Law on Processing Activities. For access requests, please contact us as described in the next section.
Withdrawal of your consent
If we process personal data based on your consent, you may withdraw your consent at any time by notifying us by email to This email address is being protected from spambots. You need JavaScript enabled to view it..
Right to rectification of errors
You have the right to request that we correct any inaccurate or outdated personal data we hold about you.
Right to prohibit direct marketing
You have the right to request that your personal data not be processed for direct marketing purposes by emailing us at This email address is being protected from spambots. You need JavaScript enabled to view it..
Unsubscribe from marketing communications
You may unsubscribe from receiving our marketing communications at any time by clicking on the "unsubscribe" link at the bottom of our emails and contacting us by email at This email address is being protected from spambots. You need JavaScript enabled to view it..
Right to object to processing
If we process your personal data for reasons of public interest or our legitimate interest, you have the right to object to the processing of your data, unless there is another important reason that overrides your rights or the processing is not necessary to process legal claims. Please note that we may not be able to serve you in this situation.
Right to restrict processing
In certain situations, you have the right to request that we restrict the processing of your personal data.
Right to data portability
If we process your personal data based on your consent or performance of a contract, you have the right to request that we transfer the data you have provided to us to another service provider in a commonly used electronic format.
How can an individual use their rights?
You can exercise and use your rights by sending us an email to This email address is being protected from spambots. You need JavaScript enabled to view it.. In this case, we will ask you to provide us with your name, contact information, phone number, and something we can use to verify your identity, such as a written and signed (and scanned) request or a copy of your personal ID, but excluding social security number and other information we do not need. If you believe that the processing of your personal data is not lawful, you can also make a notification to a supervisory authority at any time (in Bavaria, please contact the State Data Protection Commissioner at https://www.lda.bayern.de/en/complaint.html).
Can this privacy statement be updated?
We may update this privacy statement as our operations change or develop. Changes in the law may also make it necessary to update this privacy statement. The changes will take effect once we have posted them in the form of an updated Privacy Policy. Therefore, please visit this page and review this Privacy Policy from time to time.