Introduction

DastN GmbH (“DastN” or “we”) is committed to protecting your personal data and privacy. This Privacy Policy explains how we collect, use, and safeguard personal data in compliance with the EU General Data Protection Regulation (GDPR) and applicable German data protection laws. It applies to our services in International Relocation (for employers and candidates) and Digital Transformation & ERP consulting (Odoo-based), as well as your use of our website (dastn.com). We process personal data lawfully, fairly, and transparently for specified purposes only. All personal data is stored and processed on secure servers located within the European Union. We do not transfer your data to countries outside the EU/EEA, except as noted below under strict safeguards.

Data Controller and Contact Information

The Data Controller responsible for your personal data is:

DastN GmbH
Kurfürstendamm 194
10707 Berlin, Germany
HRB 230821 B (Amtsgericht Charlottenburg, Berlin)

Email: info@dastn.com

Phone: +49 30 700 159 547

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us using the above details.

Categories of Data Subjects

This Privacy Policy covers the personal data of the following categories of individuals (“data subjects”):

Clients: Our customers, including employers and business clients using our relocation or consulting services, and their representatives.
Job Applicants/Candidates: Individuals who apply for jobs or participate in international relocation through DastN’s services (e.g. candidates seeking placement with employer clients).
Website Visitors: Individuals who visit or interact with our website or online services (e.g. users of our contact forms or analytics tracked visitors).
Contractors and Partners: Natural persons who are contractors, consultants, or external service providers working with or for DastN (e.g. support contractors, outsourcing team members).

Personal Data Collection and Sources

We collect personal data directly from you as well as through your interactions with our services. The types of data and collection sources include:

Contact Forms: When you fill out contact forms on our website or request information, we collect the information you provide. This typically includes your name, contact details (email address, phone number), company/organization, and the content of your message or inquiry. We use this data to respond to your requests and provide information.
Application Portals: If you apply for a job opportunity or relocation via our online portals or recruitment forms, we collect data such as your name, contact information, CV/résumé details, employment history, education, qualifications, and any other information you submit (e.g. cover letter, references). This may also include personal identification details needed for relocation (e.g. date of birth, nationality, visa status) and any documents you upload. We gather this data to evaluate your application and facilitate the recruitment/relocation process.
Client Communications: If you communicate with us by email, phone, or other channels (for example, as a client or candidate), we may collect and store the personal data you provide during those communications. This includes contact details, the content of emails or call notes, and any other information you share while we assist you. These communications may be recorded or documented for quality assurance, contract execution, and to keep track of project or case progress.
Website Analytics Data: We use website analytics tools and tracking technologies (such as Google Analytics and Meta Pixel) on our site. These tools automatically collect certain data about your device and browsing behavior when you visit our website, only with your consent where required. The data collected may include: IP address (anonymized where possible), browser type and version, device identifiers, pages visited and time spent, referral source, and cookies or pixel tags that uniquely identify your browser. We use this information to analyze website traffic, measure marketing effectiveness, and improve our website and services.
Cookies and Similar Technologies: Our website uses cookies and similar technologies to enhance user experience and gather analytics (see Cookies and Analytics section below for details). Some cookies may collect personal data or be linked to other data about you, as described in that section.
Other Sources: In the course of providing our services, we may also receive personal data from third parties or publicly available sources. For example, an employer client may provide us personal details of a candidate for relocation, or we might receive verification information from service providers (such as background check agencies or visa processing partners). If we collect data from third-party sources, we will treat it in accordance with this Policy and applicable law.

We do not collect any special categories of sensitive personal data (such as health, genetic, or biometric data) unless it is voluntarily provided by you and necessary for the specific service (in which case we will seek explicit consent or otherwise ensure lawful processing). We also do not knowingly collect personal data from children under 16 without appropriate consent.

Purposes of Processing and Legal Bases

We process personal data only for purposes that are legitimate and necessary for our business and as permitted by law. For each processing activity, we rely on one or more of the legal bases provided under Article 6(1) GDPR (and corresponding provisions of German law). Below we explain the purposes for which we use personal data and the associated legal bases:

Providing Services and Fulfilling Contracts: We use client and candidate data to deliver our relocation services and digital transformation/ERP consulting services. This includes processing personal data to arrange international relocations (e.g. handling immigration paperwork, coordinating travel/logistics, matching candidates with employers) and to perform consulting projects or software implementations for clients. Legal Basis: Processing is necessary for the performance of a contract with you or to take pre-contractual steps at your request (GDPR Art. 6(1)(b)). For example, if you are an employer client, we process your contact and company details to execute our service agreement; if you are a candidate, we process your application data to consider you for job placement and relocation assistance.
Communication and Responding to Inquiries: We process personal data when we communicate with you to respond to questions, requests, or support needs (whether you are a prospective client, existing client, candidate, or site visitor). Legal Basis: Our legitimate interest in providing you with information and support, and/or steps preparatory to entering a contract (Art. 6(1)(f) or Art. 6(1)(b) GDPR). When you voluntarily contact us, we have a legitimate business interest to use your provided data to reply appropriately. In some cases, your consent may also serve as a basis (Art. 6(1)(a)), for instance if you fill out a form explicitly consenting to be contacted.
Recruitment and Candidate Placement: We use personal data from job applicants and candidates to assess qualifications, arrange interviews, present candidates to employer clients, and facilitate employment contracts and relocation. This may involve sharing certain candidate data with the potential employer (client) that is offering the job. Legal Basis: Performance of a contract or steps prior to a contract (Art. 6(1)(b)), as the processing is necessary to evaluate and potentially place the candidate in a position. When required by law, we will obtain consent for specific processing (e.g. if we retain a candidate’s CV for future opportunities, we may ask for consent).
Marketing and Business Development: With your consent, we may use your contact information to send newsletters, updates about our services, or invitations to events/webinars. We may also process data to develop and improve our services or to understand client needs (analytics, surveys, etc.). Legal Basis: Consent (Art. 6(1)(a)) for electronic direct marketing communications. You can withdraw consent at any time. In limited cases, we might rely on legitimate interests (Art. 6(1)(f)) to inform existing clients about similar services, but will always respect opt-out requests.
Website Analytics and Improvement: We process data collected by cookies and analytics tools to understand how users interact with our website, to troubleshoot performance issues, and to improve user experience and the relevance of our content. Legal Basis: Consent (Art. 6(1)(a)) – we will only deploy non-essential cookies or analytics (like Google Analytics, Meta Pixel) if you have given consent via our cookie banner or settings. For strictly necessary technical cookies (that ensure the website functions correctly), the legal basis is our legitimate interest (Art. 6(1)(f)) in providing a functional website.
Legal Compliance: We may process personal data to fulfill our legal obligations under EU or German law. Examples include maintaining proper business records, accounting and tax filings, complying with employment or immigration laws during relocations, and responding to lawful requests by public authorities. Legal Basis: Compliance with a legal obligation (Art. 6(1)(c) GDPR). For instance, German commercial and tax laws require us to retain certain transaction data for set periods.
Security and Fraud Prevention: We process personal data as needed to ensure the security of our systems, website, and users. This includes using server logs and security monitoring to protect against unauthorized access, malware, or other cyber threats, and to detect or investigate fraud or abuse. Legal Basis: Legitimate interests (Art. 6(1)(f)), as we have a legitimate interest in maintaining the integrity and security of our services. In some cases, processing may also be necessary to protect vital interests (Art. 6(1)(d)) if, for example, we need to process data to prevent harm.
Establishing, Exercising or Defending Legal Claims: If necessary, we will use relevant personal data to establish or exercise our legal rights or defend against legal claims (e.g. in disputes, litigation, or regulatory investigations involving us or our clients). Legal Basis: Legitimate interests (Art. 6(1)(f)), as processing is necessary for our legitimate need to protect our legal position. In certain situations, processing may also be based on legal obligation if we are required to retain or disclose information by law or court order (Art. 6(1)(c)).

Where our processing is based on your consent, you have the right to withdraw that consent at any time, which will apply going forward (this will not affect the lawfulness of processing done before the withdrawal). Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms to ensure no undue impact on your privacy. You have the right to object to processing based on legitimate interests (see Your Rights below). If we need to process personal data for a new purpose that is incompatible with the original purpose, we will inform you and, if required, seek your consent or provide a relevant legal justification.

Data Sharing with Third Parties

We treat your personal data with care and confidentiality. We do not sell or rent personal data to third parties. However, in order to run our business and provide our services, we may share personal data with certain third-party recipients under strict conditions and only for the purposes described above:

Service Providers (Processors): We may disclose personal data to trusted third-party service providers who process data on our behalf and under our instructions. Examples include website hosting providers, cloud storage or IT infrastructure providers, customer relationship management (CRM) software (including Odoo-based systems), email service providers, analytics services (like Google and Meta for analytics/tracking), or other vendors that help support our operations. We ensure such providers are bound by data processing agreements as required by GDPR Article 28, which contractually oblige them to safeguard your data and use it only for our specified purposes.
Employer Clients and Business Partners: If you are a job applicant or candidate for relocation, we will share necessary personal data with the prospective employer or client that is interested in hiring or relocating you. This is a core part of our relocation/recruitment service. We will only share details relevant to the hiring decision (such as your CV, qualifications, and necessary personal info) and only with organizations involved in your placement. We may also share limited personal data of clients or candidates with partner organizations or consultants collaborating on delivering the service (for example, a local immigration lawyer or relocation agent assisting with visa processing). In all cases, such sharing is strictly for fulfilling our contract with you or the client, and the recipients will be informed to use the data only for these purposes.
Affiliated Companies: Currently, DastN GmbH does not have any parent or subsidiary companies outside of its own operations. If in future we operate any affiliates or branch offices, your data may be shared within our corporate group on a need-to-know basis, under the same security and privacy practices.
Legal and Compliance Recipients: We may disclose personal data if required to do so by law or legal process, or if we are compelled by competent authorities. This includes sharing data with government agencies, courts, regulators, or law enforcement (for example, disclosing information to immigration authorities for visa applications, or to tax authorities during an audit). We may also disclose data to our external auditors, legal counsel, or insurance providers if necessary for compliance or to protect our rights.
Professional Advisors and Contractors: We may share data with our professional advisors (such as lawyers, accountants) if needed for consulting on a matter involving your data (e.g. a legal dispute or complex relocation case). In addition, personal data might be accessible to individual contractors or consultants we hire (including those mentioned in the next section on international access) to perform services for us (such as IT support, development, or customer support). These persons are bound by confidentiality agreements and GDPR-compliant contracts. They will only process data under our direction and for the tasks we’ve engaged them for.

We may share candidate personal data with authorized third parties in order to provide our services. This includes sharing your information with prospective employers, relocation partners, email service providers, and other partners who assist in the job placement or immigration process. Any third-party that receives candidate data is bound by strict data protection agreements and will only use the data for the specified purposes in compliance with GDPR. We do not sell personal data to unrelated third parties, and we ensure that all data sharing is conducted lawfully, with your consent or another valid legal basis under GDPR.

In all cases of data sharing, we adhere to the principle of data minimization: we only share the minimum amount of personal data necessary for the purpose. We also ensure that any third party receiving personal data has an obligation to keep it secure and confidential. If a third party acts as a data processor on our behalf, they are not permitted to use the data for their own purposes. If any third party will act as an independent controller (for example, an employer client receiving candidate data for hiring), we ensure that appropriate safeguards or agreements are in place and that you are informed of such disclosures when required.

International Data Transfers

DastN operates globally, and your personal data may be processed on servers or by staff located outside your home country. In particular, if you are applying for jobs in a country different from your residence or if we use cloud service providers based in other regions, your data might be transferred to or accessed from countries outside the European Economic Area (EEA). Whenever we transfer personal data out of the EEA, we ensure adequate safeguards are in place in accordance with GDPR Article 46. These safeguards may include:

• EU Commission Adequacy Decisions: Only transferring data to countries that the EU has officially determined have an adequate level of data protection.

• Standard Contractual Clauses (SCCs): Implementing EU-approved contractual clauses with the recipient, obligating them to protect your data to EU privacy standards.

• Additional Technical and Organizational Measures: Such as encryption of data in transit, strict access controls, and pseudonymization where possible.

You will be informed if your data needs to be transferred internationally as part of our service. We remain responsible for the processing of personal data by third-party agents on our behalf and will ensure it is secure and lawful. If you have any questions about international data transfers or want to obtain a copy of the relevant safeguards in place, you can contact our Data Protection Officer (see Contact section below).

Data Security Measures

We take the security of personal data very seriously and implement appropriate technical and organizational measures (“TOMs”) to protect your data against unauthorized access, loss, alteration, or disclosure. These measures are designed to provide a level of security appropriate to the risk of our data processing. They include, but are not limited to:

Encryption: We use encryption technology to protect data in transit over networks (for example, our website is served over HTTPS/TLS encryption to secure data entered online). Sensitive data stored in our systems is protected with encryption or hashing where applicable.
Access Control: Personal data is accessible only by authorized personnel of DastN and our authorized processors who need access to perform their duties. We enforce role-based access controls and authentication mechanisms (strong passwords, two-factor authentication where possible) to prevent unauthorized access.
Secure Infrastructure: Our servers are located in secure data centers within the EU with robust physical security and environmental controls. We ensure our hosting providers maintain high security standards (firewalls, intrusion detection systems, regular security audits). Software and systems are kept up-to-date with security patches to mitigate vulnerabilities.
Confidentiality and Training: All DastN employees, contractors, and partners who handle personal data are bound by confidentiality obligations. We provide training and guidance to our team on data protection principles and security practices, ensuring that they understand the importance of protecting personal data.
Data Minimization and Pseudonymization: We strive to collect only the personal data that is necessary for the purposes stated. Where feasible, especially in analytics or testing scenarios, we use pseudonymization or anonymization so that individuals are not readily identifiable. For example, analytics data may be aggregated or stripped of direct identifiers.
Monitoring and Breach Management: We monitor our systems for potential security incidents and have procedures in place to detect and respond to data breaches. In the unlikely event of a data breach affecting personal data, we will promptly contain the issue, assess the risk, and notify affected individuals and authorities as required by GDPR.

Despite our best efforts with industry-standard security, no system can be guaranteed 100% secure. However, we continuously evaluate and improve our security measures to adapt to new threats and ensure your personal data remains protected. We also encourage you to take precautions when transmitting data to us (for instance, be mindful not to send highly sensitive information via unencrypted email).

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or to comply with legal or contractual obligations. Retention periods may vary depending on the category of data and the context of processing:

Service Data (Client and Candidate Records): If you are a client or a relocation candidate, we will retain your personal data for the duration of our contractual relationship. This includes maintaining the information needed to deliver our services and fulfill our obligations to you. After the relationship ends (for example, after a relocation project is completed or a consulting contract terminates), we will keep relevant data for a period necessary to conclude any post-service matters (such as final reports or support) and as required by law. In general, we may retain contract-related data for up to six (6) to ten (10) years following the end of the contract, in line with German commercial and tax record-keeping requirements (Handelsgesetzbuch, Abgabenordnung) and to be able to address any legal issues or audits.
Job Applications (Unsuccessful Candidates): If you applied for a job or relocation opportunity but were not successful, we will typically retain your application data for a limited period (e.g. 6 months after the position is filled) and then delete or anonymize it. This retention allows us to comply with German Equal Treatment Act requirements and to defend against any potential discrimination claims related to the hiring process. If you consented to have your application kept on file for future opportunities, we may retain it for a longer period specified in that consent (or until you withdraw consent).
Website and Analytics Data: Data collected via cookies and analytics is retained according to the tool’s settings and your preferences. For instance, Google Analytics data may be retained for a period (e.g. 14 months) as configured, but we do not identify individual site visitors from this data. Cookie lifespans vary: some cookies (like session cookies) last only while your browser is open, whereas others (like tracking cookies) may persist for months unless you delete them. We honor any shorter retention or deletion timeframe you request (for example, if you opt-out or clear cookies).
Legal Retention Requirements: Certain data must be retained for specific statutory periods. For example, invoices, contracts, and business communications may be kept for 6 to 10 years to satisfy commercial and tax law. Similarly, records relevant to immigration or employment (in the context of relocation) might be kept for the durations mandated by law. During such period, we archive the data securely and restrict access to only what’s necessary for compliance purposes.
General Policy: Unless a longer retention period is required by the above conditions or other legal grounds, we will delete or anonymize personal data once the purpose for collection has been fulfilled and we no longer have a lawful reason to retain it. In any case, when personal data is no longer needed, we ensure it is either irreversibly anonymized (so it can no longer be associated with an individual) or securely deleted/shredded from our systems.

After expiry of the applicable retention period, personal data will be either deleted or anonymized without undue delay. For example, if you request deletion of your data or withdraw consent, we will erase the data unless we are legally required or permitted to retain it longer (in which case we will isolate the data and keep it only for the mandated period). We also periodically review the data we hold, to ensure we are not keeping data longer than necessary.

Cookies and Analytics

Cookies are small text files that are placed on your device when you visit our website. We use cookies and similar tracking technologies to make our website function properly, to analyze traffic, and to support our marketing efforts. When you first visit our site, you will be presented with a cookie consent notice allowing you to accept or decline non-essential cookies. You can manage your preferences at any time. Below is an overview of how we use cookies and analytics:

Essential Cookies: These cookies are necessary for the website to operate and cannot be turned off in our systems. For example, they may remember your language preferences or maintain session state as you navigate pages. They do not store personally identifiable information and are based on our legitimate interest in providing a functioning service.
Analytics Cookies (Google Analytics): With your consent, we use Google Analytics, a web analytics service provided by Google. Google Analytics places cookies that collect information about how visitors use our site, such as which pages are visited, how long users stay, and which links are clicked. The information generated (including your IP address, which we configure Google to anonymize by removing the last octet) is transmitted to Google servers for analysis. Google may process this data on servers in the United States or elsewhere, but Google is obligated to protect the data under GDPR-compliant terms. We use the insights from Google Analytics to improve our website’s content, performance, and user experience. You can opt out of Google Analytics by not consenting to analytics cookies, or by installing the Google Analytics opt-out browser add-on provided by Google.
Marketing/Tracking Pixels (Meta Pixel): We also use the Meta Pixel (formerly Facebook Pixel), with your consent, to help us measure the effectiveness of our social media advertising and understand user actions on our site after interacting with our ads. The Meta Pixel tracks certain interactions (like page views or form submissions) and reports them to Meta (Facebook/Instagram). This may cause Meta to place cookies or similar technologies on your device. Data collected through the Meta Pixel (such as your Facebook User ID if you’re logged in, or device information) may be processed by Meta in accordance with their privacy policies. We do not receive personal data from Meta that identifies you; rather, we receive aggregated insights (for example, how many users completed a form). You can control how Meta uses your data for ads in your Facebook privacy settings, and you can opt out of the pixel by declining marketing cookies on our site.
Third-Party Integrations: Our website may incorporate content or scripts from third-party services that could set cookies or collect data (for example, an embedded map or a video player, or using Odoo’s web portal functionalities). Whenever we include such integrations, we do so to enhance your experience or facilitate our services. We ensure that any third-party integration we use is assessed for data protection compliance. You will be informed or asked for consent where those services might collect your personal data. For instance, if we integrate a chat support widget or a scheduling tool, we will provide you with relevant information about any data processing that tool performs.

Managing Cookies: You have the right to decide whether to accept or reject cookies (aside from those strictly necessary). When you first visit, you can choose your cookie settings. If you later change your mind, you can adjust your browser settings to block or delete cookies. Most browsers allow you to remove or refuse cookies and to alert you when a cookie is set. Please note that disabling certain cookies may affect the functionality of our website; for example, some features might not work properly if cookies are entirely blocked.

In addition to browser controls, we honor any specific cookie preferences you’ve set via our website (if we provide a cookie settings tool). If you want to opt-out of tracking by Google Analytics or Meta Pixel without affecting other site cookies, you can use the aforementioned opt-out solutions (Google’s add-on, or adjusting ad settings on Facebook/Meta services).

Do Not Track: Our website currently does not respond to “Do Not Track” signals from browsers. However, we only use tracking cookies with your consent. If you have any concerns about our use of cookies or analytics tools, please contact us for more information. We periodically update our cookie practices in line with legal requirements and will reflect any changes in this Policy or in our cookie consent banner.

Affiliate Link Tracking and Cookies

Our website may use cookies or similar technologies to track affiliate referrals and marketing campaign performance. If you arrive at our site via an affiliate link or advertisement, a cookie will be placed on your browser to attribute any subsequent sign-up or action to that affiliate. This tracking is used solely for referral commission purposes and analytics. We do not collect personal data through affiliate cookies other than what is necessary for tracking and rewarding affiliates. In compliance with GDPR and ePrivacy laws, we will obtain your consent for any non-essential cookies, including affiliate tracking cookies, when you first visit our site. You can manage or revoke your cookie preferences at any time via our Cookie Settings. Please note that disabling affiliate tracking cookies will not affect your use of our site, but it may prevent us from accurately attributing your referral if you were introduced by one of our partners. For more details on the types of cookies we use and how they operate, see our Cookie Policy section of this Privacy Policy.

Your Rights as a Data Subject

In alignment with GDPR requirements, our Privacy Policy is fully transparent about how we collect, use, and share your data. We remind you that, as a data subject, you have rights over your personal data. These include the right to access your data held by us, the right to rectification of any inaccurate data, the right to erasure (to be forgotten), the right to restrict or object to certain processing, and the right to data portability. DastN has processes in place to honor these rights – for example, if you wish to know what information we have about you or request deletion of your data, you may contact us at privacy@dastn.com. We will respond to all legitimate requests within the GDPR-stipulated timeframe. Additionally, if our purposes for processing change or if we engage new third-party processors, we will update this Privacy Policy accordingly and, when required, seek your consent. Our commitment to GDPR compliance means we regularly review and update our privacy practices, ensuring that candidate data is handled with the highest level of care and legal compliance.

Contact Us (Questions or Requests)

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please contact us at:

DastN GmbH – Privacy Team

Email: info@dastn.com

Address: Kurfürstendamm 194, 10707 Berlin, Germany

Phone: +49 30 700 159 547

We will be happy to assist you and will address your inquiry as promptly as possible. For security and privacy reasons, when you contact us about your personal data, we may need to ask you for certain information to verify your identity. This is to ensure that personal data is not disclosed to anyone who does not have the right to receive it.

Changes to this Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We reserve the right to modify this Policy at any time, and any changes will be effective when we post the updated Policy on our website. We will indicate the “Last Updated” date at the top of the Policy so you can see when revisions occurred. In case of significant changes that materially affect your privacy rights, we may also notify you directly (for example, via email or a notice on our homepage) prior to the change becoming effective, where required by applicable law.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data. Your continued relationship with us or use of our website after any updates to this Policy will constitute acknowledgement of the changes.

Email Communications and Service Providers

Email Systems: By providing your email address, you consent to DastN using it to send you service-related communications (such as application updates, interview schedules, newsletters, or marketing offers, if opted in). We use third-party email service providers to manage and deliver these communications. These providers act as data processors on our behalf and are compliant with GDPR. They will only process your email and any personal data in our emails to the extent necessary to send communications. DastN has agreements in place to ensure these providers protect your data, maintain confidentiality, and do not use your information for any purposes other than delivering DastN emails. You can opt out of marketing emails at any time by using the unsubscribe link provided in the email or contacting us directly.