With this privacy policy we, Verve Group Europe GmbH, Karl-Liebknecht-Str. 32, 10178 Berlin Germany (hereinafter „PubNative“ or “we”) would like to inform you about our use of personal data when you visit our website. We realize the importance of protecting the personal data of users and therefore adhere to the applicable data protection laws.

  1. Controller / Contact

The controller responsible for the collection, use, and processing of your personal data within the meaning of Art. 4 no. 7 GDPR is:

Verve Group Europe GmbH

Karl-Liebknecht-Str. 32

10178 Berlin Germany

Should you have any questions or suggestions regarding data protection, please do not hesitate to contact us. You are welcome to direct your data protection concerns to our data protection officer by sending an e-mail to [email protected]. Our full contact details are available here.


Our Data Protection Officer:

Fieldfisher Tech Rechtsanwaltsgesellschaft mbH

Amerigo-Vespucci-Platz 1

20457 Hamburg, Germany

  1. Personal Data

Personal data means any information concerning the personal or material circumstances of an identified or identifiable individual. They include particularly all information making it possible to conclude your identity, such as your name, your address, your phone number, and your e-mail address.

  1. Accessing our website – log files

If you visit our website, your internet browser automatically transfers log information to our server, which is stored in log files, the so-called server log files. The log files include the following data:

–    URL of the referring website

–    Date and time of a request

–    IP address of the accessing computer

–    Volume of data transmitted, browser type and its version

–    Information about whether the processing request was successful

It is technically necessary to process this data to enable you to use the website and to ensure the long-term functionality, availability, and security of our systems. The legal basis for this data processing is Art. 6 (1) (f) GDPR. This data is stored by us only for technical reasons and will, at no time, be assigned to an individual person.

  1. Contact Us

There are various ways for you to get in touch with us. These include contact by e-mail via the address on the contact page or via the “Contact Us” section on our website. In this instance, we shall collect the data you transmit to us for the purposes of processing your inquiry. This includes your name, company, country, e-mail address, subject matter, etc. The legal basis is Article 6(1)(b) GDPR. Data collected for this purpose will be deleted after the need for its storage ceases to exist, or, if there are legal obligations to store it, we shall limit the processing.

  1. Newsletter

You have the opportunity to subscribe to our PubNative newsletter, which informs you about news from PubNative on a regular basis. To receive the newsletter via e-mail, you can sign up on our website. When registering for the newsletter, we ask you to provide your e-mail address so that we can send you the respective newsletter and, in order to address you personally, your name. You can unsubscribe from the newsletter at any time. A corresponding unsubscribe link can be found in every e-mail. It is of course also sufficient if you notify us using the contact details provided above. The legal basis of the data processing in connection with registering for the PubNative newsletter is your consent pursuant to Art. 6 (1) (a) GDPR.

We use the US provider “MailChimp” for sending and managing our newsletters. MailChimp is provided by The Rocket Science Group, LLC, 512 Means Street, Suite 404 Atlanta, GA 30318 (“MailChimp”). MailChimp offers a well-thought-out and technically convincing software solution and the provider is reliable as a security-conscious and responsible company. It is certified under the EU-US Privacy Shield and is thus committed to complying with European data protection regulations. With regard to the data protection regulations applicable in the USA, which deviate from European requirements, we have concluded an additional agreement with the provider which ensures that the data of our users will only be processed on our behalf and, in particular, will not be passed on to third parties. We will transmit the data concerning your registration for the newsletter to MailChimp, which will store it for as long as you remain registered for the newsletter.

In our newsletters, we use market-standard technologies to allow us to measure interactions with the email (e.g. opening of the email, which links are clicked on). We use this data for general statistical evaluations as well as to optimize and further develop our content and customer communication. This is done with the help of small graphics (pixels) embedded in the emails. The data is collected in pseudonymous form only and not linked to your other personal data. The legal basis for this is our aforementioned legitimate interest pursuant to Art. 6 (1) (f) GDPR. With our newsletters, our aim is to share content that is as relevant as possible for our users and to better understand what the readers are actually interested in. If you do not want your usage behavior to be analyzed in this way, you can unsubscribe from the newsletter at any time or disable the display of graphics in your email client by default.

  1. Applying to PubNative

6.1 Online application form.

You can apply to us for advertised vacancies using our online form. The purpose of data collection here is the selection of applicants for potential employment at PubNative or one of the HitFox Group portfolio companies. In order to receive and process your application, we collect the following applicant data: first and last name, email address, telephone number, citizenship and application documents (such as a resume). You may also provide us with additional information that you may want us to consider when you apply (e.g. your salary expectations, availability or additional documents). We will check your application and contact you if necessary, in particular, to make appointments or to clarify any questions.

If you apply for a position at PubNative, in principle we will not pass on your applicant data to third parties, unless you explicitly agree that your application can also be considered by the HitfFox Group portfolio companies.

The legal basis for the processing of your applicant data is Art. 6 (1) (b) and Art. 88 (1) GDPR in conjunction with Section 26 (1) of the German Federal Data Protection Act (BDSG). We store your applicant data upon receipt of your application. If we accept your application and subsequently employ you, we will store your applicant data for as long as the data is necessary for your employment and as far as we are legally required to retain it. If we reject your application, we will store your applicant data for a maximum of six months after rejection of your application, unless you give us your consent to longer storage (PubNative talent pool). The data will be deleted automatically after this period. This also applies to applicant data stored by one of the ventures in our portfolio as part of the application process.

6.2 PubNative talent pool

If you consent to become part of our talent pool, we will store the data you submitted for your application in our PubNative talent pool for a further 24 months. This will allow us to identify any further jobs at PubNative or the HitFox Group portfolio companies, which may be of interest to you and, if necessary, to contact you again using the stored contact details. You can withdraw your consent at any time with future effect by emailing us at [email protected].

6.3 Recruitee

For the recruitment process, PubNative is using the services of Recruitee B.V., Johan Huizingalaan 763, (1066 VH) Amsterdam, the Netherlands (“Recruitee”). Recruitee is a web service implemented on the PubNative website. Applicant data is stored by Recruitee on our behalf. The data is transferred in encrypted form and stored in data centers in Europe. We have concluded a data processing agreement with Recruitee pursuant to Art. 28 GDPR, which ensures that Recruitee processes the data exclusively in accordance with our instructions and guarantees the upholding of European data protection principles. We kindly ask for your understanding that due to data privacy reasons we can’t process applications received outside of Recruitee. Further information about data protection at Recruitee can be found in Recruitee’s privacy policy.

  1. Social Networks

Our website also uses plugins from various social networks. These plugins allow you, for example, to share or recommend blog articles. Integrating the plugins allows the social networks to receive the information that you have called up the relevant page of our website and can collect your device and access data. If you are logged into the social network, the latter may also assign the visit to your account with the relevant social network. If you interact with the plugins, for example by clicking the Facebook “share” button or making a comment, the corresponding information will be transmitted by your browser directly to the social network and stored there. Even if you are not registered with the social networks, websites with active plugins may send data to the networks.

The purpose and scope of the data collection, and the further processing and use of the data by the particular social networks and your rights and configuration options concerning this to protect your privacy, can be found in the privacy notices of the respective social networks and websites.

Facebook social plugins. We use plugins by the social network facebook.com, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). You can find the link to Facebook’s Data Protection Declaration here: Facebook’s privacy policy.

Twitter social plugins. We use plugins by the social network Twitter, operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”). You can find the link to Twitter’s privacy policy here: Twitter’s privacy policy.

LinkedIn social plugins. We use plugins by the social network LinkedIn, operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). You can find the link to LinkedIn’s privacy policy here: LinkedIn’s privacy policy.

  1. YouTube

This website uses Youtube.de/Youtube.com plugins that are provided by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA (“YouTube”), a subsidiary of Google, to integrate videos from YouTube. When you watch a YouTube video, a connection to YouTube’s servers is established and automatically collected data is processed by YouTube. If you are logged in, the information that you played the video will be directly assigned to your Google and YouTube accounts. If you do not want this to happen, you will need to log out before playing the video. Google stores your data and may use it for purposes of advertising, market research and the demand-oriented design of its own websites. Such an evaluation even occurs for users who are not logged in. You can configure your browser to refuse the storage of cookies or you can prevent the recording of data generated by cookies and relating to your use of this website and the processing of this data by Google by disabling the “Ads Personalisation” button in Google’s Ads Settings. In this case, Google will then also only display general advertising in connection with YouTube, which has not been selected based on information collected about you.

Insofar as Google also processes your data in the USA, Google offers safeguards in the form of certification under the EU-US Privacy Shield to ensure its compliance with the European data protection principles. The legal basis for integrating YouTube and the associated data processing is Art. 6 (1) (f) GDPR, based on our legitimate interest in integrating video and visual content to make our website more attractive.

  1. Google Maps

Our website uses the Google Maps services of Google LLC, USA (“Google”). To enable the Google map material we use to be integrated and to be shown on your web browser, your web browser must establish contact with a Google server, which can also be in the USA. If personal data is transmitted to the USA, Google has committed itself to comply with the EU-US Privacy Shield. By establishing contact, Google receives the information that the contact page of our website was accessed from the IP address of your device. The legal basis for this is Article 6 (1) (f) GDPR, based on our legitimate interest in the integration of a map service for contact purposes.

You will find more information in the terms of service of Google Maps and in Google’s privacy policy.

  1. Cookies and usage analysis

10.1 General use of cookies

Our website uses so-called cookies. A cookie is a small text file which is stored by the browser on your device. Cookies are not used to run programmes or install viruses on your computer. The main purpose of our own cookies is rather to provide services tailored especially to you and to make the use of our services as timesaving as possible. Through cookies, different inquiries from your browser can be assigned to the joint session. This enables your computer to be recognized if you revisit our website. The processing of the respective cookies is based on our aforementioned legitimate interests, meaning the legal basis for this is Article 6(1)(f) GDPR.

You can configure your browser settings as desired, for example, to reject the installation of third-party cookies or all cookies. If you do not accept cookies, however, this may in some cases lead to considerable functional restrictions on our website.

10.2 Third-party cookies

In addition, we also use cookies and technologies from third-party providers for analysis purposes as part of the statistical recording and analysis of general usage behavior based on access data. We use the results of such analyses to improve our website and adapt it to the actual needs of our users. The legal basis for the individual examples of data processing described below is Art. 6 (1) (f) GDPR, based on our legitimate interest in the demand-oriented design and continuous optimization of our website.

 a. Google Analytics. Our website uses the web analytics service Google Analytics, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies with a validity of 14 months to record your access data when you visit our website. On our behalf, Google combines the access data into pseudonymous user profiles and transmits it to a Google server in the USA. Your IP address is anonymized beforehand. We are therefore unable to determine which user profiles belong to a particular user. This means that we cannot identify you or determine how you use our website based on the information collected by Google. In exceptional cases where this involves transferring personal data to the USA, Google has also subjected itself to the EU-US Privacy Shield. Google has thus committed itself to ensuring the European data protection principles and level of data protection even in the context of data processing performed in the USA.

On our behalf, Google uses the information generated by cookies for the purpose of evaluating the usage of our website, compiling reports on website activity, and providing us with other services relating to website usage and internet usage. For further information, please refer to the Google Analytics privacy policy.

You may object to these web analytics activities by Google at any time. There are several ways to do this:

    • You can configure your browser to block cookies from Google Analytics.
    • You can place a deactivation cookie by clicking here: [ga_optout]
  • In the browsers Firefox, Internet Explorer and Chrome, you can install the deactivation plug-in provided by Google using the following link (this option does not work on mobile devices): Browser plug-in link

 b. Google Tag-Manager. Our website uses Google Tag Manager, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Tag Manager serves to manage tools for usage data analyses and other services, so-called website tags. A tag is an element that is stored in the source code of our website in order to record, for example, predefined uses and interactions. Google Tag Manager does not use cookies. Google Tag Manager enables us to integrate partners in the context of online advertising. In some cases, the data is processed on a Google server in the USA. In exceptional cases where this involves transferring personal data to the USA, Google has also subjected itself to the EU-US Privacy Shield. Google has thus committed itself to ensuring the European data protection principles and level of data protection even in the context of data processing performed in the USA. For more details, please refer to the information provided by Google about Google Tag Manager.

11. Data Storage

We have implemented comprehensive technical and organizational measures to protect your personal data against possible threats, e.g. unauthorized access, unauthorized disclosure, alteration or distribution, or loss, destruction or abuse. In order to protect your personal data from unauthorized access by third parties during a transmission, the transmission of data might be protected by SSL-encryption, a standardized encryption method for online services.

  1. Service providers, disclosure of data

Some of the data processing undertaken by us can be carried out by our service providers. Apart from the service providers mentioned in this privacy policy, data centers which store our website and databases, IT service providers that service our systems, and consultancy companies are particularly ranked among them. If we do share data with our service providers, these may use the data exclusively for the fulfillment of their tasks. The service providers have been carefully selected and engaged by us. They are contractually bound by our instructions and have suitable technical and organizational measures to protect the rights of the data subjects.

Furthermore, data can be shared with third parties in connection with official inquiries, court decisions, and legal proceedings, if this is required for purposes of prosecution or enforcement, or if there is any other legal basis for such sharing.

  1. Duration of storage

Unless otherwise stipulated above, your personal data will in principle be deleted or blocked as soon as the purpose of the storage ceases to exist. Further storage can take place if this was provided for by appropriate regulations to which we are subject, if further storage is required for purposes of preserving legitimate interests, or if you have given us your consent. The data can also be blocked or deleted if a storage deadline stipulated by appropriate norms expires unless there is a need for continued storage of the data for purposes of concluding a contract or fulfilling a contract.

  1. Your rights

You have the right at any time to require us to provide information about the processing of your personal data (right of access). When providing you with this information we shall explain the data processing and supply an overview of the data relating to your person which are stored. Should data stored with us be inaccurate or no longer up-to-date, you enjoy the right to have these data corrected (right to rectification). You can also require the erasure of your data (right to erasure or right to be forgotten). Should the erasure exceptionally not be possible due to other legal regulations, the data processing will be restricted, so that in future they are only available for this statutory purpose. You can also have the processing of your data restricted, i.e. if you believe that the data which we have saved is not correct (right to restriction of processing). You also have the right of data portability, i.e. that we send you on request a digital copy of the personal data which you have provided (right to data portability).

To exercise your rights as set out here, you can communicate with the foregoing contact details at any time. This also applies should you wish to receive copies of guarantees for certification of an adequate data-protection level.

You also have the right to object to the data processing based on Art. 6 (1) (e) or (f) of the GDPR or for direct marketing purposes. Finally, you have the right to lodge a complaint with a competent data protection supervisory authority. You can assert this right by contacting a supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement. The competent supervisory authority in Berlin is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.

Right of withdrawal and objection. Pursuant to Art. 7(3) GDPR, you have the right to withdraw the consent you gave us at any time. As a result of this, we will cease the data processing based on this consent with future effect. This withdrawal of your consent will not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.If we process your data on the basis of legitimate interests pursuant to Art. 6 (1) (f) GDPR, you have the right under Art. 21 GDPR to object to the processing of your data, and to give us reasons which arise from your particular situation which, in your opinion, show that your legitimate interests override ours. If your objection is to data processing for direct marketing purposes, you have a general right of objection, which we will implement without requiring you to give reasons.

If you would like to make use of your right of withdrawal or objection, it is sufficient to simply notify us using the contact details provided above.

  1. Changes to this Privacy Policy

We reserve the right to change or update this Privacy Policy at any time in accordance with the currently applicable data protection regulations. The current version of our Privacy Policy is available at https://pubnative.net/privacy-policy/.

Updated: March 2024