Comma Soft AG Privacy Policy

The following privacy terms for Comma Soft AG apply in the German version. We have written an English version to the best of our knowledge, however when in doubt the German version always applies.

We reserve the right to update the privacy policy as needed, including at random intervals, without explicit notice. The current version linked on our website always apply.

 

Definitions

The privacy policy of Comma Soft AG is based on the terminology used by the European body issuing directives and regulations when adopting the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easy to read and comprehend for both the public as well as our customers and business partners. To ensure this we would like to first explain the terminology used.

This privacy policy uses the following terms, among others:

1. Personal data

Personal data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Data subject

Data subject means an identified or identifiable natural person whose personal data is processed by the controller.

3. Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4. Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

5. Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

6. Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

7. Controller

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

8. Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

9. Recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

10. Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

11. Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

I. Controller name and address

Within the context of the General Data Protection Regulation and other national data protection laws of member states as well as other data protection regulations the controller is:

Comma Soft AG
Pützchens Chaussee 202-204a
53229 Bonn
Telephone: +49 228 9770-0
Fax: +49 228 9770-200
E-Mail:info@comma-soft.com
Website:www.comma-soft.com

 

Authorised board of directors: Stephan Huthmacher (Chairman)
Benjamin Schulte
Chairman of the supervisory board: Dr. Wolfgang Klein
Registry court: Bonn Local Court
Commercial register number: HRB 8500

 

II. Name and address of the data protection officer

The data protection officer for the controller is:

Frank Becher
Comma Soft AG
Pützchens Chaussee 202-204a
53229 Bonn
Telephone: +49 228 9770-225
E-Mail: frank.becher@comma-soft.com
Website: www.comma-soft.com

 

III. General information about data processing

1. Scope of processing personal data

On principle we only collect and use personal data of our users as required to provide a functional website and our contents and services. The personal data about our users is only routinely collected and used with the user’s consent. This does not apply in cases where unable to obtain prior consent for factual reasons and data processing is permitted by law.

2. Legal basis for processing personal data

Where the data subject has given consent to the processing of his or her personal data, the legal basis is Article 6(1)(a) of the EU General Data Protection Regulation (GDPR).

Where processing is necessary for the performance of a contract to which the data subject is party the legal basis is Article 6(1)(b) GDPR. This also applies to processing operations required for pre-contractual measures.

If necessary for compliance with a legal obligation to which our company is subject, the legal basis is Article 6(1)(c) GDPR.

Where processing is necessary in order to protect the vital interests of the data subject or of another natural person the legal basis is Article 6(1)(d) GDPR.

If processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, the legal basis for processing is Article 6 (1)(f) of the GDPR.

3. Erasure of data and storage period

The personal data of the data subject will be erased or blocked once the purpose for storage no longer exists. Further storage may occur where required by European or national legislation under European Union directives, laws or other regulations the controller is subject to. Data will also be blocked or erased following expiry of a retention period required under the above standards unless further storage of the data is required to conclude a contract or fulfilment of a contract.

 

IV. Provision of website and generating log files

1. Description and scope of data processing

When visiting our website our system automatically collects data and information from the computer system of the computer used to visit the website.

The following data will be collected:

(1) Information about the browser type and the version used
(2) The user’s operating system
(3) The user’s internet service provider
(4) The user’s IP address
(5) Date and time visited
(6) Websites which redirected the user’s system to our website
(7) Websites our website redirected the user’s system to

 The data will also be saved to the log files on our systems. This data will not be stored together with the user’s other personal data.

2. Legal basis for data processing

The legal basis for temporary storage of this data and the log files is Article 6(1)(f) GDPR.

3. Purpose of data processing

The system temporarily storing the IP address is required to allow the website to be delivered to the user’s computer. The user’s IP address must be stored for the duration of the session for this purpose.

Data is saved to log files to ensure proper functionality of the website. The data further allows us to optimise the website and to safeguard the security of our information technology systems. Data is not analysed for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing under Article 6(1)(f) GDPR.

4. Storage period

The data will be erased when it is no longer necessary for the purposes for which it was collected. In the case of collecting data to provide the website, this is the case when the respective session has ended. In the case of data saved to log files, this is at the latest after seven days. It may be stored longer. In this case the users’ IP addresses is erased or disguised so it can no longer be matched to the calling client.

5. Objection and removal option

The collection of data to provide the website and storing data in log files is absolutely necessary to operate the website. The user therefore cannot object to this.

 

V. Embedded third party services

1. Description and scope of data processing

It may happen that contents or services of third-party providers, such as open-source scripts or fonts, are accessed and / or integrated within our online offer. This always assumes that the third-party providers perceive the IP address of the users, since they could not send the content to the user’s browser without the IP address. The IP address is therefore required for the presentation of this content.

The third party providers can use the processed data on their own responsibility. The privacy regulations of the respective providers apply. We try to minimize the use of the services of third parties and to make them as data-saving as possible, but their use can not be completely prevented in a particular case with reasonable effort.

In detail:

  • We use fonts (“Google Fonts”) loaded from google servers operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
  • JAVA script libraries delivered from google CDN (content delivery network), e.g. ajax.googleapis.com. The CDN is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
  • YouTube videos loaded from YouTube servers operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube is a subsidiary of Goole.

2. Legal basis for data processing

The legal basis for processing personal data in in terms of usage of third party services is Article 6(1)(f) GDPR.

3. Purpose of data processing

The purpose of integrating the services of third parties is to provide an attractive website. In the appealing and informative presentation of the content is also our legitimate interest. Art. 6 para. 1 lit. f DSGVO.

These purposes are also the basis for our legitimate interest in processing personal data according to Article 6(1)(f) GDPR.

4. Storage period

For the duration of the storage of data of the providing platform, please refer to their privacy policy. These can be found below:

5. Objection and removal option

Statements of opposition and deletion of the use of personal data by the operators of third-party services are contained in their privacy statements (see under 4.)

 

VI. Cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files installed to the web browser or which the web browser installs on the user’s computer system. When a user visits a website, a cookie may be installed on the user’s operating system. This cookie contains a distinctive character string which allows the browser to be identified when returning to the website.

a) We use (technically necessary) cookies to make our website more user-friendly. Some elements of our website require also being able to identify the calling browser after leaving the page.

The following data is saved to cookies and transmitted:

(1) Language settings
(2) Login information

b) We further reserve the right to use cookies on our website which allow analysing the surfing behaviour of users. This allows us to receive the following data:

(1) Search terms used
(2) How often pages are viewed
(3) Use of website functions

Technical measures are taken to pseudonymise the user data collected in the process. The data therefore can no longer be matched with the calling user. The data will not be stored together with the user’s other personal data.
When visiting our website, an info banner alerts the user to the use of cookies for analysis purposes, referencing this privacy policy. In the process the user will also be informed about browser settings to block cookies.

2. Legal basis for data processing

The legal basis for processing personal data using cookies is Article 6(1)(f) GDPR.

3. Purpose of data processing

a) Technically necessary cookies are used to make websites more user-friendly. Some functions on our website can not be offered without cookies. These also require recognising the user after switching pages.

We require cookies for the following:

(1) Applying language settings
(2) Login information
(3) Temporary storage of search terms

b) Any analysis cookies are used for the purpose of improving the quality of our website and the contents. The analysis cookies provide us with information about how the website is used, allowing us to continuously optimise and expand our offerings.

The user data collected by cookies are not used to create user profiles.

These purposes are also the basis for our legitimate interest in processing personal data according to Article 6(1)(f) GDPR.

4. Storage period, objection and removal option

Cookies are installed on the user’s computer and then transmitted to our page. As the user you are therefore also in full control of the use of cookies. You can change the settings of your web browser to block or restrict the use of cookies. Previously installed cookies can be deleted at any time. This can also be done automatically. When blocking cookies for our website you may no longer be able to make full use of all functions of the website.

 

VII. Use of Google Analytics

1. Description and scope of data processing

Our website and newsletters use simple analysis mechanisms. In the process data is anonymised and only used for statistical purposes.

The for the controller has installed the component Google Analytics (with anonymisation function) on this website. Google Analytics is a web analysis service. Web analysis is the collection, compilation and analysis of data and behaviour of visitors to websites. Among other things, web analysis service collects data about the website which redirected the data subject to a website (so-called referrer), the subpages of the website viewed and how often a subpage was viewed and for how long. A web analysis is primarily used to optimise a website and for internet advertising cost-benefit analysis purposes.

We use the “_gat._anonymizeIp” function for web analysis through Google Analytics. This function anonymises the IP address of the data subject’s internet connection when accessing our website from a member state of the European Union or from other signatories to the Treaty on the European Economic Area.

The operating company of the Google Analytics component is Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Google Analytics installs a cookie on the IT system of the data subject. Cookies were explained above. Installing the cookie allows Google to analyse the use of our internet offers. When visiting a specific page operated by us with a Google Analytics component installed, the respective Google Analytics component automatically causes the web browser on the data subjec’s IT system to transmit data to Google for the purpose of online analysis. During this technical process, Google receives personal data such as the IP address of the data subject, which among other things allows Google to determine the origin of the visitor and track clicks and subsequently calculate payments.

The cookies collect personal information such as the access time, location where the access originated, and how often the data subject visits our website. When visiting our website this personal data including IP address of the data subject’s internet connection are transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share this personal data collected using this technical process with third parties.

2. Legal basis for data processing

The Legal basis for processing personal data is Article 6(1)(f) GDPR.

3. Purpose of data processing

The purpose of the Google Analytics component is to analyse the number of visitors to our website. Among other things, Google uses the data and information collected to analyse the use of our website, to generate online reports about activities on our website, and to provide other services related to the use of our website.

These purposes are also the basis for our legitimate interest in processing personal data according to Article 6(1)(f) GDPR.

4. Storage period

The data will be erased when it is no longer necessary for the purposes for which it was collected.

5. Objection and removal option

The data subject can prevent our website from installing cookies as described above at any time by configuring the respective settings of the web browser being used, thus permanently objecting to cookies. This configuration of the web browser being used would also prevent Google installing a cookie on the data subject’s IT system. A cookie previously installed by Google Analytics can at any time be erased via the web browser or other software.

The data subject further has the option to object to and prevent Google Analytics collecting and processing data related to the use of this website. To do so, the data subject must download and install a browser add-on available at https://tools.google.com/dlpage/gaoptout. This browser add-on uses JavaScript to inform Google Analytics that data and information about visits to websites must not be transmitted to Google Analytics. Google considers the installation of the browser add-on as an objection. If the data subject’s IT system is later erased, formatted or reinstalled, the data subject must reinstall the browser add-on to disable Google Analytics. If the browser add-on is uninstalled or disabled by the data subject or another person under his authority, the browser add-on can be reinstalled or activated again.

For more information and the applicable Google privacy policy please visit https://policies.google.com/privacy?hl=en&gl=uk and https://www.google.com/analytics/terms/gb.html. For a detailed description of Google Analytics please visit https://www.google.com/analytics/.

To prevent Google Analytics from collecting your data please click the link below. This will install an opt-out cookie, preventing future collection of your data when you visit this website. Disable Google Analytics.

You can further use suitable browser plug-ins to block Google Analytics on our website. When using these types of tools you may no longer be able to make full use of the pages as expected.

You, the user, are therefore in full control of Google Analytics being used on our website.

 

VIII. Use of YouTube (embedded videos)

1. Description and scope of data processing

Some of our pages have videos embedded. These are videos we wish to make available to the general public and the controller has therefore integrated YouTube components.

YouTube is an internet video portal which allows video publishers to upload video clips free of charge and allows other uses to also view, rate and comment on these free of charge. YouTube allows any type of videos to be published, therefore entire film and television shows as well as music videos, trailers, or videos made by users are available on the internet portal.

The operating company for YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

When opening one of the individual pages of this website operated by the controller with a YouTube component (YouTube video) embedded, the respective YouTube component automatically prompts the web browser on the data subject’s IT system to download a playback of the respective YouTube component from YouTube. For more information about YouTube please visit https://www.youtube.com/yt/about/. During this technical process YouTube and Google receive information about the specific subpage on our website the data subject visited.

If the data subject is also logged into YouTube, when opening a subpage with a YouTube video, YouTube receive information about which specific subpage on our website the data subject is visiting. This information is collected by YouTube and Google and assigned to the data subject’s respective YouTube account.

YouTube and Google Information always receive information from the YouTube component that the data subject visited our website if the data subject is also logged into YouTube when visiting our website; this occurs irrespective of whether the data subject clicks on a YouTube video.

The privacy policy published by YouTube at https://policies.google.com/privacy?gl=uk provide information about the collection, processing and use of personal data by YouTube and Google.

Our goal is to minimise personal data but in part rely on the requirements of the delivering platform.

2. Legal basis for data processing

Legal basis for processing is Article 6(1)(f) GDPR.

3. Purpose of data processing

The purpose is solely to provide the videos. This is therefore also our legitimate interest pursuant to Article 6(1)(f) GDPR.

4. Storage period

The data will be erased when it is no longer necessary for the purposes for which it was collected.

For information about how long the provider platform stores data, please refer to their privacy policy (https://policies.google.com/privacy?gl=uk).

5. Objection and removal option

If the data subject does not wish data for the information specified under VIII 1. to be transmitted to YouTube and Google, transmission thereof can be prevented by logging out of the YouTube account before visiting our website.

Some of our webpages include a notice referencing this privacy policy and data usage which you must first accept to play the video.

We further minimise cookies used by YouTube on some of our pages as best possible.

 

IX. Blog with comment function

1. Description and scope of data processing

Parts of our website offer Blog functions which allow commenting on blog entries both anonymously and after signing in.

A blog is a portal, typically public, on a website where one or several persons called bloggers or web bloggers, can post articles or thoughts in so-called blog posts. Third parties can typically comment on the blog posts.

When a data subject comments in the blog published on this website the following data will be collected:

(1) chosen user name (pseudonym)
(2) title
(3) first name
(4) last name
(5) e-mail address
(6) comments added
(7) time the comment was added
(8) registering for the blog news feed

The information in this list contain both required and optional information. The required information is marked as such

During the registration process, registered users will be prompted to agree to data being processed, referencing this privacy policy.

The following data of registered users will also be collected when commenting:

(1) IP address of the calling computer
(2) Time visited

During registration you will be prompted to agree to data being processed, referencing this privacy policy.

2. Legal basis for data processing

The legal basis for processing data after the user logs into the blog with the user’s consent is Article 6(1)(a) GDPR, otherwise Article 6(1)(f) GDPR.

3. Purpose of data processing

The data will only be used to operate the blog.

The IP address is stored for safety reasons and in the event the data subject violates the rights of others in a comment or posts illegal content. This personal data is therefore stored in the interest of the controller to be able to potentially exculpate himself in the event of an infringement. The personal data collected will not be shared with third parties unless required by law or for the legal defense of the controller.

These purposes are also the basis for our legitimate interest in processing personal data according to Article 6(1)(f) GDPR.

4. Storage period

The data will be erased when it is no longer necessary for the purposes for which it was collected. The user’s registration information will therefore be stored so long as the user is actively contributing to the blog.

Other data collected during registration are typically erased after seven days.

5. Objection and removal option

The data subject may cancel contributing to the blog at any time.

The blog unsubscribed at any time; the respective link is included in every blog feed.

Unregistering/deleting the blog account does NOT automatically delete the posts to be able to continue to provide the context of a discussion.

To have your content erased, please contact the person specified under II.

If your account is still active, you may further delete your posts at any time.

Cancellation also allows you to withdraw your consent to personal data collected during registration being stored.

 

X. Newsletter

1. Description and scope of data processing

Our website offers a free newsletter which can be subscribed. When subscribing the newsletter, the data from the input mask will be transmitted to us:

(1) Salutation
(2) title
(3) first name
(4) last name
(5) E-mail
(6) Company name
(7) Telephone
(8) Industry
(9) Number of employees

The information in this list contain both required and optional information. The required information is marked as such.

Furthermore, the following data will be collected when subscribing:

(1) IP address of the calling computer
(2) Registration date and time

When subscribing we will obtain your consent to data processing, referencing this privacy policy.

The data will not be shared with third parties within the context of data processing for the purpose of sending newsletters. The data will only be used to send the newsletter.

2. Legal basis for data processing

The legal basis for processing data after the user subscribes to the newsletter with the user’s consent is Article 6(1)(a) GDPR.

3. Purpose of data processing

The user’s e-mail address is collected for the purpose of sending the newsletter.

Any other personal data collected during the subscription process is used to prevent misuse of services or the e-mail address provided.

4. Storage period

The data will be erased when it is no longer necessary for the purposes for which it was collected. The user’s e-mail address will therefore be stored so long as the newsletter subscription is active.

Other data collected during registration are typically erased after seven days.

5. Objection and removal option

The respective user may unsubscribe the newsletter at any time. Each newsletter contains the respective link for this purpose.

This also allows withdrawing consent granted during the subscribe process to have the collected personal data stored.

 

XI. Use of newsletter tracking

1. Description and scope of data processing

Our HTML newsletters may contain Google Analytics components. The statements under VII apply.

Our newsletter may further contain so-called counter pixels. A counter pixel is a mini graphic embedded in e-mails sent in HTML format to allow log file recording and log file analysis. This allows the statistical analysis of the reach of our newsletters. Using the embedded counter pixels, we are able to determine if and when a data subject opened an e-mail and which links in the e-mail the data subject clicked.

This personal data is not shared with third parties.

2. Legal basis for data processing

Legal basis for processing the data is Article 6(1)(f) GDPR.

3. Purpose of data processing

The personal data collected via counter pixels in the newsletters are stored and analysed by the controller to optimise sending of newsletters and better tailor the contents of future newsletters to the interests of the data subject.

The data is only used for statistical analysis of the reach of our newsletters. The analysis information helps us to better assess the reach of our newsletters. We further receive information about the relevance of the topics covered. These help us ensure our services remain attractive and informative

These purposes also constitute our legitimate interest in data processing under Article 6(1)(f) GDPR.

4. Storage period

The data will be erased when it is no longer necessary for the purposes for which it was collected.

5. Objection and removal option

Data subjects may at any time to withdraw their specific consent in this respect granted through the double opt-in process. After withdrawing consent this personal data will be erased.

We automatically consider unsubscribing as withdrawing your consent.

 

XII. Registration

1. Description and scope of data processing

On our website users have the option to register for our various offers using personal data. When doing so, data is entered in an input mask and transmitted to us and then stored. The data will only be shared with third parties where required for performance, e.g. for an event. Apart from this, it will not be shared with third parties.

The following data is collected during registration:

(1) Salutation
(2) title
(3) Name
(4) first name
(5) City
(6) Date of birth
(7) Company name
(8) Telephone
(9) E-mail
(10) Position
(11) Department
(12) Attendance of evening event
(13) Number of employees
(14) Industry
(15) Name and first name of the participant inviting

The information in this list contain both required and optional information. The required information is marked as such can may vary between our various offers.

The following data will also be stored when registering:

(1) The user’s IP address
(2) Registration date and time

During registration we will obtain the consent of the user and, where applicable, the escort for this data being processed. If data must be shared with third parties to hold the event, the user will also be notified.

2. Legal basis for data processing

The legal basis for processing data with the user’s consent is Article 6(1)(a) GDPR.

If registration is required for performance of a contract where the contracting party is the user or during pre-contractual measures, the legal basis for processing data is Article 6(1)(b) GDPR.

3. Purpose of data processing

Registration is required for planning, preparation, holding and for follow-up of offers requiring registration.

Your data will be used to e.g. organise events, including but not limited to:

(1) printing some of the data (name, institution, e-mail address) of participants in the agenda
(2) sharing some of the data (name, institution) to moderators of e.g. workshops
(3) your contact information (name, postal address, e-mail address) for sending event materials (e.g. agenda)
(4) we may share your data with cooperating institutions where required to provide the service. In these cases we will notify you of data sharing before submitting the registration form.
(5) Permanent storage in the CRM for future contact.

4. Storage period

The data will be erased when it is no longer necessary for the purposes for which it was collected:

(1) If a contract is not concluded this applies to the data collected during registration when the registration on our website is cancelled or changed
(2) If a contract is concluded this applies to the data collected during registration for performance of contract or for pre-contractual measures when the data is no longer necessary for performance of contract. However, storing personal data of the contracting party may also need to be stored following conclusion of contract to comply with contractual or legal obligations.

5. Objection and removal option

All users may at any time to cancel their registration. You may have your stored data changed at any time.

If the data is required for performance of contract or for pre-contractual measures, data may be erased prematurely unless required for compliance with contractual or legal obligations.

 

XIII. Application

1. Description and scope of data processing

When submitting an application using our application form, we will store the following data

(1) Salutation
(2) title
(3) first name
(4) last name
(5) Street address
(6) Postal code, city, country
(7) Telephone
(8) E-mail
(9) Selected vacancy
(10) How you found the vacancy
(11) Your cover letter
(12) Attachments
(13) Your notes

The following data will be logged/collected separately:

(1) IP address of the calling computer
(2) Time visited

During the send process we will obtain your consent to the data being processed, referencing this privacy policy.

2. Legal basis for data processing

If the data processing is used for pre-contractual measures where the contracting party is the user, the legal basis is Article 6(1)(b) GDPR.

It will further be processed pursuant to Article 6(1)(f) GDPR. The legitimate interest in this context, for example, is the burden of proof for proceedings under the General Act on Equal Treatment (AGG).

Data is saved to log files to ensure proper functionality of the website. The data further allows us to optimise the website and to safeguard the security of our information technology systems. For this purpose our further legitimate interest in data processing of log data is Article 6(1)(f) GDPR.

3. Purpose of data processing

We collect and process the personal data of applicants for application process purposes. Data may also be processed electronically. This particularly applies if an applicant submits the respective application documents to us electronically, for example by e-mail or using the web form on the website.

4. Storage period

If the data processing controller enters into an employment contract with an applicant, the transmitted data will be saved for the employment purposes in compliance with statutory provisions.

In the case of data saved to log files, this is at the latest after seven days. It may be stored longer. In this case the users’ IP addresses is erased or disguised so it can no longer be matched to the calling client.

5. Objection and removal option

If the controller does not enter into an employment contract with the applicant, the application documents will automatically be erased two months after communicating the rejection unless required for other legitimate interests of the controller.

The collection of data to provide the website and storing data in log files is absolutely necessary to operate the website. The user therefore cannot object to this.

 

XIV. Contact form and e-mail contact

1. Description and scope of data processing

Our website features a contact form which may be used to contact us electronically. When using this form, the data entered by the user in the input mask will be transmitted to us and stored. This data is:

(1) Salutation
(2) title
(3) first name
(4) last name
(5) Street address
(6) Postal code, city, country
(7) Company name
(8) Telephone
(9) E-mail
(10) Industry
(11) Number of employees
(12) Your enquiry
(13) What is the subject of your enquiry?
(14) Vacancy
(15) Attachments

The information in this list contain both required and optional information. The required information is marked as such can may vary between our various offers.

When sending the message the following data will also be stored:

(1) The user’s IP address
(2) Registration date and time

During the send process we will obtain your consent to the data being processed, referencing this privacy policy.

We can further be contacted using the specified e-mail address. In this case the user’s personal data transmitted in the e-mail will be saved.

In this context the data will not be disclosed to third parties. The data will only be used for the conversation.

2. Legal basis for data processing

The legal basis for processing data with the user’s consent is Article 6(1)(a) GDPR.

The legal basis for processing the data transmitted when sending an e-mail is Article 6(1)(f) GDPR. If the e-mail is aimed at entering into a contract, the additional legal basis for processing is Article 6(1)(b) GDPR.

3. Purpose of data processing

The sole purpose of processing personal data from the input mask is to process the enquiry related to the contact. Contacting us via e-mail also constitutes our necessary legitimate interest in processing data.

Other personal data transmitted during the send process will be processed for the purpose of prevent misuse of the contact form and to safeguard our information technology systems.

4. Storage period

The data will be erased when it is no longer necessary for the respective purpose for which it was collected. For personal data from the input mask of the contact form and data transmitted via e-mail this is when the respective conversation with the user has been completed. The conversation is completed when circumstances indicate the respective matter has been conclusively resolved.

The personal data collected during the send process is erased at the latest after seven days.

5. Objection and removal option

The user may at any time withdraw his consent to personal data being processed. If the user contacts us via e-mail, he may at any time object to his personal data being stored. In this case the conversation cannot be continued.

The user may submit his objection using the contact data specified under II.

In this case all personal data stored in the context of the contact will be erased.

 

XV. Rights of the data subject

If your personal data is processed, you are the data subject as defined by the GDPR and are entitled to the following rights in your relations with the controller:

1. Right to access

You may request the controller to confirm whether your personal data is processed by us.

In this case you may request information from the controller about:

(1) the purpose for which the personal data is processed;
(2) the categories of personal data being processed;
(3) the recipient resp. the categories of recipients to whom the respective personal data was or will be disclosed;
(4) the intended period for which your personal data will be stored or, if specific information is not available, criteria for determining the storage period;
(5) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) where the personal data are not collected from the data subject, any available information as to their source;
(8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to information whether your personal data are transferred to a third country or to an international organisation. In this context you may request to be informed of appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

2. Right to rectification

You have the right to obtain from the controller the rectification of inaccurate or incomplete personal data concerning you. The controller must carry out the rectification without undue delay.

3. Right to restriction of processing

Under the following circumstances you have the right to obtain from the controller restriction of processing:

(1) if you contest the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims, or
(4) you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If restriction of processing was obtained processing pursuant to the above requirements, you will be informed by the controller before the restriction of processing is lifted.

4. Right to erasure

a) Obligation to erase

You have the right to obtain from the controller the erasure of your personal data without undue delay and the controller shall have the obligation to erase this data without undue delay where one of the following grounds applies:

(1) Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2) You withdraw consent on which the processing is based according to Article 6(1)(1) or Article 9(2)(a), and where there is no other legal ground for the processing.
(3) You object to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
(4) Your personal data have been unlawfully processed.
(5) Your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6) Your personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

b) Disclosure to third parties

Where the controller has made the personal data public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data

c) Exceptions

The right to erasure shall not apply to the extent that processing is necessary

(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) GDPR as well as Article 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.

5. Right to notification

If you have exercised your right to rectification, erasure or restriction of processing with the controller, the controller is obliged to notify each recipient to whom your personal data have been disclosed of the rectification, erasure or restriction of processing, unless this proves impossible or involves disproportionate effort.

You are entitled to request the controller to inform you about those recipients.

6. Right to data portability

You have the right to receive your personal data which you provided the controller, in a structured, commonly used and machine-readable format. You have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

(1) the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b) and
(2) the processing is carried out by automated means.

In exercising this right, you further have the right to have your personal data transmitted directly from one controller to another, where technically feasible. This right shall not adversely affect the rights and freedoms of others.

This right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Article 6(1) (e) or (f) GDPR, including profiling based on those provisions.

The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

When objecting to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. Right to withdraw consent

You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

(1) is necessary for entering into, or performance of, a contract between you and a controller,
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
(3) is based on your explicit consent.

These decisions shall not be based on special categories of personal data referred to in Article 9(1) GDPR, unless Article 9(2)(a) or (g) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in points (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.