data protection
Part 1 Data protection information dataglobal Group
dataglobal Group GmbH is a group of companies consisting of the following companies:
- dataglobal Bochum GmbH, Bochum
- dataglobal Heilbronn GmbH, Heilbronn
- dataglobal München GmbH & Co. KG, Grünwald
- eleven cyber security GmbH, Berlin
1. Office responsible for data processing and contact data
Office responsible for data processing and contact data
dataglobal Group GmbH
Im Zukunftspark 10
74076 Heilbronn
+49 (0)7131 1226 500
datenschutz@dataglobal.com
dataglobal Bochum GmbH
Wasserstraße 219
44799 Bochum
+49 (0) 234 9734 0
info@windream.com
dataglobal Heilbronn GmbH
Im Zukunftspark 10
74076 Heilbronn
+49 (0)7131 1226 500
info@dataglobal.com
dataglobal München GmbH & Co. KG
Bavariafilmplatz 7
D-82031 Grünwald
+49 (0) 89. 700 744 070
info@vysoft.eu
eleven cyber security GmbH
Friedrichstrasse 171
10117 Berlin
+49 (0)30 520056 0
info@eleven.de
Contact details of our data protection officer:
If you have any questions about data protection, the processing of your data and your rights, please contact:
data protection officer of dataglobal Group GmbH
HEC Harald Eul Consulting GmbH
Datenschutz + Datensicherheit
Auf der Höhe 34
50321 Brühl
E-Mail: datenschutz@dataglobal.com
Contact details of our information security officer:
E-Mail: isb@dataglobal.com
2. Purposes and legal foundations upon which we process your data
We process personal data in accordance with the stipulations of the General Data-Protection Regulation (GDPR), the German Federal Data-Protection Act (Bundesdatenschutzgesetz – BDSG) and other applicable data-protection provisions (details are provided in the following). The details of which data are processed and how they are used depends largely on the services requested or agreed in each case. Further details or additions for the purposes of data processing can be found in the respective contract documents, forms, a declaration of consent and/or other information provided to you (e. g. in the context of the use of our website or our terms and conditions). In addition, this data protection information may be updated from time to time, as you may find out from our website www.dataglobalgroup.com.
2.1 Purposes pursuant to fulfilment of an agreement or pre-contractual measures (Art. 6, section 1 b of the GDPR)
The processing of personal data is carried out in order to carry out our contracts with you and the execution of your orders as well as to carry out measures and activities within the framework of pre-contractual relations, e. g. with interested parties. In particular, the processing thus serves to provide services according to your orders and wishes and include the necessary services, measures and activities. TThis essentially includes contract-related communication with you, Credit checks, the verifiability of transactions, orders and other agreements as well as quality control by means of appropriate documentation, goodwill procedures, measures to control and optimize business processes as well as the fulfilment of general duties of care, control and supervision by affiliated companies (e. g. Parent company); statistical evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, accounting and tax assessment of operational services, risk management, assertion of legal claims and defence in the event of legal disputes; ensuring IT security (inter alia system and plausibility tests) and general security, including building and plant security, securing and exercising domestic authority (e. g. by means of access controls); guaranteeing the integrity, authenticity and availability of data, preventing and investigating criminal offences; control by supervisory bodies or supervisory authorities (e. g. auditing).
2.2 Purposes within the framework of a legitimate interest on our part or of third parties (Art. 6, section 1 f of the GDPR)
Above and beyond the actual fulfilment of the (pre-) agreement, we process your data whenever this is necessary to protect legitimate interests of our own or of third parties, in particular for the following purposes:
- advertising or market and opinion research, provided you have not objected to the use of your data;
- obtaining information and exchanging data with credit agencies, insofar as this goes beyond our economic risk;
- • the examination and optimization of processes for needs analysis;
- the further development of services and products as well as existing systems and processes;
- • the disclosure of personal data within the framework of due diligence in the course of company sale negotiations;
- for comparison with European and international anti-terror lists, insofar as this goes beyond the legal obligations;
- the enrichment of our data, e. g. by using or researching publicly accessible data;
statistical evaluations or market analysis; - of benchmarking;
- the assertion of legal claims and defence in legal disputes which are not directly attributable to the contractual relationship;
- the restricted processing of data, if a deletion is not possible or only possible with disproportionately high effort due to the special type of storage;
- the development of scoring systems or automated decision-making processes;
- • the prevention and investigation of criminal offences, if not exclusively for the fulfilment of legal requirements;
- the anonymization of personal data;
- building and plant security (e. g. by means of access control and video surveillance), insofar as this goes beyond the general duties of care;
- internal and external investigations, safety reviews;
- internal fraud prevention in connection with the performance of a contract as well as pre-contractual measures, insofar as not exclusively for the fulfilment of legal requirements
- any monitoring or recording of telephone conversations for quality control and training purposes;
- Preservation and maintenance of certifications of a private-law or official government nature;
- the seizure and exercise of domestic authority by means of appropriate measures as well as video surveillance for the protection of our customers and employees as well as for securing evidence in the event of criminal offences and their prevention.
2.3 Purposes within the framework of your consent (Art. 6, section 1 a of the GDPR)
Your personal data can also be processed for certain purposes (e.g. use of company communication systems for private purposes; photographs/videos of you for publication in the Intranet/Internet) including as a result of your consent. As a rule, you can revoke this consent at any time. This also applies to the revoking of declarations of consent that were issued to us before the GDPR went into effect, i.e. prior to 25 May 2018. You shall be separately informed about the consequences of revocation or refusal to provide consent in the respective text of the consent.
Generally speaking, revocation of consent only applies to the future. Processing that takes place prior to consent being issued is not affected by such and remains lawful.
2.4 Purposes relating to adherence to statutory requirements (Art. 6, section 1 c of the GDPR) or in the public interest (Art. 6, section 1 e of the GDPR)
Like everyone involved in business, we are also subject to a large number of legal obligations. These are primarily statutory requirements (e.g. commercial and tax laws), but also if applicable supervisory law or other requirements set out by government authorities. The purposes of processing may also include identity and age checks, prevention of fraud and money laundering (e.g. comparisons with European and international anti-terror lists), compliance with control and notification obligations under tax law as well as the archiving of data for the purposes of data protection and data security as well as for purposes of audits by tax advisors/auditors, fiscal and other government authorities. In addition, it may be necessary to disclose personal data within the framework of official government/court measures for the purposes of collecting evidence, law enforcement and criminal prosecution or the satisfaction of civil law claims.s.
3. The categories of data that we process as long as we do not receive data directly from you, and its origin
If necessary for the contractual relationship with you and the activities performed by you, we may process data which we lawfully receive from other offices or other third parties (e.g. quality assessment or complaints by customers/suppliers/consumers). In addition, we process personal data that we have lawfully collected, received or acquired from publicly accessible sources (such as, for example, commercial registers and association registers, civil registers, the press, Internet and other media) if such is necessary and we are allowed to process this data in accordance with statutory provisions.
Relevant personal data categories may in particular be:
- personal data (name, date of birth, place of birth, nationality, marital status, occupation/trade and comparable data)
- contact data (address, e-mail address, telephone number and similar data)
- Address data (population register data and comparable data)
Customer history - data about your use of the tele media offered by us (e. g. time of access to our websites, apps or newsletter, clicked pages/links of us or entries and comparable data)
- Video data
4. Recipients or categories of recipients of your data
At our company, your data is received by those internal offices or organisational units that need such to fulfil our contractual and statutory obligations or that require such data within the framework of processing and implementing our legitimate interests. Your data will only be passed on to external bodies
- in connection with the execution of the contract;
- for purposes where we are obligated or entitled to give information, notification or forward data (e.g. employer’s liability insurance association, health insurance schemes, fiscal authorities) in order to meet statutory requirements or where the forwarding of data is in the public interest (see number 2.4);
- to the extent that external service-provider companies commissioned by us process data as contract processors or parties that assume certain functions (e.g. external data centres, support and maintenance of IT applications, archiving,
- document processing, call centre services, compliance services, controlling, data screening for anti-money laundering purposes, data validation and data protection. plausibility check, data destruction, purchasing/procurement, customer administration, letter shops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, credit institutions, printing plants or companies for data disposal, courier services, logistics);
- as a result of our legitimate interest or the legitimate interest of the third party within the framework of the purposes cited under number 2.2 (e.g. to government authorities, credit agencies, collection agencies, attorneys, courts of law, appraisers, companies belonging to company groups and bodies and control instances);
- if you have given us consent to transmit data to third parties.
We will not pass on your data to third parties beyond this. If we commission service providers within the framework of processing an order, your data will be subject there to the security standards stipulated by us in order to adequately protect your data. In other cases, the recipients may only use the data for the purposes for which it was transmitted to them.
5. Length of time your data is stored
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.
Above and beyond this, we are subject to various retention and documentation obligations that emanate inter alia from the German Commercial Code (HGB) and the German Tax Code (AO). The periods and deadlines for retention and/or documentation stipulated therein are up to ten years beyond the end of the contractual relationship or the pre-contractual legal relationship.
Furthermore, special statutory provisions may require longer retention such as for example the preservation of evidence in connection with statutory time-barring provisions (statute of limitations). Under §§ 195 ff. of the German Civil Code (BGB), the regular time-barred period is three years, but time-barred periods of up to 30 years may also be applicable.
If the data is no longer required to meet contractual or statutory obligations and rights, it is regularly deleted unless its further processing – for a limited period – is necessary to fulfil the purposes listed under number 2.2 due to an overriding legitimate interest. Such an overriding legitimate interest is deemed to be the case, for example, if it is not possible to delete the data as a result of the special type of storage or such is only possible at an unreasonably great expense and processing for other purposes is excluded by appropriate technical and organisational measures.
6. Processing of your data in a third country or through an international organisation
Data is transmitted to offices in countries outside the European Economic Area EU/EEA (so-called third states) whenever such is necessary to meet a contractual obligation towards you (e.g. if you are despatched to another country), such is required by law (e.g. notification obligations under tax law), such is in the legitimate interest of us or a third party or you have issued us your consent to such.
The processing of your data in a third country may also take place in connection with the involvement of service providers as part of order processing. If no decision has been issued by the EU Commission regarding the insurance of an adequate level of data protection for the respective country or for one or more specific sectors within a third country, appropriate contracts (such as EU standard contracts) and additional measures may be used as a basis for the transfer. Information on the appropriate or reasonable safeguards and the possibility of obtaining a copy from you can be obtained on request from the company data protection officer.
7 Your data protection rights
If certain conditions are met, you can assert your data-protection rights against us
- Thus, you have the right to receive information from us on the data stored on you in accordance with the rules of Art. 15 of the GDPR (if applicable with restrictions in accordance with § 34 of the German Federal Data-Protection Act (BDSG))
- If you so request, we shall correct data stored on you in accordance with Art. 16 of the GDPR if such data is incorrect or flawed.
- If you so desire, we shall delete your data in accordance with the principles of Art. 17 of the GDPR if such is not prevented by other statutory provisions (e.g. statutory retention obligations or the restrictions laid down in § 35 of the German Federal Data-Protection Act (BDSG)) or an overriding interest on our part (for example, to defend our rights and claims)
- Taking into account the preconditions laid down in Art. 18 of the GDPR, you can demand that we restrict the processing of your data.
- Furthermore, you can file an objection to the processing of your data in accordance with Art. 21 of the GDPR, as a result of which we have to stop processing your data. This right of objection only applies, however, if very special circumstances characterise your personal situation, whereby the rights of our company may run counter to your right of objection.
- You also have the right to receive your data in accordance with the arrangements laid down in Art. 20 of the GDPR in a structured, commonplace and machine-readable format or transmit such data to a third party.
- You furthermore have the right to revoke consent that has been issued to us to process personal data at any time effective into the future (see number 2.3).
- • You are in addition entitled to file a complaint with a data-protection supervisory authority (Art. 77 of the GDPR). We recommend, however, to first always send a complaint to our data-protection officer.
- Whenever possible, your applications for the exercise of your rights should be sent in writing to the address stated above or addressed directly to our data-protection officer.
8. Scope of your obligations to provide us your data
You only need to provide data that is necessary for the commencement and performance of the business relationship or for a pre-contractual relationship with us or the collection of which we are required by law. Without this data, we are generally not able to conclude the agreement or continue to perform such. This may also relate to data that is required later within the framework of the contractual relationship. If we request data from you above and beyond this, you shall be informed about the voluntary nature of the information separately.
Information on your right of objection under Art. 21 of the GDPR
1. You have the right to file an objection at any time against processing of your data which is performed on the basis of Art. 6, section 1 f of the GDPR (data-processing on the basis of a weighing out of interests) or Art. 6, section 1 e of the GDPR (data-processing in the public interest). The precondition for this, however, is that there are grounds for your objection emanating from your special personal situation. This also applies to profiling that is based on this purpose in the meaning of Art. 4, no. 4 of the GDPR.
If you file an objection, we shall no longer process your personal data unless we can demonstrate compelling reasons warranting protection for the processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
2. We will also use your personal data in order to perform direct advertising. If you do not want to receive any advertising, you have the right to file an objection to such at any time. This also applies to the profiling to the extent that it is connected with such direct advertising. We shall respect this objection with effect into the future.
We shall no longer process your data for the purpose of direct advertising if you object to processing for this purpose.
The objection can be filed without adhering to any form requirements and should if possible be sent to
dataglobal Group GmbH
Im Zukunftspark 10
74076 Heilbronn
marketing@dataglobal.com
Part 2 Supplementary data protection information on the use of website and online services
As a matter of principle, we collect and use personal data of our users only to the extent necessary to provide a functional website as well as our content and services. The collection and use of personal data of our users takes place regularly only with the consent of the user. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
General information
The following information will provide you with an easy to navigate overview of what will happen with your personal data when you visit this website. The term “personal data” comprises all data that can be used to personally identify you. For detailed information on general data protection, please refer to Part 1 above.
Data recording on this website
How do we record your data?
We collect your data as a result of your sharing of your data with us. This may, for instance be information you enter into our contact form. Other data shall be recorded by our IT systems automatically or after you consent to its recording during your website visit. This data comprises primarily technical information (e.g., web browser, operating system, or time the site was accessed). This information is recorded automatically when you access this website.
What are the purposes we use your data for?
A portion of the information is generated to guarantee the error free provision of the website. Other data may be used to analyze your user patterns.
Please do not hesitate to contact us at any time if you have questions about this or any other data protection related issues.
Analysis tools and tools from third-party providers
There is a possibility that your browsing patterns will be statistically analyzed when your visit this website. Such analyses are performed primarily with what we refer to as analysis programs.
For detailed information about these analysis programs please consult our Data Protection Declaration below.
General information on the legal basis for data processing on this website
If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR and Art. 9 para. 2 lit. a GDPR, insofar as special categories of data pursuant to Art. 9 para. 1 GDPR are processed. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information in your end device (e.g. via device fingerprinting), the data processing is also carried out on the basis of § 25 para. 1 TDDDG. Consent can be revoked at any time. If your data is required to fulfill the contract or to carry out pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if this is necessary to fulfill a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR. Data processing may also be based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR must take place. Information on the relevant legal bases in each individual case is provided in the following paragraphs of this privacy policy.
Recording of data on this website
Cookies
Our websites and pages use what the industry refers to as “cookies.” Cookies are small data packages that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently archived on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain archived on your device until you actively delete them, or they are automatically eradicated by your web browser.
Cookies can be issued by us (first-party cookies) or by third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services of third-party companies into websites (e.g., cookies for handling payment services).
Cookies have a variety of functions. Many cookies are technically essential since certain website functions would not work in the absence of these cookies (e.g., the shopping cart function or the display of videos). Other cookies may be used to analyze user behavior or for promotional purposes.
Cookies, which are required for the performance of electronic communication transactions, for the provision of certain functions you want to use (e.g., for the shopping cart function) or those that are necessary for the optimization (required cookies) of the website (e.g., cookies that provide measurable insights into the web audience), shall be stored on the basis of Art. 6(1)(f) GDPR, unless a different legal basis is cited. The operator of the website has a legitimate interest in the storage of required cookies to ensure the technically error-free and optimized provision of the operator’s services. If your consent to the storage of the cookies and similar recognition technologies has been requested, the processing occurs exclusively on the basis of the consent obtained (Art. 6(1)(a) GDPR and § 25 (1) TDDDG); this consent may be revoked at any time.
You have the option to set up your browser in such a manner that you will be notified any time cookies are placed and to permit the acceptance of cookies only in specific cases. You may also exclude the acceptance of cookies in certain cases or in general or activate the delete-function for the automatic eradication of cookies when the browser closes. If cookies are deactivated, the functions of this website may be limited.
Which cookies and services are used on this website can be found in this privacy policy.
2. use of third-party tools
In order to offer you an optimal website, we use third-party providers.
We use the following services, which may also process personal data:
2.1 Google
All Google services mentioned here are operated by the Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
2.1.1 Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.
The use of Google Tag Manager is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every DPF-certified company undertakes to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
For more information about Tag Manager, see: https://marketingplatform.google.com/intl/en/about/analytics/tag-manager/use-policy/
2.1.2 Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior patterns of website visitors. To that end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, the utilized operating system and the user’s origin. This data is assigned to the respective end device of the user. An assignment to a user-ID does not take place.
Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Google Analytics uses various modeling approaches to augment the collected data sets and uses machine learning technologies in data analysis.
Google Analytics uses technologies that make the recognition of the user for the purpose of analyzing the user behavior patterns (e.g., cookies or device fingerprinting). The website use information recorded by Google is, as a rule transferred to a Google server in the United States, where it is stored.
The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every DPF-certified company undertakes to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
On our website, the Google Analytics service is used exclusively pseudonymously. The collected IP addresses are recorded in abbreviated form and thus anonymized.
Google Analytics collects the following data:
- IP address (anonymized)
- Usage data
- Click path
- Browser information
- Device information
- JavaScript support
- Visited pages
- Referrer URL
- Downloads
- Location information
- Date and time of the visit
The personal data is stored for as long as it is required to fulfill the purpose of processing. The data will be deleted as soon as it is no longer required to achieve the purpose.
Browser plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
For more information about the handling of user data by Google Analytics, please consult Google’s Data Privacy Declaration at:: https://support.google.com/analytics/answer/6004245?hl=en..
Contract data processing
We have executed a contract data processing agreement with Google and are implementing the stringent provisions of the German data protection agencies to the fullest when using Google Analytics.
2.1.3 Google Audiences
Google Ads Remarketing
This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With Google Ads Remarketing, we can assign people who interact with our online offer to specific target groups in order to subsequently show them interest-based advertising in the Google advertising network (remarketing or retargeting).
Moreover, it is possible to link the advertising target groups generated with Google Ads Remarketing to device encompassing functions of Google. This makes it possible to display interest-based customized advertising messages, depending on your prior usage and browsing patterns on a device (e.g., cell phone) in a manner tailored to you as well as on any of your devices (e.g., tablet or PC).
If you have a Google account, you can object to personalized advertising at the following link: www.google.com/settings/ads/onweb/.
The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time.
Further information and the data protection provisions can be found in Google’s privacy policy at: policies.google.com/technologies/ads.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every DPF-certified company undertakes to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
Formation of Target Groups with Customer Reconciliation
For the formation of target groups, we use, among other things, the Google Ads Remarketing customer reconciliation feature. To achieve this, we transfer certain customer data (e.g., email addresses) from our customer lists to Google. If the respective customers are Google users and are logged into their Google accounts, matching advertising messages within the Google network (e.g., YouTube, Gmail or in a search engine) are displayed for them to view.
2.1.4 Google Ads
The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.
The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/..
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every DPF-certified company undertakes to comply with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
You can adjust your Google Ads settings here https://myadcenter.google.com/controls
Google Conversion Tracking
This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
ith the assistance of Google Conversion Tracking, we are in a position to recognize whether the user has completed certain actions. For instance, we can analyze the how frequently which buttons on our website have been clicked and which products are reviewed or purchased with particular frequency. The purpose of this information is to compile conversion statistics. We learn how many users have clicked on our ads and which actions they have completed. We do not receive any information that would allow us to personally identify the users. Google as such uses cookies or comparable recognition technologies for identification purposes.
The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time.
You can find more information about Google conversion tracking in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every DPF-certified company undertakes to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
2.1.5 Google Signals
We use Google Signals. Whenever you visit our website, Google Analytics records, among other things, your location, the progression of your search and YouTube progression as well as demographic data (site visitor data). This data may be used for customized advertising with the assistance of Google Signal. If you have a Google account, your site visitor information will be linked to your Google account by Google Signal and used to send you customized promotional messages. The data is also used to compile anonymized statistics of our users’ online patterns.
2.1.6 YouTube
We use the “YouTube” service to embed videos in the site. The operator of the software required for this is Google Ireland Limited Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
If you click on the video, your IP address will be transmitted to YouTube, which will tell YouTube that you have watched the video. If you are logged in to YouTube, this information will also be assigned to your user account. This can be prevented by logging out of YouTube before viewing the video.
Accordingly, the following data may be collected and processed via YouTube:
- IP address
- Referrer URL
- Device information
- Viewed videos
The legal basis for the processing of the data is your consent in accordance with Art. 6 (1) (a) GDPR. If you do not want YouTube to collect and process the data shown, you can refuse your consent in the cookie banner or revoke it at any time with effect for the future. To do this, please use the button above under point 9.
The personal data is stored for as long as it is required to fulfill the purpose of processing. The data will be deleted as soon as it is no longer required to achieve the purpose.
For more information on how YouTube handles user data, please consult the YouTube Data Privacy Policy under: : https://policies.google.com/privacy?hl=en.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every DPF-certified company undertakes to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
2.1.7 Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to check whether the data input on this website (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For analysis purposes, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.
The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
For more information about Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Use at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every DPF-certified company undertakes to comply with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
2.2. HubSpot
On this website, we use the HubSpot service for various purposes. HubSpot is a software company from the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Telephone: +353 1 5187500.
Hubspot is an integrated software solution that we use to cover various aspects of our online marketing. These include, but are not limited to:
Email marketing, social media publishing & reporting, reporting, contact management (e.g. user segmentation & CRM), landing pages and contact forms.
Our registration service allows visitors to our website to learn more about our company, download content and provide their contact information and other demographic information. This information and the content of our website is stored on the servers of our software partner HubSpot. It can be used by us to contact visitors to our website and to determine which of our company’s services are of interest to them. All information we collect is subject to this privacy policy. We use all information collected exclusively to optimize our marketing measures.
More information about HubSpot’s privacy policy https://legal.hubspot.com/privacy-policy?__hstc=126461458.8a13fc63e68b356a5fd268a54a455a40.1658844012195.1658844012195.1658844012195.1&__hssc=126461458.1.1658844012195&__hsfp=1230389188
More information from HubSpot regarding EU data protection regulations https://legal.hubspot.com/security?__hstc=126461458.8a13fc63e68b356a5fd268a54a455a40.1658844012195.1658844012195.1658844012195.1&__hssc=126461458.1.1658844012195&__hsfp=1230389188
You can find more information about the cookies used by HubSpot here https://knowledge.hubspot.com/privacy-and-consent/what-cookies-does-hubspot-set-in-a-visitor-s-browser?__hstc=126461458.8a13fc63e68b356a5fd268a54a455a40.1658844012195.1658844012195.1658844012195.1&__hssc=126461458.1.1658844012195&__hsfp=1230389188
and here https://knowledge.hubspot.com/privacy-and-consent/hubspot-cookie-security-and-privacy?__hstc=126461458.8a13fc63e68b356a5fd268a54a455a40.1658844012195.1658844012195.1658844012195.1&__hssc=126461458.1.1658844012195&__hsfp=1230389188
As part of the optimization of our marketing measures, the following data may be collected and processed via Hubspot:
– Geographical position
– Browser type
– Navigation information
– Reference URL
– Performance data
– Information about how often the application is used
– Mobile apps data
– Login information for the HubSpot subscription service
– Files that are displayed on site
– Domain names
– Pages viewed
– Aggregated use
– Version of the operating system
– Internet service provider
– IP address
– Device identification
– Duration of the visit
– Where the application was downloaded from
– Operating system
– Events that occur within the application
– Access times
– Clickstream data
– Device model and version
In addition, we also use Hubspot to provide contact forms. Further information on this can be found in section 2.4 of this privacy policy.
The legal basis for the processing of the data is your consent in accordance with Art. 6 para. 1 lit. a GDPR. If you do not want HubSpot to collect and process the data shown, you can refuse your consent in the cookie banner or revoke it at any time with effect for the future. Please use the button above under “Cookies”.
The personal data is stored for as long as it is required to fulfill the purpose of processing. The data will be deleted as soon as it is no longer required to achieve the purpose.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every DPF-certified company undertakes to comply with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TN8pAAG&status=Active
2.3 LinkedIn Insight Tag
This website uses the Insight tag from LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Data processing by LinkedIn Insight Tag
We use the LinkedIn Insight tag to obtain information about visitors to our website. Once a website visitor is registered with LinkedIn, we can analyze the key occupational data (e.g., career level, company size, country, location, industry, job title) of our website visitors to help us better target our site to the relevant audience. We can also use LinkedIn Insight tags to measure whether visitors to our websites make a purchase or perform other actions (conversion measurement). Conversion measurement can also be carried out across devices (e.g. from PC to tablet). LinkedIn Insight Tag also features a retargeting function that allows us to display targeted advertising to visitors to our website outside of the website. According to LinkedIn, no identification of the advertising addressee takes place.
LinkedIn itself also collects log files (URL, referrer URL, IP address, device and browser properties and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is then deleted within 180 days.
The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the personal data collected from website visitors on its servers in the USA and use it for its own advertising purposes. Details can be found in LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.
Legal basis
If consent has been obtained, the above-mentioned service is used exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TDDDG. Consent can be revoked at any time. Unless consent has been obtained, the use of this service is based on Art. 6 para. 1 lit. f GDPR; the website operator has a legitimate interest in effective advertising measures including social media.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: : https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
Objection to the use of LinkedIn Insight Tag
You can object to LinkedIn’s analysis of user behavior and targeted advertising at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
In addition, LinkedIn members can control the use of their personal information for promotional purposes in the account settings. To prevent LinkedIn from linking information collected on our site to your LinkedIn account, you must log out of your LinkedIn account before you visit our site.
2.4 Forms
We use the HubSpot service to provide the following online forms. For this purpose, we forward your data to HubSpot, which processes the data exclusively on our behalf. See HubSpot’s privacy policy.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every DPF-certified company undertakes to comply with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TN8pAAG&status=Active
2.5 Newsletter
If you subscribe to our newsletter, we will save your e-mail address and use it to send you the newsletter. Your e-mail address will not be published or passed on to third parties.
We use HubSpot to provide the newsletter. After successfully submitting your contact details via the forms mentioned in point 2.4 and your express consent that you would like to receive the newsletter, a profile of you will be created in HubSpot. In addition to your contact details, this profile also contains your consent to subscribe to the newsletter.
– Data collected: E-mail address, first name, last name, salutation, job title
– Purpose: Sending the requested newsletter.
– Storage period: The data will only be stored stored only for as long as is necessary to achieve the purpose. For the newsletter, the data will be stored for as long as a newsletter is to be sent and you have not objected to the use of your data.
– Legal basis: Art. 6 I a GDPR – consent
Revocation: You can unsubscribe from our newsletter at any time via a link contained in each issue. We will then delete your e-mail address from our mailing list. Alternatively, you can unsubscribe from the newsletter at any time by sending an e-mail to groupmarketing@dataglobal.com.
3. social media
3.1 Facebook
We have integrated elements of the social network Facebook on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook’s statement the collected data will be transferred to the USA and other third-party countries too.
An overview of the Facebook social media elements is available under the following link: https://developers.facebook.com/docs/plugins/.
If the social media element has been activated, a direct connection between your device and the Facebook server will be established. As a result, Facebook will receive information confirming your visit to this website with your IP address. If you click on the Facebook Like button while you are logged into your Facebook account, you can link content of this website to your Facebook profile. Consequently, Facebook will be able to allocate your visit to this website to your user account. We have to emphasize that we as the provider of the website do not receive any information on the content of the transferred data and its use by Facebook. For more information, please consult the Data Privacy Policy of Facebook at: https://de-de.facebook.com/privacy/explanation.
If your approval (consent) has been obtained the use of the abovementioned service shall occur on the basis of Art. 6 (1)(a) GDPR and § 25 TDDDG (German Telecommunications Act). Such consent may be revoked at any time. If your consent was not obtained, the use of the service will occur on the basis of our legitimate interest in making our information as comprehensively visible as possible on social media.
IInsofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The wording of the agreement can be found under: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every DPF-certified company undertakes to comply with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
3.2 Instagram
We have integrated functions of the public media platform Instagram into this website. These functions are being offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
If the social media element has been activated, a direct connection between your device and Instagram’s server will be established. As a result, Instagram will receive information on your visit to this website.
If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.
If your approval (consent) has been obtained the use of the abovementioned service shall occur on the basis of Art. 6 (1)(a) GDPR and § 25 TDDDG (German Telecommunications Act). Such consent may be revoked at any time. If your consent was not obtained, the use of the service will occur on the basis of our legitimate interest in making our information as comprehensively visible as possible on social media.
IInsofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook or Instagram. The processing by Facebook or Instagram that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The wording of the agreement can be found under: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook or Instagram tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook or Instagram products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook or Instagram directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.
For more information on this subject, please consult Instagram’s Data Privacy Declaration at: https://instagram.com/about/legal/privacy/.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every DPF-certified company undertakes to comply with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
3.3 LinkedIn
This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Any time you access a page of this website that contains elements of LinkedIn, a connection to LinkedIn’s servers is established. LinkedIn is notified that you have visited this website with your IP address. If you click on LinkedIn’s “Recommend” button and are logged into your LinkedIn account at the time, LinkedIn will be in a position to allocate your visit to this website to your user account. We have to point out that we as the provider of the websites do not have any knowledge of the content of the transferred data and its use by LinkedIn.
If your approval (consent) has been obtained the use of the abovementioned service shall occur on the basis of Art. 6 (1)(a) GDPR and § 25 TDDDG (German Telecommunications Act). Such consent may be revoked at any time. If your consent was not obtained, the use of the service will occur on the basis of our legitimate interest in making our information as comprehensively visible as possible on social media.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=en.
For further information on this subject, please consult LinkedIn’s Data Privacy Declaration at: : https://www.linkedin.com/legal/privacy-policy.
3.4 Xing
This website uses elements of the XING network. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
Any time one of our sites/pages that contains elements of XING is accessed, a connection with XING’s servers is established. As far as we know, this does not result in the archiving of any personal data. In particular, the service does not store any IP addresses or analyze user patterns.
If your approval (consent) has been obtained the use of the abovementioned service shall occur on the basis of Art. 6 (1)(a) GDPR and § 25 TDDDG (German Telecommunications Act). Such consent may be revoked at any time. If your consent was not obtained, the use of the service will occur on the basis of our legitimate interest in making our information as comprehensively visible as possible on social media.
For more information on data protection and the XING share button please consult the Data Protection Declaration of Xing at: https://www.xing.com/app/share?op=data_protection.
4. audio and video conferencing
Data processing
We use online conference tools, among other things, for communication with our customers. The tools we use are listed in detail below. If you communicate with us by video or audio conference using the Internet, your personal data will be collected and processed by the provider of the respective conference tool and by us.
The conferencing tools collect all information that you provide/access to use the tools (email address and/or your phone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “context information” related to the communication process (metadata).
Furthermore, the provider of the tool processes all the technical data required for the processing of the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.
Should content be exchanged, uploaded, or otherwise made available within the tool, it is also stored on the servers of the tool provider. Such content includes, but is not limited to, cloud recordings, chat/ instant messages, voicemail uploaded photos and videos, files, whiteboards, and other information shared while using the service.
Please note that we do not have complete influence on the data processing procedures of the tools used. Our possibilities are largely determined by the corporate policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, and which we have listed below this text.
Purpose and legal basis
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6(1)(b) GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest in the meaning of Art. 6(1)(f) GDPR). Insofar as consent has been requested, the tools in question will be used on the basis of this consent; the consent may be revoked at any time with effect from that date.
Duration of storage
Data collected directly by us via the video and conference tools will be deleted from our systems immediately after you request us to delete it, revoke your consent to storage, or the reason for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal retention periods remain unaffected.
We have no influence on the duration of storage of your data that is stored by the operators of the conference tools for their own purposes. For details, please directly contact the operators of the conference tools. For details, please contact the operators of the conference tools directly.
Conference tools used
We employ the following conference tools:
Zoom
We use Zoom. The provider of this service is Zoom Communications Inc, San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. For details on data processing, please refer to Zoom’s privacy policy: . https://explore.zoom.us/en/privacy/
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://explore.zoom.us/en/privacy/.
Part 3. Information to applicants according to Articles 13 and 14 GDPR
1. Office responsible for data processing and contact data
responsible office in the meaning of data-protection law
Responsible body within the meaning of the GDPR
dataglobal Group GmbH
Im Zukunftspark 10
74076 Heilbronn
Phone: 07131 1226 500
datenschutz@dataglobal.com
Group of companies
The dataglobal Group GmbH consists of a group of companies consisting of the following companies:
- dataglobal Bochum GmbH, Bochum
- dataglobal Heilbronn GmbH, Heilbronn
- dataglobal München GmbH & Co. KG, Grünwald
- eleven cyber security GmbH, Berlin
Contact data of our data-protection officer:
Data Protection Officer of dataglobal Group GmbH
HEC Harald Eul Consulting GmbH
Data protection + data security
Auf der Höhe 34
50321 Brühl
E-mail: datenschutz@dataglobal.com
2. Purposes and legal foundations upon which we process your data
We process personal data in accordance with the stipulations of the General Data-Protection Regulation (GDPR), the German Federal Data-Protection Act (Bundesdatenschutz-gesetz – BDSG) and other applicable data-protection provisions. Details are provided in the following. You will find further or additional details regarding the purposes of data-processing in the respective contractual documents, forms, a declaration of consent, and other information made available to you.
2.1 Purposes pursuant to fulfilment of an agreement or pre-contractual measures (Art. 6, section 1 b of the GDPR)
Personal data is processed in order to establish your application for a specific job advertisement or as an unsolicited application, in particular, for the following purposes. Check-ing and assessing your suitability for the position to be filled, performance and behavioural evaluation to the extent allowed by law if necessary for registration and authentication for application via our website, if necessary for drawing up the employment contract, traceability of transactions, orders and other covenants and agreements as well as for quali-ty control through appropriate documentation, measures to fulfil general diligence obligations, statistical assessments pursuant to company steering; travel and event manage-ment, travel reservation and travel cost settlement, authorisation and identification administration, cost recording and controlling, reporting system, internal and external commu-nication, accounting and tax assessment of company benefits (e.g. canteen meals), settlement of company credit card, occupational health and safety, contract-related commu-nication (including appointments) with you, assertion of legal claims and defence in the event of legal disputes; ensuring IT security (inter alia system and plausibility tests) and general security, inter alia building and plant security, ensuring respect for company rules by means of appropriate measures, including if applicable video monitoring to protect third parties and our staff or to prevent criminal acts and to secure evidence in the event of criminal acts being committed; ensuring integrity, preventing and uncovering criminal acts; authenticity and availability of data, controls by supervisory bodies and control instances (e.g. auditing).
2.2 Purposes within the framework of a legitimate interest on our part or of third parties (Art. 6 Abs. 1 f DSGVO)
Your personal data can also be processed for certain purposes (e.g. obtaining references from previous employers or using your data for subsequent vacancies) including as a result of your consent. As a rule, you can revoke this consent at any time. You shall be separately informed about the consequences of revocation or refusal to provide consent in the respective text of the consent. Generally speaking, revocation of consent only applies to the future. Processing that takes place prior to consent being issued is not affected by such and remains lawful.
2.3 Purposes within the framework of your consent (Art. 6, section 1 a of the GDPR)
Your personal data can also be processed for certain purposes (e.g. obtaining references from previous employers or using your data for subsequent vacancies) including as a result of your consent. As a rule, you can revoke this consent at any time. You shall be separately informed about the consequences of revocation or refusal to provide consent in the respective text of the consent. Generally speaking, revocation of consent only applies to the future. Processing that takes place prior to consent being issued is not affected by such and remains lawful.
2.4 Purposes relating to adherence to statutory requirements (Art. 6, section 1 c of the GDPR)) or in the public interest (Art. 6, section 1 e of the GDPR)
Just like any actor which takes part in business life, we are also subject to a large number of legal obligations. These are primarily statutory requirements (e.g. the German Indus-trial Relations Act (Betriebsverfassungsgesetz), the German Social Code, commercial and tax laws), but also if applicable supervisory law or other requirements set out by gov-ernment authorities (e.g. employer’s liability insurance association). The purposes of processing may also include identity and age checks, prevention of fraud and money launder-ing (e.g. comparisons with European and international anti-terror lists), company health management, ensuring occupational health and safety, compliance with control and notifica-tion obligations under tax law as well as the archiving of data for the purposes of data protection and data security as well as for purposes of audits by tax advisors/auditors, fiscal and other government authorities. In addition, it may be necessary to disclose personal data within the framework of official government/court measures for the purposes of collect-ing evidence, law enforcement and criminal prosecution or the satisfaction of civil law claims.
3. The categories of data that we process as long as we do not receive data directly from you, and its origin
Insofar as this is necessary for the contractual relationship with you and the application you have submitted, we may process data legitimately received from other bodies or other third parties. We also process personal data that we have legitimately obtained, received or acquired from publicly accessible sources (e.g. commercial and association registers, population registers, press, Internet and other media), insofar as this is necessary and we are permitted to process this data in accordance with the statutory provisions.
Relevant personal data categories may in particular be:
– Address and contact data (notification and comparable data such as, for example, e-mail address and telephone number)
– Information about you on the internet or in social medias
– Video data
4. Recipients or categories of recipients of your data
Within our company, those internal departments or organizational units receive your data that need it to fulfill our contractual and legal obligations (such as managers and specialist managers who are looking for a new employee or are involved in the decision to fill a position, accounting, company doctor, occupational safety, employee representatives, etc.) or as part of the processing and implementation of our legitimate interest. Your data will only be passed on to external bodies
- to process your application in response to a specific job advertisement or as an unsolicited application to employees of group companies, insofar as they participate in or support the decision on filling the position (see number 2.1).
- for purposes where we are obligated or entitled to give information, notification or forward data (e.g. employer’s liability insurance association, health insurance schemes, fiscal authorities) in order to meet statutory requirements or where the forwarding of data is in the public interest (see number 2.4);
- to the extent that external service-provider companies commissioned by us process data as contract processors or parties that assume certain functions (e.g. credit institutes, external research centres, travel agencies/travel management, printers or companies that perform data disposal, courier services, postal service, logistics);
- as a result of our legitimate interest or the legitimate interest of the third party within the framework of the purposes cited under number 2.2 (e.g. to government au-thorities, credit agencies, attorneys, courts of law, appraisers, companies belonging to company groups and bodies and control instances)
- if you have given us consent to transmit data to third parties.
We shall moreover refrain from transmitting your data to third parties if we have not informed you of such separately. If we commission service providers within the framework of processing an order, your data will be subject there to the security standards stipulated by us in order to adequately protect your data. In all other cases, recipients may only use the data for purposes for which the data has been sent to them.
5. Length of time your data is stored
In principle, we process and store your data for the period of your application. This also includes the initiation of a contractual agreement (pre-contractual legal relationship).
Above and beyond this, we are subject to various retention and documentation obligations that emanate inter alia from the German Commercial Code (HGB) and the German Tax Code (AO). The periods and deadlines for retention and/or documentation stipulated therein are up to ten years beyond the end of the contractual relationship or the pre-contractual legal relationship. Electronic data will be deleted after six months accordingly. If we want to store your data longer for later vancancies or if you have entered your data in an applicant tool, the data will be deleted at a later date; Details will be provided in connection with the respective process.
If the data are no longer required for the fulfillment of contractual or legal obligations and rights, they are regularly deleted, unless their – temporary – further processing is necessary to fulfill the purposes listed under section 2.2 for an overriding legitimate interest of our company. Such an overriding legitimate interest exists, for example, if deletion is not possible or only possible with disproportionate effort due to the special type of storage. In these cases, we may also store your data after the end of our contractual relationship for a period agreed with the purposes and, if necessary, use it to a limited extent. In these cases, processing is generally restricted instead of erased. In other words, the data is blocked against the usual use by appropriate measures.
6. Processing of your data in a third country or through an international organisation
Data is transmitted to offices in countries outside the European Economic Area EU/EEA (so-called third states) whenever such is necessary to meet a contractual obligation towards you (e.g. application for a job in another country), such is in the legitimate interest of us or a third party or you have issued us your consent to such.
At the same time, your data may be processed in a third country including in connection with the involvement of service providers within the framework of the processing of the order. If no decision has been issued by the EU Commission regarding the ensurance of an adequate level of data protection for the respective country or for one or more specific sectors within a third country, appropriate contracts (such as EU standard contracts) and additional measures may be used as a basis for the transfer. Information on the appropriate or adequate safeguards and on the possibility of obtaining a copy from you can be requested from the company data protection officer.
7 Your data protection rights
If certain conditions are met, you can assert your data-protection rights against us
Everybody has the right to receive information on his data stored in accordance with the rules of Art. 15 of the GDPR, the right of correction with the rules of Art. 16 of the GDPR, the right of deletion with the rules of Art. 17 of the GDPR, the right of restriction with the rules of Art. 18 of the GDPR, the right of data portability with the rules of Art. 20 of the GDPR. According to the right of deletion and the right of information the restrictions laid down in §§ 34 and 35 of the German Federal Data-Protection Act (BDSG) come into force. You furthermore are entitled to file a complaint with a data-protection supervisory authority (Art. 77 of the GDPR together with § 19 BDSG)
Whenever possible, your applications for the exercise of your rights should be sent in writing to the address stated above or addressed directly to our data-protection officer.
8. Scope of your obligations to provide us your data
You only need to provide data that is necessary for processing your application or for a pre-contractual relationship with us or the collection of which we are required by law. Without this data, we are generally not able to continue the job application process or the selection procedure. If we request data from you above and beyond this, you shall be informed about the voluntary nature of the information separately.
9. Presence of an automated decision made in individual cases (including profiling)
We do not use any purely automated decision-making procedure as set out in Article 22 of the GDPR. If we do institute such a procedure in individual cases in the future, we shall inform you pursuant hereto separately if this is required by law.
Information on your right of objection under Art. 21 of the GDPR
- 1. You have the right to file an objection at any time against processing of your data which is performed on the basis of Art. 6, section 1 f of the GDPR (data-processing on the basis of a weighing out of interests) or Art. 6, section 1 e of the GDPR (data-processing in the public interest). The precondition for this, however, is that there are grounds for your objection emanating from your special personal situation. This also applies to profiling that is based on this purpose in the meaning of Art. 4, no. 4 of the GDPR.
If you file an objection, we shall no longer process your personal data unless we can demonstrate compelling reasons warranting protection for the processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
You can of course withdraw your application at any time.
- 2. We will not use your personal data in order to perform direct advertising. Beside this we have to inform you that you have the right to file an objection to such at any time. This also applies to the profiling to the extent that it is connected with such direct advertising. We shall respect this objection with effect into the future.
The objection can be filed without adhering to any form requirements and should if possible be sent to
dataglobal Group GmbH
Im Zukunftspark 10
74076 Heilbronn
Phone: 07131 1226 500
datenschutz@dataglobal.com
Our data-protection information on our data-processing in accordance with Articles 13, 14 and 21 of the GDPR may change from time to time.