Data protection information in accordance with Art. 13 GDPR
Name and address of the person responsible
The responsible body within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:
ASKION GmbH
Gewerbepark
Keplerstraße 17-19
07549 Gera
Contact:
Telephone: +49 (0) 365 – 73 53 0
Telefax: +49 (0) 365 – 73 53 40 2
Email: info@askion.com
Name and address of the data protection officer
The data protection officer of the person responsible is:
ad hoc datenschutz GmbH
Im Bresselsholze
1207819 Triptis
Mail: kontakt@adhoc-datenschutz.de
Tel: 0365 527 862 30
Fax: 0365 527 862 59
General information on data processing
Legal basis for processing personal data
In accordance with Art. 13 GDPR, we will inform you of the legal basis for our data processing. If the legal basis is not specified in the data protection notice, the following applies: The legal basis for obtaining consent is Art. 6 Para. 1 lit. a iVm . Art. 7 GDPR. The legal basis for processing to fulfill our services and carry out contractual measures as well as to answer inquiries is Art. 6 Para. 1 lit. b GDPR. The legal basis for processing to fulfill our legal obligations is Art. 6 Para. 1 lit. c GDPR. If the processing of your data is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the person concerned do not outweigh the first-mentioned interest, Art. 6 Para. 1 lit. f GDPR as the legal basis for processing. In the event that the vital interests of the data subject or another natural person require the processing of personal data, Art. 6 Para. 1 lit. d GDPR as the legal basis.
Data deletion and storage period
We adhere to the principles of data minimization in accordance with Art. 5 Para. 1 lit. c GDPR and storage limitation in accordance with Art. 5 Para. 1 lit. e GDPR. We only store your personal data for as long as is necessary to achieve the purposes stated here or as required by the statutory retention periods. Once the respective purpose no longer applies or after these retention periods have expired, the relevant data will be deleted as quickly as possible.
External links
This website may contain links to third party websites or to other websites under our responsibility. If you follow a link to one of the websites outside of our responsibility, please note that these websites have their own data protection information. We assume no responsibility or liability for these external websites and their data protection information. Before using these websites, please check whether you agree to the data protection declarations there.
You can recognize external links either by their color being slightly different from the rest of the text or by their underlined appearance. Your cursor will show you external links when you move over such a link. Only when you click on an external link will your personal data be transferred to the destination of the link. The operator of the other website receives in particular your IP address, the time at which you clicked the link, the page on which you clicked the link, and other information that you can find in the data protection information of the respective provider.
Please also note that individual links can lead to data transfer outside the European Economic Area. This could give foreign authorities access to your data. You may not have any legal recourse against these data accesses. If you do not want your personal data to be transferred to the link target or even be exposed to unauthorized access by foreign authorities, please do not click on any links.
Rights of data subjects
As a data subject within the meaning of the GDPR, you have the opportunity to assert various rights. The data subject rights resulting from the GDPR are the right of access (Article 15), the right to rectification (Article 16), the right to erasure (Article 17), the right to restriction of processing (Article 18), the right to object (Article 21) , the right to complain to a supervisory authority and the right to data portability (Article 20).
Right of withdrawal:
Some data processing can only take place with your express consent. You have the option to revoke your consent at any time. However, this does not affect the lawfulness of data processing until revocation.
Right to object:
If the processing is based on Art. 6 paragraph 1 lit. e or f GDPR, you as the data subject can object to the processing of personal data concerning you at any time for reasons arising from your particular situation. You also have this right in the case of profiling based on these provisions within the meaning of Art. 4 Z 4 GDPR. Unless we can demonstrate a legitimate interest for the processing which outweighs your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims, we will refrain from processing your data after you have objected .
If the processing of personal data serves the purpose of direct advertising, you also have the right to object at any time. The same applies to profiling , which is related to direct advertising. Here, too, we will no longer process personal data as soon as you object.
Right to complain to a supervisory authority:
If you believe that the processing of personal data concerning you violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged violation, without prejudice to any other administrative or judicial remedy violation, too.
Right to data portability:
If your data is processed automatically based on consent or fulfillment of a contract, you have the right to receive this data in a structured, common and machine-readable format. You also have the right to request that the data be transferred and made available to another person responsible, as long as this is technically feasible.
Right to information, correction and deletion:
You have the right to receive information about your processed personal data regarding the purpose of data processing, the categories, the recipients and the duration of storage. If you have any questions about this topic or other topics relating to personal data, you can of course contact us using the contact options provided in the legal notice.
Right to restriction of processing:
You can request the restriction of the processing of your personal data at any time. To do this, you must meet one of the following requirements:
- You dispute the accuracy of the personal data. For the duration of the accuracy check, you have the right to request that processing be restricted.
- If processing takes place unlawfully, you can request that the use of the data be restricted as an alternative to deletion.
- If we no longer need your personal data for the purposes of processing, but you need the data to assert, exercise or defend legal claims, you can request restriction of processing as an alternative to deletion.
- If you object to the processing in accordance with Article 21 Para. 1 GDPR, your interests and ours will be weighed up. Until this consideration has been taken, you have the right to request that processing be restricted.
Restricting processing means that, apart from storage, the personal data will only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for important public reasons may be processed in the interests of the Union or a Member State.
Provision of the website (web host)
Our website is hosted by:
IONOS SE
Elgendorfer Str. 57
56410 Montabaur
When you access our website, we automatically collect and store information in so-called server log files. Your browser automatically transmits this information to our server or to the server of our hosting company .
These are:
- IP address of the website visitor’s device
- Device used
- Host name of the accessing computer
- Visitor’s operating system
- Browser type and version
- Name of the retrieved file
- Time of server request
- Amount of data
- Information as to whether the data retrieval was successful
This data is not merged with other data sources.
Instead of operating this website on our own server, we can also have it operated on the server of an external service provider ( hosting company ), which we have mentioned above in this case. The personal data collected by this website is then stored on the hosting company ‘s servers . In addition to the data mentioned above, the web host also stores for us, for example, contact requests, contact details, names, website access data , meta and communication data, contract data and other data that is generated via a website.
The processing of this data is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest is the technically error-free presentation and optimization of this website. If the website is accessed to enter into contract negotiations with us or to conclude a contract, this serves as an additional legal basis (Art. 6 Para. 1 lit. b GDPR). If we have commissioned a hosting company , there is a contract for order processing with this service provider.
Use of local storage items, session storage items and cookies
Our website uses local storage items, session storage items and/or cookies. Local storage is a mechanism that enables data to be stored within the browser on your device . This data usually includes user preferences, such as whether a website is in “day” or “night” mode, and is retained until you manually delete the data. Session storage is very similar to local storage, whereas the storage duration only lasts during the current session, i.e. until the current tab is closed. The session storage items will then be deleted from your device. Cookies are information that a web server (server that provides web content) stores on your device in order to be able to identify this device. They are either temporarily deleted for the duration of a session (session cookies) and after you have finished visiting a website, or stored permanently (permanent cookies) on your device until you delete them yourself or they are automatically deleted by your web browser.
These objects can also be stored on your device by third-party companies when you enter our site (third-party requests ). This enables us as the operator and you as a visitor to this website to use certain services from third parties that are installed on this website. Examples of this include processing payment services or displaying videos.
These mechanisms have a wide range of possible uses. They can improve the functionality of a website, control shopping cart functions, increase the security and comfort of website use and carry out analyzes of visitor flows and behavior . Depending on the individual functions, these must be classified under data protection law. If they are necessary for the operation of the website and are intended to provide certain functions (shopping cart function) or are used to optimize the website (e.g. cookies to measure visitor behavior), then they are used on the basis of Art. 6 Para. 1 lit. f GDPR. As a website operator, we have a legitimate interest in storing local storage items, session storage items and cookies in order to provide our services in a technically error-free and optimized manner. In all other cases, local storage items, session storage items and cookies will only be stored with your express consent (Art. 6 Para. 1 lit. a GDPR).
If local storage items, session storage or cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this data protection notice. Your required consent will be requested and can be revoked at any time.
Use of external services
External services are used on our website. External services are third-party services that are used on our website. This can be done for various reasons, such as embedding videos or website security. When you use these services, personal data is also passed on to the respective providers of these external services. If we have no legitimate interest in using these services, we will obtain your consent as a visitor to our website, which can be revoked at any time, before using them (Art. 6 Para. 1 lit. a GDPR).
Analytics
To analyze user behavior, we process personal data of website visitors. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This allows us to increase the user-friendliness of our website. The analysis tools used could, for example, create user profiles for the display of targeted or interest-related advertising messages, recognize our website visitors the next time they visit our website, measure their click/ scroll behavior , their downloads, create heatmaps , recognize page views, measure the duration of the visit or the bounce rates, as well as the origin of the website visitors (city, country, which site the visitor comes from) can be traced. With the help of the analysis tools, our market research and marketing activities can be improved.
Processing will only occur if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 Para. 1 lit. a GDPR). Without your consent, data processing will not take place in the manner described above. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.
Google Analytics
We use the Google Analytics service on our website. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Using the service may result in data being transferred to a third country (USA). The provider is certified in accordance with the EU-US Data Privacy Framework and therefore offers an appropriate level of data protection.
Further information can be found in the provider’s data protection information at the following URL: https://policies.google.com/privacy .
The service uses the following cookies on our website:
| Name | Storage period | Type | Purpose |
_dc_gtm_UA-1 | 1 | 1st party cookie | Used to control the loading of a Google Analytics script tag. |
_ga _ | 400 days | 1st party cookie | Contains a randomly generated user ID. Using this ID, Google Analytics can recognize returning users on this website and combine data from previous visits. |
_ga_VN88JZVV4R | 400 days | 1st party cookie | Collects data about the number of times a user has visited a website, as well as first and last visit data. |
_ gid | 24 hours | 1st party cookie | This cookie assigns an ID to a user so that the web tracker can summarize the user’s actions under this ID. |
Consent management
In order to comply with data protection requirements, we use a consent management tool on our website. With this tool we obtain the necessary consent for the setting of cookies or the use of external services. The consents are saved.
The processing is necessary for the fulfillment of a legal obligation to which the controller (operator of the website) is subject. The legal basis for processing is therefore Art. 6 Para. 1 lit. c GDPR used.
Compliance GDPR/CCPA Cookie Consent
We use the Complianz GDPR/CCPA Cookie Consent service on our website . The service provider is Complianz BV, Kalmarweg 14-5, 9723 JG Groningen, Netherlands.
Since this service is hosted locally on the web server, no data is transferred to third parties.
The service uses cookies on our website and stores data in the browser’s local or session storage:
| Name | Storage period | Type | Purpose |
cmplz_banner status | 365 Days | 1st party cookie | This cookie is used to store whether the cookie banner has been rejected. |
cmplz_consented_services | 365 Days | 1st party cookie | This cookie is used to store cookie preferences. |
cmplz_functional | 365 Days | 1st party cookie | This cookie is used to store cookie preferences. |
cmplz_marketing | 365 Days | 1st party cookie | This cookie is used to store cookie preferences. |
cmplz_policy_id | 365 Days | 1st party cookie | This cookie is used to store an accepted cookie policy ID. |
cmplz_preferences | 365 Days | 1st party cookie | This cookie is used to store cookie preferences. |
cmplz_statistics | 365 Days | 1st party cookie | This cookie is used to store cookie preferences. |
cmplz_user_data | Session | 1st party session storage | Determines which cookie banner is displayed. |
Content Management System
A content management system enables the creation, editing, organization and presentation of digital content. We use a content management system to create content for our website. This enables us to design a more attractive website.
We base this processing on a legitimate interest (Art. 6 Para. 1 lit. f GDPR).
Our legitimate interest lies in the technically error-free presentation and optimization of the website.
Elementor
We use the Elementor service on our website . The service provider is Elementor Ltd., Tuval st. 40, Ramat Gan, 5126112, Israel.
Since this service is hosted locally on the web server, no data is transferred to third parties.
The service stores the following data in the browser’s local or session storage:
| Name | Storage period | Type | Purpose |
| elementor | Permanent | 1st party local storage | Used to save actions taken on the website. |
WordPress
We use the WordPress service on our website. The service provider is Automattic Inc., 60 29th Street #343, 94110 San Francisco (CA), USA.
Since this service is hosted locally on the web server, no data is transferred to third parties.
The service stores the following data in the browser’s local or session storage:
| Surname | Storage period | Type | Purpose |
wpEmojiSettingsSupports | session | 1st party session storage | Is stored by WordPress on the local device. |
Display optimization
We use tools to optimize the presentation of our website. These tools help, among other things, to display the website in other languages or in a more barrier-free manner.
Processing will only occur if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 Para. 1 lit. a GDPR). Without your consent, data processing will not take place in the manner described above. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.
Polylang
We use the Polylang service on our website . The service provider is WP Syntex , 28, rue Jean Sébastien Bach, 38090 Villefontaine , France.
Since this service is hosted locally on the web server, no data is transferred to third parties.
We base this processing on a legitimate interest (Art. 6 Para. 1 lit. f GDPR).
This application is required to ensure the unrestricted functionality of the website. This is a tool that is used to optimize the language of the website.
The service uses the following cookies on our website:
| Name | Storage period | Type | Purpose |
pll_language | 365 Days | 1st party cookie | This cookie stores the selected language. |
Interface software
Business processes run cheaper, faster and more error-free when they are automated using software via interfaces. This allows them to be efficiently integrated into company processes via your own website or social networks. We use interface software on our website to link different applications and to securely transfer personal data from one application to another.
Processing will only occur if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 Para. 1 lit. a GDPR). Without your consent, data processing will not take place in the manner described above. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.
Google Tag Manager
We use the Google Tag Manager service on our website. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Using the service may result in data being transferred to a third country (USA). The provider is certified in accordance with the EU-US Data Privacy Framework and therefore offers an appropriate level of data protection.
Further information can be found in the provider’s data protection information at the following URL: https://policies.google.com/privacy .
Advertising
Our website uses tools that facilitate or enable the placement of advertising and the evaluation of the success of the ads placed. For this purpose, personal data is processed, in particular the IP address, access times and device information.
Processing will only occur if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 Para. 1 lit. a GDPR). Without your consent, data processing will not take place in the manner described above. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.
Google Double Click
We use the Google Double Click service on our website. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Using the service may result in data being transferred to a third country (USA). The provider is certified in accordance with the EU-US Data Privacy Framework and therefore offers an appropriate level of data protection.
Further information can be found in the provider’s data protection information at the following URL: https://policies.google.com/privacy .
Contact by telephone or e-mail
We have provided a telephone number and email address on our website in accordance with legal requirements. We automatically save the data transmitted in these ways in order to be able to process corresponding inquiries or contact the person making the request. We will not pass on this data to third parties without your consent.
If contact is made by telephone or via our email address for pre-contractual or contractual purposes, the processing of personal data is based on the legal basis of Art. 6 Para. 1 lit. b GDPR. For all other contacts from you , the processing of personal data by us is based on our legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR.
Handling applicant data
It is possible to send an application to us (e.g. by post, online application form or by email). The personal data obtained will be stored and processed by us for the application process.
The basis for processing is Art. 6 Para. 1 lit. b GDPR and Art . 6 Para. 1 lit. a GDPR, provided consent has been given. To the extent that German law is applicable, Section 26 BDSG in particular is used as the legal basis for the processing. You can revoke your consent at any time. The lawfulness of the processing carried out until the revocation remains unaffected.
If the application results in an employment relationship, the data collected will be used to process the employment relationship on the basis of Art. 6 Para. 1 lit. b GDPR saved. If there is no employment relationship, the data will be processed on the basis of Art. 6 Para. 1 lit. f DSGVO is stored for the duration of the legal claims , in particular due to discrimination in the application process. This is necessary for the defense against any lawsuits or allegations. If consent has been given, the data will be processed on the basis of Art. 6 Para. 1 lit. a GDPR stored longer. You can revoke your consent at any time. The lawfulness of the processing carried out until the revocation remains unaffected.
If there is no employment relationship, the applicant can be included in our applicant pool. All information from the application is saved so that the relevant person can be contacted if there are suitable job advertisements.
The data is stored in the applicant pool only after consent has been given on the basis of Art. 6 Para. 1 lit. a GDPR. This consent can be revoked at any time, whereupon the relevant data will be deleted unless there are legal reasons for retention. Deletion will occur automatically no later than two years after consent has been given. The lawfulness of the processing carried out until the revocation remains unaffected.
Data processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
Dear applicant,
We appreciate your interest in our company. In accordance with the provisions of Articles 13, 14, and 21 of the General Data Protection Regulation (GDPR), we hereby inform you about the processing of the personal data you submit as part of the application process and any personal data we may collect, as well as your rights in this regard.
Person responsible for data processing
ASKION GmbH
Gewerbepark Keplerstrasse 17-19
07549 Gera
Germany
Phone: +49 (0) 365 – 73530
Email: info@askion.com
If you have any questions about data protection, please contact the following email address: kontakt@adhoc-datenschutz.de
Purposes and legal basis of data processing
We process your personal data exclusively within the context of a specific job advertisement or your unsolicited application for the purpose of filling positions within our company.
This is done in accordance with the GDPR and the Federal Data Protection Act (BDSG), insofar as this is necessary for the decision to establish an employment relationship with us. The legal basis for this is Art. 88 GDPR in conjunction with Section 26 BDSG and, if applicable, Art. 6 (1) (b) GDPR for the initiation or execution of contractual relationships.
We may also process your personal data if this is necessary to fulfil legal obligations (Article 6 (1) (c) GDPR) or to defend against legal claims asserted against us. The legal basis for this is Article 6 (1) (f) GDPR. A legitimate interest, for example, is the burden of proof in proceedings under the General Equal Treatment Act (AGG).
If you give us your express consent to process personal data for specific purposes, the legality of this processing is based on your consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time (see the section “Your Rights”).
If an employment relationship arises between you and us, we may, in accordance with Art. 88 GDPR, in conjunction with Section 26 BDSG, further process the data already received from you for the purposes of the employment relationship, insofar as this is necessary for the implementation or termination of the employment relationship.
Categories of personal data
We only process data related to your application. This may include general personal information (name, address, contact details, etc.), information about your professional qualifications and education, information about professional development, and any other data you provide to us in connection with your application.
Categories of recipients of personal data
We will only pass on your personal data to those people within our company who are necessarily involved in processing your application.
As part of the application process, it may be necessary to submit your profile to clients in order to assess your suitability for the job offer.
Exceptions are possible if required by overriding legal provisions.
Data transfer to a third country
We do not transfer any personal data to a third country as part of the application process.
Duration of data storage
We store your personal data for as long as necessary to decide on your application. The data and application documents are generally deleted or destroyed six months after the end of the application process (e.g., after notification of the rejection decision), unless longer storage is legally required or permitted. We also store your personal data only to the extent necessary by law or in the specific case to assert, exercise, or defend legal claims for the duration of a legal dispute.
If we are unable to offer you a current vacancy, but believe that your application may be of interest to us for future job openings based on your profile, we will store your application data for twelve months in our legitimate interest, unless you expressly object to such storage and use. After this period, your data will be deleted.
If an employment, training or internship relationship is concluded following the application process, we will initially continue to store your data – as far as necessary and permissible – and then transfer it to your personnel file.
We also store your personal data to the extent we are legally obligated to do so. Corresponding – limited – documentation and retention obligations arise from, among other things, the German Commercial Code and the German Tax Code. The retention periods are up to ten years.
Your rights
You have the right to information according to Art. 15 GDPR, the right to rectification according to Art. 16 GDPR, the right to erasure according to Art. 17 GDPR, the right to restriction of processing according to Art. 18 GDPR, the right to notification according to Art. 19 GDPR and the right to data portability according to Art. 20 GDPR.
Furthermore, you have the right to lodge a complaint with a data protection – supervisory authority pursuant to Art. 77 GDPR if you believe that the processing of your personal data is unlawful. This right of complaint exists without prejudice to any other administrative or judicial remedy.
If we process the data based on your consent, you are entitled to revoke this consent at any time in accordance with Art. 7 GDPR. Please note that the revocation only takes effect for the future. Processing that occurred before the revocation is not affected. Please also note that we may be required to retain certain data for a certain period of time to comply with legal requirements (see the section “Duration of Data Storage”).
To the extent that we process your data pursuant to Art. 6 (1) (f) GDPR to protect our legitimate interests, you have the right, pursuant to Art. 21 GDPR, to object to the processing of this data at any time for reasons arising from your particular situation. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing. These grounds must outweigh your interests, rights, and freedoms, or the processing must serve to assert, exercise, or defend legal claims.
Please feel free to contact us to protect your rights.
Automated decision-making
Since we do not decide on your application based on automated processing, no automated decision is made in individual cases within the meaning of Art. 22 GDPR.
Ladies and Gentlemen
In accordance with the provisions of Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR), we hereby inform you about the processing of the personal data you have provided to us and that we have collected, and your rights in this regard.
Person responsible for data processing
ASKION GmbH
Gewerbepark Keplerstrasse 17-19
07549 Gera
Germany
Phone: +49 (0) 365–73530
Email: info@askion.com
If you have any questions about data protection, please contact the following email address: kontakt@adhoc-datenschutz.de
Purposes and legal bases of data processing
We collect and process your personal data to the extent necessary for the conclusion and fulfilment of a contract or for the implementation of precontractual measures (e.g., to prepare an offer). The legal basis for this is Art. 6 (1) (b) GDPR.
We collect your personal data when you contact us, i.e., when you contact us by email, telephone, letter, web form, or in person as a prospective customer, supplier, or customer. We also process your personal data if you already use our products and services as part of an existing business relationship. We also process personal data from publicly accessible sources.
For the above purposes, we regularly require the following data:
• Personal information (e.g. name, first name),
• Contact details (e.g. telephone number, email address),
• Information about the company (e.g. registered office, authorized representatives)
• Contract and billing data (e.g. bank details).
Without this data, we are unable to enter into and fulfil a contract with you or with the company.
If you give us your express consent to process personal data for specific purposes, the legality of this processing is based on your consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time (see the section “Your Rights”).
We also process your data to protect our legitimate interests or those of third parties (Article 6 (1) (f) GDPR).
This may be necessary in particular:
• for direct mail,
• for statistics,
• to ensure IT security and IT operations,
• for internal administrative purposes,
• to carry out dunning or debt collection procedures.
In addition, we process your personal data to fulfil legal obligations, such as retention obligations under commercial and tax law. The legal basis for processing in this case is the respective legal regulations in conjunction with Article 6 (1) (c) GDPR.
If we wish to process your personal data for a purpose not mentioned above, we will inform you in advance in accordance with the statutory provisions.
Categories of recipients of personal data
Specific departments within our company perform specific data processing tasks. For example, your data may be processed centrally by a department within our company for the central administration of address data, contract and service processing and billing, or mail processing.
External service providers:
Only those external parties who need your data to fulfill our contractual and legal obligations will have access to it, e.g., printing and franking services, IT service providers, card service providers, and logistics companies. We have concluded data processing agreements with these parties – where objectively necessary – in accordance with Art. 28 GDPR.
Financial or law enforcement authorities and other third parties may receive the data under a higher-level legal provision.
Data transfer to a third country
If we or one of our external service providers transfer personal data to service providers outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection or if other appropriate data protection guarantees (e.g. EU standard contractual clauses) are in place.
Duration of data storage
Your personal data will be regularly deleted as soon as it is no longer required for the purpose for which it was collected. We also store your personal data to the extent we are legally obligated to do so. Corresponding – limited – documentation and retention obligations arise from, among other things, the German Commercial Code and the German Tax Code. The retention periods are then up to ten years.
Your rights
You have the right to information according to Art. 15 GDPR, the right to rectification according to Art. 16 GDPR, the right to erasure according to Art. 17 GDPR, the right to restriction of processing according to Art. 18 GDPR, the right to notification according to Art. 19 GDPR and the right to data portability according to Art. 20 GDPR.
Furthermore, you have the right to lodge a complaint with a data protection – supervisory authority pursuant to Art. 77 GDPR if you believe that the processing of your personal data is unlawful. This right of complaint exists without prejudice to any other administrative or judicial remedy.
If we process the data based on your consent, you are entitled to revoke this consent at any time in accordance with Art. 7 GDPR. Please note that the revocation only takes effect for the future. Processing that occurred before the revocation is not affected. Please also note that we may be required to retain certain data for a certain period of time to comply with legal requirements (see the section “Duration of Data Storage”).
To the extent that we process your data pursuant to Art. 6 (1) (f) GDPR to protect our legitimate interests, you have the right, pursuant to Art. 21 GDPR, to object to the processing of this data at any time for reasons arising from your particular situation. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing. These grounds must
outweigh your interests, rights, and freedoms, or the processing must serve to assert, exercise, or defend legal claims.
Please feel free to contact us to protect your rights.
Automated decision-making
An automated decision in individual cases within the meaning of Art. 22 GDPR does not take place.
