Privacy Statement
Thank you for visiting our website and for your interest in our company and our services. We respect your privacy and ensure the protection of your personal data by processing it in accordance with the contents of these data protection regulations and the applicable data protection laws.
You can visit our website without telling us who you are. For the purpose of displaying our websites, you are only obliged to provide the data transmitted by your browser to our server (see “Log Files”). Further personal data will only be stored if you provide it voluntarily on the website or use corresponding functions, e.g., when using our contact forms or registering for our newsletter.
In the following, you will find our data protection regulations for visitors to our website:
- Newsletter and Contact
- Cookies
- Fan Pages
- Log Files
- Google Analytics
- Facebook Pixel
- LinkedIn Insight Tag
- Embedded Content from Third-parties (e.g., Google Maps, YouTube, etc.)
- Participation in Webinars and Virtual Events
- Withdrawal of Consent and Objection to Data Processing
- Your Rights
- Person Responsible
By subscribing to our electronic newsletter, you consent to the storage of your name and email address for the purpose of sending the newsletter (Art. 6 para. 1 s. 1 lit. a GDPR). In the context of e-mailings, we employ the services of the company SC-Networks GmbH, Würmstraße 4, 82319 Starnberg, Germany (order processing). The aforementioned data will not be passed on to third parties. You can withdraw your consent to receive our newsletter in the future and thus terminate your newsletter subscription at any time (information included in the newsletter).
By consenting to receive the newsletter, you also consent to our authorization to evaluate (Art. 6 para. 1 s. 1 lit. a GDPR) whether you have opened the newsletter, which topics of the newsletter you have clicked on, and which downloads you have made. The evaluation of your newsletter user behavior enables us to send you targeted information about your interests in the future. We store this information until you withdraw your consent.
You can enter your personal data on our website to contact us. Only data marked with an asterisk is mandatory. Providing further data may be helpful for the processing of your request, but it is not mandatory (optional). With your consent, the data is used and stored exclusively for the purpose of processing your message (Art. 6 para. 1 s. 1 lit. a GDPR). A use for other purposes or a passing on to third parties does not take place unless you explicitely agree (consent).
Cookies are very small files used by web pages and stored on your device by your browser, which can provide us or a third party with certain information.
Transient cookies are automatically deleted when you close your browser. This includes, in particular, session cookies. These save a so-called session ID, which allows various requests from your browser to be alloated to a common session. This will allow your device to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. In contrast to transient cookies, persistant cookies are not automatically deleted when the browser is closed. You can delete cookies at any time in the security settings of your browser.
We process cookies that are absolutely necessary to provide a service expressly requested by the user (“necessary cookies”) within the scope of our legitimate interest in providing and operating the website on the basis of Art. 6 para. 1 s. 1 lit. f GDPR and §25 para. 2 TDDDG.
Information on cookies that are set when you visit our website and that are necessary for the technical operation of the website is listed in our cookie banner under the category “Essential”.
Moreover, further information is stored on or accessed from your terminal device, that is not strictly necessary to provide the service explicitly requested by the user. The information is only stored or accessed if you give your consent (Art. 6 para. 1 s. 1 lit. a GDPR and §25 para. 1 TDDDG). For details on the type of information, purpose of processing, storage period of the information, and possible recipients of the data,please refer to the following section of this privacy statement.
You can adjust your browser settings to prevent it from accepting cookies or to only save or not save certain cookies. You can find more information on this in the help system of your browser. If your browser rejects all cookies, it is possible that not all functions of this website can be used.
You can call up our cookie banner at any time via this link and correct your selection of cookies or make a new one:
In order to provide customers, partners or otherwise interested parties with up-to-date information and to get in contact with them, we operate so-called “fan pages” on the following social networks in addition to our own website: Facebook, Instagram, LinkedIn, XING, Youtube, and Vimeo.
The data processing operations are carried out by the provider of the social media platform. Data processing outside the European Union cannot be ruled out. The provider of the platform may provide us with aggregated usage data, but we do not have access to personal data if you only visit the fan page.
The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. In the case of consent in the form of an opt-in (“tick checkbox”, “click button”) or any other form of obtaining consent, the legal basis is Art. 6 para. 1 lit. a GDPR. Consent may be withdrawn at any time without stating any reasons to the person to whom it was given, with effect for the future.
Since data processing is carried out by the provider of the platform, we recommend that you contact the respective provider of the platform for your rights to access, rectification, deletion, data portability, and objection regarding your visit to our fan page. Of course, we will support you in exercising your rights when needed.
In addition, cookies may be set on your device. For the purposes and legal basis for the use of cookies, please refer to “Cookies” in this privacy statement or to the privacy statement of the platform provider.
For further information, please refer to the following links:
- Facebook: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland („Facebook Ireland“). According to Facebook, when you visit our Facebook fan page, personal data is processed as follows: https://www.facebook.com/legal/terms/information_about_page_insights_data. Further information is available here: https://www.facebook.com/legal/terms/page_controller_addendum. If data is transferred to Meta Platforms, Inc. (USA), this will be done on the basis of the EU Commission’s adequacy decision on the EU-U.S. Data Privacy Framework.
- Instagram: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. https://help.instagram.com/519522125107875 If data is transferred to Meta Platforms, Inc. (USA), this will be done on the basis of the EU Commission’s adequacy decision on the EU-U.S. Data Privacy Framework.
- LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; http://www.linkedin.com/legal/privacy-policy. If data is transferred to LinkedIn Corporation (USA), this is done on the basis of the EU Commission’s adequacy decision on the EU-U.S. Data Privacy Framework.
- XING SE, Dammtorstraße 30, 20354 Hamburg,Germany https://privacy.xing.com/de/datenschutzerklaerung.
- YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; https://www.google.com/policies/privacy/partners/?hl=de. If data is transferred to Google, LLC (USA), this is done on the basis of the EU Commission’s adequacy decision on the EU-U.S. Data Privacy Framework.
- Vimeo: Vimeo Inc., 555 West 18th Street, New York, New York 10011; Privacy@vimeo.com; guarantees in accordance with Art. 44 ff. GDPR: adequacy decision on the EU-U.S. Data Privacy Framework; https://vimeo.com/privacy
Each time you access our website, we collect the following information about your computer: the IP address of your computer, the request from your browser, and the time of this request. In addition, the status and the amount of data transferred are recorded within the scope of this request, as well as product and version information about the browser used and the operating system of your computer. We further record the website from which our site was accessed. The IP address of your computer is only stored for the duration of your visit to the website and is then immediately deleted or made anonymous by shortening it. The remaining data is stored for a limited period of time. We use this data for the operation of our website, in particular to detect and eliminate errors, determine the level of utilization of the website, and make adjustments or improvements (legal basis: Art. 6 para. 1 s. 1 f GDPR).
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained enable us to improve our offer and create a more interesting experience for you as a user. The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 para. 1 s. 1 lit. a GDPR.
Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. Information on the cookies used in the context of Google Analytics can be found in our cookie banner under the category “Statistics”.
Data such as page views and clicks, internal search queries, downloads, interactions with videos, technical settings in browsers and terminal devices (as described in “log files”) and your IP address are recorded. IP addresses are only processed in shortened form in order to eliminate direct personal references.
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to the website operator. In the context of Google Analytics, the IP address transmitted by your browser will not be merged with other Google data.
You can withdraw your consent for the processing of personal data using Google Analytics at any time. You may also disable the saving of cookies via the respective settings on your browser, however, please note that you may not be able to use the full functionality of this website in this case.
You can also prevent the collection and processing of data generated through cookies and related to your use of the website (including your IP address) by Google by downloading and installing the browser plugin available at the following link https://tools.google.com/dlpage/gaoptout?hl=en or alternatively by clicking on the following link to withdraw your consent (opt-out cookie).
Further information on data use by Google, as well as setting and revocation options, is available on the Google website: https://support.google.com/analytics/answer/6004245?hl=de&ref_topic=2919631.
Any data that is transferred to Google, LLC (USA) is done so on the basis of the EU Commission’s adequacy decision on the EU-U.S. Data Privacy Framework.
With your given consent, where applicable, when visiting our website (Art. 6 (1) s. 1 lit. a GDPR), we use the visitor action pixel (“Facebook Pixel”) from Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The following cookies are set by Facebook: Information on the designation, purpose and storage period of cookies can be found in the cookie notification window “Marketing” when accessing our website.
The information generated by these cookies about the use of our online services is transmitted to and stored on a Meta Ireland server.
The collected data can only be evaluated in aggregate form by us as the operators of this website, which means that no conclusions can be drawn about individual user identities. In theory, however, the data stored and processed by Meta can be linked by Meta to individual user profiles, especially if you are logged into the platform. Facebook uses this data for advertising purposes, according to the Meta Data Policy (https://www.facebook.com/about/privacy/). This allows Meta to identify users across numerous websites. Data collected on our site via pixel is deleted or anonymized within 90 days.
We use the pixel for two purposes: first, to display ads placed within Facebook and its partner websites only to users who have shown an interest in our online services or share certain characteristics (e.g., interests in certain topics or pages on Facebook). The “Custom Audiences” remarketing function also serves this purpose. Here, Pixel communicates to the Meta servers when the website is visited that the user has visited the website, and Meta links this information to the personal Facebook user account (if available). Furthermore, we use it to measure the success of Facebook ads by determining the behavior of users on this website after clicking on such ads.
You can deactivate “Custom Audiences” at https://de-de.facebook.com/help/568137493302217/?helpref=uf_share via the aforementioned options for withdrawing consent to cookies. To do this, however, you have to be logged in as a user on Facebook.
With your consent, this website uses the LinkedIn Insight Tag, an application of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The LinkedIn Insight Tag cookies collect the following data: IP address, device and browser properties, URL and referrer URL. We have no control over data processing at LinkedIn. If you are logged in to LinkedIn with a user account, LinkedIn can link your user behavior with your user account. If applicable, LinkedIn stores your data as a usage profile and may use it for advertising purposes. For more information on the purpose and scope of data collection and its processing by LinkedIn, please refer to LinkedIn’s privacy policy (https://www.linkedin.com/legal/privacy-policy). We use LinkedIn Insight Tags to analyze and regularly improve the use of our website. LinkedIn provides us with non-personal aggregated reports about our website’s audience and ad performance. The statistics obtained allow us to improve our services and create a more interesting experience for you as a user. The legal basis for the use of LinkedIn Insight Tags is your consent in accordance with Art. 6 para. 1 s. 1 lit. a GDPR.
Third-party embedded content (e.g., Google Maps, YouTube, etc.)
If content from third parties such as Google Maps or YouTube is displayed on our websites, the transfer of your IP address and the content displayed under “Log Files” to the third party provider is required for the provision of this content and its display in your browser. The purpose is to provide an appealing view of our website. The legal basis of the processing is Art. 6 para. 1 s.1 lit. f GDPR. We have no influence on how third-party providers process data. If you are logged in with a user account with a third-party provider, the third party may be able to link your user behavior with your user account. If applicable, the third-party provider stores your data as user profiles and may use them for the purposes of advertising, market research and/or the design of its website in line with requirements. Any rights of objection against the creation of these user profiles must be addressed to the third-party provider.
For more information about the purpose and scope of data collection and its processing by the third-party provider, please refer to their privacy policy. There you will also find further information about your rights and setting options to protect your privacy:
- Google Maps: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; https://www.google.com/policies/privacy/partners/?hl=en.
- YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; https://www.google.com/policies/privacy/partners/?hl=en.
Registration is required for participation in virtual events. To register, you must enter the data marked as mandatory. The provision of further data may be helpful for registration, but it is not mandatory (optional). After registering, you will receive an email with a link to confirm your registration and activate your participation. You will be contacted via email multiple times with regard to the event (e.g., registration confirmation, event reminder). The processing of your data is based on your voluntary consent, which can be withdrawn with effect for the future in accordance with Art. 6 para. 1 s. 1 lit. a GDPR.
For the purpose of providing the technical infrastructure, we use the service providers SC-Networks GmbH, Würmstraße 4, 82319 Starnberg, Germany (e-mailing system) and Zoom Video Communications, Inc., 55 Almaden Blvd., Suite 600, San Jose, CA 95113, USA (video conferencing system). Data transfers to Zoom Video Communications, Inc., (USA) are carried out on the basis of the EU Commission’s adequacy decision on the EU-U.S. Data Privacy Framework.
Withdrawal of Consent and Objection to Data Processing
If you have given us your consent, you can withdraw it at any time, with effect for the future.
You may object to our processing of your personal data wherever the processing is based on a balancing of interests. If you choose to exercise your right to object, we ask that you provide us with the reasons why you do not want your personal data to be processed in the manner carried out by us. In the event of your justified objection, we will review the situation and either cease or adjust our processing of data state our compelling reasons for continuing the processing that are worthy of protection.
You can object to the processing of your personal data for purposes of advertising and data analysis at any time.
You can send your revocation or objection using the contact details given under “Person Responsible”.
You are granted the following rights against us regarding personal data concerning you:
- Right of access
- Right to rectification or erasure
- Right to restriction of processing
- Right of objection to processing
- Right to data portability.
You also have the right to lodge a complaint regarding our processing of your personal data with a data protection supervisory authority.
medavis GmbH, Bannwaldallee 60, D – 76185 Karlsruhe, Germany, Phone: +49 721 92910-0, Fax: +49 721 92910-99, Email: info@medavis.com
Data protection officer: Email: datenschutzanfragen@xdsb.de or to our postal address by adding “to the data protection officer”
xDSB Datenschutz GmbH & Co. KG, Greschbachstraße 6a, 76229 Karlsruhe, Germany, Phone: +49 721 828035-0, Fax: +49 721 82803 -99, Email: info@xdsb.de
The following information is intended to provide you with an overview of the personal data we process and inform you of your rights under data protection laws.
- Person responsible for data processing and contact information of the data protection officer
- What are the sources of personal data?
- For what purposes and on what legal basis is the personal data processed?
- Recipients of the personal data
- Is data transferred to a third country or to an international organization?
- Storage period of the data
- Data subject rights
- Obligation to the provision of data
- Does automated decision-making or profiling take place?
Person responsible for data processing and contact information of the data protection officer
medavis GmbH, Bannwaldallee 60, 76185 Karlsruhe, Germany Phone.: +49 721 92910-0, Fax: +49 721 92910-99, Email: info@medavis.com
Data protection officer: Email: datenschutzanfragen@xdsb.de or at our postal address with the addition “the data protection officer”.
xDSB Datenschutz GmbH & Co. KG, Greschbachstraße 6a, 76229 Karlsruhe, Germany, Phone: +49 721 828035-0, Fax: +49 721 82803 -99, Email: info@xdsb.de
What are the sources of personal data?
We process personal data that we have obtained from business relationships (e.g., with customers or suppliers) or from inquiries to our company. Normally, we receive this data directly from a contractual party or an inquiring person. However, personal data may also originate from public sources (e.g., commercial registers), provided that the processing of such data is permitted. Data may also have been legitimately transmitted to us by other companies. Depending on the individual case, we also store our own information on this data (e.g., as part of an ongoing business relationship).
Depending on the individual case, this may include master data (e.g., name, address), contact information (e.g., telephone number, email address), contract and billing data for the fulfillment of our contractual obligations or necessary data for the processing of an inquiry, possibly also data on creditworthiness, advertising and sales data, and other data from comparable categories.
For what purposes and on what legal basis is the personal data processed?
We process personal data in accordance with data protection laws, in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
a.) In the context of the fulfillment of a contract or for the implementation of pre-contractual measures (Art. 6 para. 1 s. 1 lit. b GDPR). We process personal data primarily for the fulfillment of contractual obligations and the provision of related services, or in the context of a corresponding contract initiation (e.g., contract negotiations, preparation of offers). The specific purposes here are determined by the individual service or product to which the business relationship or contract initiation relates.
b.) In the context of fulfilling a legal obligation (Art. 6 para. 1 s. 1 lit. c GDPR). In many situations, we are required by law to collect certain personal data from you and to disclose or make it available to certain, usually public, entities. For example, we provide the tax authorities with the personal data required for tax calculation in accordance with the relevant statutory provisions.
c.) In the context of the balancing of interests (Art. 6 para. 1 s. 1 lit. f GDPR). We also collect and process personal data to safeguard legitimate interests in the following situations:
- Processing general inquiries about our products and services
- Checking creditworthiness via respective credit agencies to assess the risk of default in business relationships
- Advertising or market research
- Video surveillance for the protection of domiciliary rights on our company premises or building
- Assertion of legal claims and defense in legal disputes
- Ensuring IT security and IT operation
- Measures for building and plant security (e.g., access authorizations)
- Measures to improve our internal business processes and product optimization measures
- Furthermore, we may use systems for communication purposes (e.g., video conferencing systems, chats, etc.). Depending on the form of communication, we may process your contact information, messages and image and audio recordings. Recordings of images or audio transmissions will not be taken without your explicit consent. Please also note the respective privacy statements of the providers’ tools.
d.) In the context of consent (Art. 6 para. 1 s. 1 lit. a GDPR). In some situations, the processing of your personal data is not mandatory and is only permitted with your consent. In these cases, we will inform you of this circumstance, in particular of the voluntary nature of the consent given and the possibility of withdrawal at any time with effect for the future. This is the case, for instance:
- for certain processing of data via our website (see the privacy statement on our website),
- in certain advertising situations (subject to permission of use, if required by law).
Recipients of the personal data
In general, the company only grants access to your data to entities that need to work with your data (“need-to-know principle”), i.e., need access to this data in order to fulfill a contractual or legal obligation. These may also include service providers and vicarious agents who act on behalf of the company and/or have been obligated to confidential processing of the data. In certain situations, we may transmit your data to
- public authorities (e.g., tax authorities) when there’s a legal obligation,
- other companies as part of the fulfillment of the contractual relationship, in the context of a balancing of interests, or on the basis of your consent. In individual cases, depending on the business relationship or order, these may be, for instance, companies involved in the provision of our services, logistics partners, marketing service providers, credit bureaus, banks, tax consultants, or lawyers.
Is data transferred to a third country or to an international organization?
We may transfer personal data to other entities in countries outside the European Union (third country) insofar as it is necessary for the execution of the business relationship, if it is required by law, or if you have given us your consent to do so. In certain situations, we use or reserve the right to use service providers that may either have their registered office in a third country or, in turn, may have service providers with a registered office in a third country. According to Art. 45 GDPR, a data transfer to a third country is permitted if the European Commission has decided that an adequate level of protection exists in that country. In the absence of such a decision, a data transfer to a third country is permissible if the responsible entity has provided appropriate safeguards (e.g., so-called standard data protection clauses issued by the European Commission) and the data subject has enforceable rights and effective legal remedies (Art. 46 GDPR). As a matter of principle, we only work with entities in a third country that meet the listed criteria.
We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. If the storage of personal data is no longer required for the fulfillment of these obligations, it will be deleted, unless there are legal storage obligations, such as commercial and tax retention obligations under the German Fiscal Code and the German Commercial Code (6 or 10 years) and for the preservation of evidence within the framework of statutory periods of limitation.
You are granted the following rights against us regarding personal data concerning you:
- Right of access
- Right to rectification or erasure
- Right to restriction of processing
- Right of objection to processing
- Right to data portability.
You also have the right to lodge a complaint regarding our processing of your personal data with a data protection supervisory authority. However, you also have the possibility of contacting our company’s data protection officer (also confidentially). If you have given us consent (Art. 6 para. 1 s. 1 lit. a GDPR), you can withdraw it at any time with effect for the future.
You may object to the processing of your personal data wherever the processing is based on the balancing of interests (Art. 6 para. 1 s. 1 lit. f GDPR). When exercising such an objection, we ask you to provide us with the reasons why you do not want your personal data to be processed in the manner carried out by us. In the event of your justified objection, we will review the merits of the case and either cease or adjust our processing of data or state our compelling reasons for continuing that are worthy of protection on the basis of which we will continue the processing. You can object to the processing of your personal data for advertising purposes at any time.
Obligation to the provision of data
In the context of the fulfillment or initiation of a contract, you must provide the personal data necessary for the fulfillment of the contract or the implementation of pre-contractual measures and their associated obligations. Furthermore, you must provide the personal data that we are required to collect by law. We will not be able to conclude or fulfill a contract with you without this data. In cases of data collection based on consent, the provision of data by you is voluntary and not mandatory. However, if you do not give consent, we will not be able to provide the services or benefits based on data processing by means of consent. You may withdraw your consent at any time with effect for the future, even after giving it.
The following information is intended to inform you about the details of the processing of your data with regards to the application process. We process your personal data in strict compliance with labor and data protection regulations. In particular, we process the following data: name, address, date of birth, curriculum vitae, photograph, email address, telephone number, and proof of qualifications. You can also provide additional data on a voluntary basis. Furthermore, we may store additional data, such as internal notes and assessments. If you have stored your required data for an application on recruiting platforms, we may initiate a corresponding synchronization when using our career portal on our website to provide this data.
- Person responsible for data processing and contact information of the data protection officer
- For what purposes and on what legal basis is the personal data processed?
- Recipients of the personal data
- Is data transferred to a third country or to an international organization?
- Storage period of the data
- Data subject rights
- Obligation to the provision of data
- Does automated decision-making or profiling take place?
Person responsible for data processing and contact information of the data protection officer
medavis GmbH, Bannwaldallee 60, 76185 Karlsruhe, Germany Phone.: +49 721 92910-0, Fax: +49 721 92910-99, Email: info@medavis.com
Data protection officer: Email: datenschutzanfragen@xdsb.de or at our postal address by adding “to the data protection officer”.
xDSB Datenschutz GmbH & Co. KG, Greschbachstraße 6a, 76229 Karlsruhe, Germany, Phone: +49 721 828035-0, Fax: +49 721 82803 -99, Email: info@xdsb.de
For what purposes and on what legal basis is the personal data processed?
We process personal data in accordance with data protection laws, in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
a.) In the context of the fulfillment of a contract or for the implementation of pre-contractual measures (Art. 6 para. 1 s. 1 lit. b GDPR), in particular the employment relationship (§ 26 BDSG). The legal basis for data processing is data processing for pre-contractual measures or for the initiation of a contract (Art. 6 para. 1 s. 1 lit. b GDPR, § 26 BDSG).
b.) In the context of consent (Art. 6 para. 1 s. 1 lit. a GDPR). In addition, you have the option to give us your consent for data processing that is not required for the purpose of processing your application for a specific position. This concerns, in particular, your consent to the processing of your data in the event of rejection in order to be able to consider you for further positions in the future. This consent is voluntary for you, i.e., you can refuse it without consequences, and you can also withdraw it at any time with effect for the future.
Recipients of the personal data
In general, the company only grants access to your data to entities that need to work with your data (“need-to-know principle”), i.e., access to this data is needed to fulfill a contractual or legal obligation. The transfer of data to third parties takes place only with your explicit consent. If we receive your application documents from recruitment agencies or recruitment platforms, you will either be informed by the recruitment agency or recruitment platform about the corresponding data transfer or, if necessary, your consent will be obtained. Due to possible commission or other remuneration obligations with recruitment agencies and recruitment platforms, it may be possible that we have to inform these service providers about the status of the application and in particular the conclusion of an employment relationship.
To process your application data, we use software which processes this data on our behalf.
Is data transferred to a third country or to an international organization?
As a matter of principle, no data is transmitted to entities in countries outside the European Union (third countries). In certain situations, we use or reserve the right to use service providers that may either have their registered office in a third country or who may in turn have service providers based in a third country. According to Art. 45 GDPR, a data transfer to a third country is permitted if the European Commission has decided that an adequate level of protection exists in that third country. In the absence of such a decision, a data transfer to a third country is permissible if the responsible entity has provided appropriate safeguards (e.g., so-called standard data protection clauses issued by the European Commission) and the data subject has enforceable rights and effective remedies (Art. 46 GDPR). As a matter of principle, we only work with entities in a third country that meet the listed criteria.
We process and store your personal data as long as it is necessary to fulfill the purpose of initiating the contract. If the storage of personal data is no longer required for the fulfillment of the purpose, it will be deleted, unless there are legal storage obligations, in particular for the preservation of evidence within the framework of statutory periods of limitation, or you have given your explicit consent to further storage.
You have the following rights with respect to us regarding personal data concerning you:
- Right of access
- Right to rectification or earsure
- Right to restriction of processing
- Right of objection to processing
- Right to data portability.
You also have the right to lodge a complaint regarding our processing of your personal data with a data protection supervisory authority. You also have the possibility of contacting our company’s data protection officer at any time (also confidentially).
If you have given us consent (Art. 6 para. 1 s. 1 lit. a GDPR), you can withdraw it at any time with effect for the future.
You may object to the processing of your personal data, wherever the processing is based on the balancing of interests (Art. 6 para. 1 s. 1 lit. f GDPR). When exercising such an objection, we ask you to provide us with the reasons why you do not want your personal data to be processed in the manner carried out by us. In the event of your justified objection, we will review the merits of the case and either cease or adjust the processing of data or state our compelling reasons worthy of protection on the basis of which we will continue the processing.
Obligation to the provision of data
In the context of the initiation of the employment relationship, you must provide the personal data necessary for the fulfillment of pre-contractual measures and their associated obligations. We will not be able to conclude a contract with you without providing this data.