Thank you very much for your interest in our company. Data protection is particularly important to the management of e.s.m. Edelstahl- Schwimmbad- und Metallbau GmbH. The use of the e.s.m. Internet pages is prohibited, offenders sending unwanted spam messages will be punished. e.s.m. Edelstahl- Schwimmbad- und Metallbau GmbH is basically possible without any manual indication of personal data. However, if a person concerned wishes to make use of special services provided by our company via our website, personal data may have to be processed. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the person concerned.
The processing of personal data, for example the name, address, e-mail address or telephone number of a person concerned, is always carried out in accordance with the Basic Data Protection Regulation and in accordance with the data protection regulations applicable to e.s.m.. Edelstahl- Schwimmbad- und Metallbau GmbH in accordance with the country-specific data protection regulations. By means of this data protection declaration, our company wishes to inform the public about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, the persons concerned will be informed about their rights by means of this data protection declaration.
The e.s.m. Edelstahl- Schwimmbad- und Metallbau GmbH has implemented numerous technical and organisational measures to ensure the most complete possible protection of the personal data processed via this website. Nevertheless, Internet-based data transmissions can in principle have security gaps, so that absolute protection cannot be guaranteed. For this reason, every person concerned is free to transmit personal data to us by alternative means, such as telephone or post.
We use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. As a rule, this is a 2048 bit encryption. If your browser does not support 2048-bit encryption, we use 128 to 256-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser.
e.s.m. Edelstahl- Schwimmbad- und Metallbau GmbH
Shareholder: Dipl.-Ing. Bernhard Klug
Managing Director: Dipl.-Ing. Wolfgang Hummel
Phone: +49 3501 4666-0
Fax: +49 3501 4666-11
Contact the Data Protection Officer
DSB-Dresden.de Owner Nico Eberhardt
01309 Dresden, Germany
Appointed data protection officer:
Report the incident directly to the data protection officer:
Types of data processed
- Inventory data (e.g., person master data, names or addresses).
- Contact data (e.g., e-mail, telephone numbers).
- Content data (e.g., text entries, photographs, videos).
- Usage data (e.g., websites visited, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).
Categories of data subjects
Visitors, users and interested parties of the online offer and of our company (in the following we refer to the persons concerned in summary also as "users").
Purpose of processing
- Provision of the online offer, its functions and contents.
- Answering contact requests and communicating with users.
- Security measures.
- Range measurement/Marketing
The data protection declaration is based on the terms used by the European directive and regulation giver in the adoption of the data protection basic regulation (DS-GVO). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. In order to guarantee this, we would like to explain the terms used in advance.
We use the following terms in this data protection declaration:
(a) personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). As identifiable means a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier or one or more specific characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
(b) Data subject
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
Processing" means any operation or set of operations which is carried out with or without the aid of automated processes and which relates to personal data, such as collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or association, qualification, erasure or destruction.
(d) Limitation of processing
Limitation of processing is the marking of stored personal data with the aim of limiting their future processing.
Profiling is any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or movement of that natural person.
Pseudonymisation means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the provision of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.
(g) Controller or controller
The controller or data controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or controllers may be designated in accordance with Union law or with the law of the Member States on the basis of specific criteria.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
The recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data in the course of a specific investigation task under Union law or the law of the Member States shall not be considered as recipients.
(j) Third parties
Third party means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or processor.
Consent shall mean any voluntary, informed and unambiguous expression by the data subject of his or her will in the particular case, in the form of a statement or other unequivocal confirmatory act, indicating that he or she consents to the processing of his or her personal data.
Applicable legal bases
In accordance with Art. 13 DSGVO we inform you about the legal basis of our data processing. For users from the area of application of the data protection basic regulation (DSGVO), i.e. the EU and the EEC, the following applies, if the legal basis is not mentioned in the data protection explanation:
The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 DSGVO;
The legal basis for the processing for the fulfilment of our services and the implementation of contractual measures as well as the answering of inquiries is Art. 6 para. 1 lit. b DSGVO;
The legal basis for the processing for the fulfilment of our legal obligations is Art. 6 para. 1 lit. c DSGVO;
Art. 6 para. 1 lit. d DSGVO serves as the legal basis in the event that vital interests of the data subject or another natural person necessitate the processing of personal data.
The legal basis for the processing necessary to perform a task which is in the public interest or in the exercise of official authority entrusted to the data controller is Art. 6 para. 1 lit. e DSGVO.
The legal basis for the processing to safeguard our legitimate interests is Art. 6 para. 1 lit. f DSGVO.
The processing of data for purposes other than those for which they were collected is governed by the provisions of Art. 6 (4) DSGVO.
The processing of special categories of data (pursuant to Art. 9 (1) DSGVO) is governed by the provisions of Art. 9 (2) DSGVO.
We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing as well as the different probability of occurrence and severity of the risk for the rights and freedoms of natural persons, in order to achieve a level of protection appropriate to the risk guarantee.
Measures shall include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to, access to, inputting, disclosure, securing and separation of data. In addition, we have established procedures to ensure the exercise of data subjects' rights, deletion of data and reaction to data threats. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes, in accordance with the principle of data protection through technology design and data protection-friendly default settings.
Cooperation with contract processors, joint managers and third parties
Insofar as we disclose data to other persons and companies (contract processors, jointly responsible persons or third parties) within the scope of our processing, transfer them to them or otherwise grant them access to the data, this shall only take place on the basis of legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, is necessary for the fulfilment of the contract), users have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
Insofar as we disclose, transmit or otherwise grant access to data to other companies of our group of companies, this is done in particular for administrative purposes as a legitimate interest and beyond that on a basis corresponding to the legal requirements. You can find our partners at: www.esm-pirna.de/unternehmen/partner/
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or if this is done in the context of the use of third party services or disclosure or transfer of data to other persons or companies, this only occurs if it is done to fulfil our (pre)contractual obligations, on the basis of your consent, a legal obligation or on the basis of our legitimate interests. Subject to express consent or contractually required transfer, we process or allow the data to be processed only in third countries with a recognised level of data protection, which includes US processors certified under the "Privacy Shield" or on the basis of special guarantees, such as a contractual obligation through so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 DSGVO, information page of the EU Commission).
Rights of the data subject
a)Right to confirmation
Every data subject shall have the right, granted by the European directive and regulation maker, to obtain from the controller confirmation as to whether personal data relating to him or her are being processed. If a data subject wishes to exercise this right of confirmation, he or she may at any time contact an employee of the controller.
b) Right of access
Any person concerned by the processing of personal data has the right, granted by the European directive and regulation maker, to obtain at any time, free of charge, from the controller, information on the personal data relating to him which have been stored and a copy of that information. Furthermore, the European Data Protection Supervisor has granted the data subject access to the following information:
the purposes of the processing
the categories of personal data processed
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
if possible, the planned duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration
the existence of a right to the rectification or erasure of personal data concerning him or her or to the limitation of the processing carried out by the controller or of a right to object to such processing
the existence of a right of appeal to a supervisory authority
if the personal data are not collected from the data subject: All available information on the origin of the data
the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the DS Block Exemption Regulation and, at least in these cases, meaningful information on the logic involved, the scope and the intended effects of such processing on the data subject
The data subject also has the right to know whether personal data have been transferred to a third country or to an international organisation. If this is the case, the data subject shall also have the right to obtain information on the appropriate safeguards in connection with the transfer.
If a data subject wishes to exercise this right of access, he or she may at any time contact a member of staff of the controller.
(c) Right of rectification
Any person concerned by the processing of personal data has the right, granted by the European directive and regulation maker, to request the rectification without delay of inaccurate personal data concerning him or her. Furthermore, the data subject shall have the right, having regard to the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary statement.
If a data subject wishes to exercise this right of rectification, he or she may at any time contact a member of staff of the controller.
d) Right to cancellation (right to be forgotten)
Any person data subject to the processing of personal data shall have the right, granted by the European directive and regulation, to require the controller to erase without delay personal data concerning him which are subject to one of the following conditions and to the extent that the processing is not necessary:
Personal data have been collected or otherwise processed for purposes for which they are no longer necessary.
The data subject withdraws his consent on which the processing was based pursuant to Art. 6 para. 1 letter a DS-GVO or Art. 9 para. 2 letter a DS-GVO and there is no other legal basis for the processing.
The data subject objects to the processing under Article 21(1) DS Block Exemption Regulation and there are no overriding legitimate reasons for the processing or the data subject objects to the processing under Article 21(2) DS Block Exemption Regulation.
The personal data have been processed unlawfully.
The deletion of the personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
The personal data were collected in relation to information society services offered pursuant to Art. 8 para. 1 DS-GVO.
If one of the above-mentioned reasons applies and a data subject requests the deletion of personal data held by e.s.m. Edelstahl- Schwimmbad- und Metallbau GmbH, the data shall be deleted. e.s.m. Edelstahl- Schwimmbad- und Metallbau GmbH, the data subject may at any time contact an employee of the data controller for this purpose. The employee of e.s.m. Edelstahl- Schwimmbad- und Metallbau GmbH will arrange for the request for deletion to be complied with immediately.
If the personal data have been processed by e.s.m. Edelstahl- Schwimmbad- und Metallbau GmbH and our company is obliged to delete the personal data in accordance with Art. 17 Para. 1 DS-GVO, e.s.m. shall be responsible for the deletion of the personal data. e.s.m. Edelstahl- Schwimmbad- und Metallbau GmbH, taking into account the available technology and the implementation costs, shall take appropriate measures, also of a technical nature, to inform other persons responsible for data processing who process the published personal data, that the person concerned has requested these other persons responsible for data processing to delete all links to this personal data or copies or replications of this personal data, insofar as the processing is not necessary. The employee of e.s.m. Edelstahl- Schwimmbad- und Metallbau GmbH will take the necessary steps in individual cases.
e) Right to limitation of processing
Any person data subject to the processing of personal data has the right, granted by the European directive and regulation, to request the controller to limit the processing if one of the following conditions is met:
The accuracy of the personal data shall be contested by the data subject for a period of time which allows the controller to verify the accuracy of the personal data.
The processing is unlawful and the data subject refuses to erase the personal data and instead requests that the use of the personal data be restricted.
The controller no longer needs the personal data for the purposes of processing, but the data subject needs them for the assertion, exercise or defence of legal claims.
The data subject has lodged an objection to the processing pursuant to Art. 21 para. 1 DS-GVO and it is not yet clear whether the legitimate reasons of the data controller outweigh those of the data subject.
If one of the above-mentioned conditions is met and a data subject is unable to restrict personal data stored with e.s.m., the data subject must be informed of this fact. e.s.m. Edelstahl- Schwimmbad- und Metallbau GmbH, the data subject may at any time contact an employee of the data controller. The employee of e.s.m. Edelstahl- Schwimmbad- und Metallbau GmbH will cause the processing to be restricted.
f) Right to transfer data
Any data subject involved in the processing of personal data has the right, granted by the European directive and regulation, to obtain personal data concerning him or her which have been provided by the data subject to a controller in a structured, common and machine-readable format. It also has the right to communicate these data to another controller without being hindered by the controller to whom the personal data have been provided, provided that the processing is based on the consent pursuant to Art. 6 para. 1 letter a DS-GVO or Art. 9 para. 2 letter a DS-GVO or on a contract pursuant to Art. 6 para. 1 letter b DS-GVO and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority entrusted to the controller.
Furthermore, when exercising his right to data transferability pursuant to Art. 20 (1) DS Block Exemption Regulation, the data subject shall have the right to obtain that the personal data be transferred directly from one data controller to another data controller insofar as this is technically feasible and insofar as this does not impair the rights and freedoms of other persons.
In order to assert the right to data transferability, the person concerned can contact an e.s.m. employee at any time. e.s.m. Edelstahl- Schwimmbad- und Metallbau GmbH.
g) Right of objection
Any person data subject to the processing of personal data has the right, granted by the European directive and regulation maker, to object at any time, for reasons related to his/her particular situation, to the processing of personal data concerning him/her on the basis of Article 6(1)(e) or (f) of the DS Block Exemption Regulation. This also applies to profiling based on these provisions.
The e.s.m. Edelstahl- Schwimmbad- und Metallbau GmbH will no longer process the personal data in the event of objection, unless we can prove compelling reasons for the processing worthy of protection which outweigh the interests, rights and freedoms of the person concerned, or the processing serves the assertion, exercise or defense of legal claims.
Processes the e.s.m. Edelstahl- Schwimmbad- und Metallbau GmbH processes personal data for the purpose of direct advertising, the person concerned has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling as far as it is connected with such direct advertising. If the person concerned objects to e.s.m. Edelstahl- Schwimmbad- und Metallbau GmbH of the processing for purposes of direct advertising, e.s.m. shall not be liable for any damages resulting from such processing. e.s.m. Edelstahl- Schwimmbad- und Metallbau GmbH will no longer process the personal data for these purposes.
In addition, the person concerned has the right, for reasons resulting from his particular situation, to object to the processing of personal data concerning him by e.s.m., which is carried out by e.s.m., by means of a data-processing system. e.s.m. Edelstahl- Schwimmbad- und Metallbau GmbH for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 DS-GVO, unless such processing is necessary for the performance of a task in the public interest.
In order to exercise the right to object, the person concerned may contact any e.s.m. employee directly. e.s.m. Edelstahl- Schwimmbad- und Metallbau GmbH or another employee. The person concerned is also free to exercise his right of objection in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
(h) Automated case-by-case decisions, including profiling
Any person data subject to the processing of personal data has the right under the European Directive and Regulation not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects upon him or her or significantly affects him or her in a similar manner, provided that the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the data controller, or (2) is authorised by Union or national law or by the Member States to which the data controller is subject and which provides for adequate measures to safeguard the rights and freedoms and the legitimate interests of the data subject, or (3) is taken with the express consent of the data subject.
Where the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the data controller or (2) is taken with the express consent of the data subject, the e.s.m. shall take the necessary measures to ensure that the data subject's rights and freedoms and the legitimate interests of the data subject are respected. e.s.m. Edelstahl- Schwimmbad- und Metallbau GmbH shall take appropriate measures to protect the rights and freedoms as well as the legitimate interests of the person concerned, including at least the right to obtain the intervention of a person on the part of the responsible person, to state his own position and to contest the decision.
If the data subject wishes to assert rights relating to automated decisions, he or she may at any time contact an employee of the controller for this purpose.
i) Right to revoke consent under data protection law
Any person concerned by the processing of personal data has the right, granted by the European directive and regulation maker, to revoke consent to the processing of personal data at any time.
If the data subject wishes to exercise his or her right to withdraw consent, he or she may at any time do so by contacting an employee of the controller.
Cookies and right to object to direct advertising
Cookies" are small files that are stored on the user's computer. Different data can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after the user's visit to an online service. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offer and closes his browser. The content of a shopping basket in an online shop or a login status, for example, can be stored in such a cookie. Cookies are referred to as "permanent" or "persistent" and remain stored even after the browser is closed. For example, the login status can be saved if users visit it after several days. The interests of the users who are used for range measurement or marketing purposes can also be stored in such a cookie. Third party cookies" are cookies that are offered by providers other than the person responsible for operating the online service (otherwise, if they are only the latter's cookies, they are referred to as "first party cookies").
If users do not wish cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
Deletion of data
The data processed by us will be deleted in accordance with the statutory provisions or their processing will be restricted. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.
If the data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons.
Changes and updates to the data protection declaration
We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as the changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.
Additionally we process
- Contract data (for example, contract object, duration, customer category).
- Payment data (e.g., bank details, payment history)
by our customers, interested parties and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.
We process the data of our customers within the scope of our contractual and pre-contractual services, which include conceptual and strategic consulting, campaign planning or maintenance, implementation of campaigns and projects, as well as consulting services.
We process inventory data (e.g., customer master data, such as names or addresses), contact data (e.g., e-mail, telephone numbers), content data (e.g., text entries, photographs, videos), contract data (e.g., subject matter of contract, term), payment data (e.g., bank details, payment history), usage and metadata (e.g., as part of the evaluation and performance measurement of marketing measures). We do not process any special categories of personal data, unless they are part of a commissioned processing. Affected parties include our customers, interested parties and their customers, users, website visitors or employees as well as third parties. The purpose of the processing is the provision of contractual services, billing and our customer service. The legal basis for the processing results from Art. 6 Para. 1 lit. b DSGVO (contractual services), Art. 6 Para. 1 lit. f DSGVO (analysis, statistics, optimisation, security measures). We process data which are necessary for the justification and fulfilment of the contractual services and point out the necessity of their specification. Disclosure to external parties shall only take place if it is necessary within the framework of an order. When processing the data provided to us within the framework of an order, we shall act in accordance with the instructions of the customer and the statutory requirements for order processing pursuant to Art. 28 DSGVO and shall not process the data for purposes other than those specified in the order.
We delete the data after expiration of legal warranty and comparable obligations. the necessity of the storage of the data is reviewed every three years; in the case of legal archiving obligations the deletion takes place after their expiration (6 J, according to § 257 Abs. 1 HGB, 10 J, according to § 147 Abs. 1 AO). In the case of data which has been disclosed to us by the client within the scope of an order, we delete the data in accordance with the specifications of the order, in principle after the end of the order.
Administration, financial accounting, office organisation, contact management
We process data in the context of administrative tasks as well as the organisation of our business, financial accounting and compliance with legal obligations, such as archiving. Here we process the same data that we process within the scope of providing our contractual services. The processing bases are Art. 6 para. 1 lit. c. DSGVO, Art. 6 para. 1 lit. f. DSGVO. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e. tasks which serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of the data with regard to contractual services and contractual communication corresponds to the data specified in these processing activities.
We disclose or transmit data to the financial administration, consultants, such as tax consultants or auditors, as well as other fee offices and payment service providers.
Furthermore, on the basis of our business interests, we store information on suppliers, organisers and other business partners, e.g. for the purpose of establishing contact at a later date. This data, which is mainly company-related, is stored permanently.
Google Cloud Services
We use the cloud and cloud software services offered by Google (the Software as a Service, for example, Google Suite) for the following purposes: storing and managing documents, managing calendars, sending email, spreadsheets and presentations, exchanging documents, content and information with specific recipients or publishing web pages, forms or other content and information, and chatting and participating in audio and video conferences.
The personal data of the users will be processed in this connection, insofar as these become part of the documents and content processed within the described services or are part of communication processes. This may include, for example, user master data and contact data, data on processes, contracts, other processes and their contents. Google also processes usage data and metadata used by Google for security purposes and service optimisation.
When using publicly accessible documents, websites or other content, Google may store cookies on the user's computer for the purpose of web analysis or to remember user preferences.
We use the Google Cloud services on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO in efficient and secure administrative and cooperation processes. Furthermore, the processing takes place on the basis of an order processing contract with Google (https://cloud.google.com/terms/data-processing-terms).
For more information, see Google's privacy statement (https://www.google.com/policies/privacy) and Google Cloud Services Security Notes (https://cloud.google.com/security/privacy/). You can object to the processing of your data in the Google Cloud in accordance with the legal requirements. In addition, the deletion of the data within Google's cloud services is determined by the other processing procedures in which the data is processed (e.g., deletion of data no longer required for contractual purposes or storage for taxation purposes).
The Google Cloud Services are offered by Google Ireland Limited. As far as a transmission to the USA takes place, we refer to the certification of Google USA under the Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000000001L5AAI&status=Active) and standard protection clauses (https://cloud.google.com/terms/data-processing-terms).
Microsoft Cloud Services
We use the cloud and cloud software services offered by Microsoft (software as a service, for example, Microsoft Office) for the following purposes: storing and managing documents, managing calendars, sending e-mail, spreadsheets and presentations, exchanging documents, content and information with specific recipients or publishing websites, forms or other content and information, as well as chatting and participating in audio and video conferences.
The personal data of the users will be processed in this connection, insofar as these become part of the documents and content processed within the described services or are part of communication processes. This may include, for example, user master data and contact data, data on processes, contracts, other processes and their contents. Microsoft also processes usage data and metadata used by Microsoft for security purposes and service optimization.
In connection with the use of publicly accessible documents, websites or other content, Microsoft may store cookies on the User's computer for the purpose of web analysis or to remember User settings.
We use the Microsoft cloud services on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO in efficient and secure administrative and cooperation processes. Furthermore, the processing takes place on the basis of an order processing contract with Microsoft.
Further information can be found in Microsoft's data protection declaration (https://privacy.microsoft.com/de-de/privacystatement) and the security information on Microsoft cloud services (https://www.microsoft.com/de-de/trustcenter). You may object to the processing of your data in the Microsoft Cloud in accordance with the legal requirements. In addition, the deletion of data within Microsoft's cloud services is determined by the other processing procedures in which the data is processed (e.g. deletion of data no longer required for contractual purposes or storage for purposes of taxation of data required).
The Microsoft Cloud services are offered by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA. If data is processed in the USA, we refer to the certification of Microsoft under the Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active).
Data protection information in the application process
The application process requires applicants to provide us with the data necessary for their assessment and selection. The information required can be found in the job description or, in the case of online forms, in the information provided there.
In principle, the information required includes personal information such as name, address, contact details and proof of the qualifications required for a job. Upon request, we will also be happy to provide you with additional information.
If made available, applicants can send us their applications using an online form. The data will be transmitted to us encrypted according to the state of the art. Applicants can also send us their applications by e-mail. Please note, however, that e-mails on the Internet are generally not sent in encrypted form. As a rule, e-mails are encrypted during transport, but not on the servers from which they are sent and received. Therefore, we cannot assume any responsibility for the transmission path of the application between the sender and the reception on our server. Applicants are welcome to contact us about how to submit their application or send it to us by post.
In the event of a successful application, the data provided by the applicants can be further processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicant's data will be deleted. Applicant data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. Subject to justified revocation by the applicants, the data will be deleted at the latest after a period of six months so that we can answer any follow-up questions regarding the application and comply with our duty to provide evidence under the regulations on equal treatment of applicants. Invoices for any reimbursement of travel expenses will be archived in accordance with the provisions of tax law.
The applicant's data are processed on the basis of Art. 6 Para. 1 S. 1 lit. b DSGVO (application procedure as a pre-contractual or contractual relationship). If special categories of personal data within the meaning of Art. 9 para. 1 DSGVO (e.g. health data, such as severely handicapped status or ethnic origin) are requested from applicants within the scope of the application procedure, so that the responsible person or the person concerned can exercise his/her rights arising from labour law and social security and social protection law and fulfil his/her duties in this regard, their processing shall be carried out in accordance with Art. 9 para. 2 lit. b. DSGVO, in the case of the protection of vital interests of applicants or other persons pursuant to Art. 9 para. 2 lit. c. DSGVO or for the purposes of health care or occupational medicine, for the assessment of the employee's ability to work, for medical diagnostics, care or treatment in the health or social sector or for the administration of systems and services in the health or social sector in accordance with Art. 9 Para. 2 lit. h. DSGVO. In the case of a communication of special categories of data based on voluntary consent, their processing is carried out on the basis of Art. 9 para. 2 lit. a. DSGVO.
In the case of the processing of applicant data in Germany, §§ 22, 26 BDSG.) also apply.
As part of the application process, we offer applicants the opportunity to be included in our "applicant pool" for a period of two years on the basis of a consent within the meaning of Art. 6 Para. 1 lit. a. and Art. 7 DSGVO.
The application documents in the applicant pool will be processed solely within the framework of future job advertisements and the employee search and will be destroyed at the latest after expiry of the deadline. Applicants are informed that their consent to their inclusion in the applicant pool is voluntary, has no influence on the current application procedure and that they can revoke this consent at any time for the future and declare objections within the meaning of Art. 21 DSGVO.
Hosting and e-mail dispatch
The hosting services used by us serve the provision of the following services: Infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatch, security services and technical maintenance services which we use for the purpose of operating this online service.
In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online service on the basis of our legitimate interests in the efficient and secure provision of this online service pursuant to Art. 6 Para. 1 lit. f DSGVO in connection with Art. 28 DSGVO (conclusion of an order processing contract).
Collection of access data and log files
We, and/or our Hosting offerer, raises on basis of our entitled interests in the sense of the art. 6 exp. 1 lit. f. DSGVO collects data on each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g. to clarify abuse or fraud actions) for a maximum period of 7 days and then deleted. Data, the further storage of which is necessary for evidence purposes, are excluded from deletion until the respective incident has been finally clarified.