PRIVACY POLICY | asap.de
Information pursuant to Art. 12 et seq. EU GDPR
- Name and contact details of the data controller
The data controller within the meaning of the EU General Data Protection Regulation (EU GDPR), other national data protection laws in the member states of the European Union and other provisions related to data protection law is:
ASAP Holding GmbH
Sachsstrasse 1A
85080 Gaimersheim
Germany
Tel. +49 8458 3389 0
Fax. +49 8458 3389 199
Email: holding@asap.de
(hereinafter referred to as “we”, “us” or “our”).
- Contact details of the data protection officer
Protecting your personal data is a high priority for us. To put this principle into practice, we have engaged a consultancy firm that specialises in data protection and data security to oversee this vital topic on our be-half. Our data protection officer is also part of this group of highly experienced experts.
Our consultants are:
Magellan Säugling Rechtsanwaltsgesellschaft mbH
Raiffeisenallee 9
82041 Oberhaching | Germany
www.magellan-datenschutz.de/en/
Please direct all queries regarding data protection and data security to our data protection officer. Email: datenschutz_asap@magellan-legal.de / Tel.: +49 8458 3389 0
- General information on data processing
- Scope
As a fundamental rule, we process your personal data only where necessary to provide our website, content and services in such a way that they function properly.
- Legal basis
In cases where we obtain your consent to process your personal data, the legal basis for this processing is Art. 6(1)(a) EU GDPR.
If we process your personal data in order to perform a contract with you or in the context of initiating a contractual relationship, the legal basis for this processing is Art. 6(1)(b) EU GDPR.
In cases where the processing of personal data is necessary to comply with a legal obligation, the legal basis for this processing is Art. 6(1)(c) EU GDPR.
If the processing of your personal data is necessary for the purpose of legitimate interests pursued by us or by a third party, and such interests are not overridden by your interests or fundamental rights or freedoms, the legal basis for this processing is Art. 6(1)(f) EU GDPR.
- Retention period
Your personal data will be deleted as soon as the purpose of its storage has been served or when you withdraw your consent, if you have the right to do so. Your data may be stored beyond the stated period if required by European or national law in EU regulations, laws or other provisions to which we are subject. In this case, however, your personal data will be blocked from further processing.
- External links
In cases where we provide links to external websites, this data protection statement does not apply to the processing of your personal data by the data controller of the linked website. We therefore recommend that you consult the data protection information of any external websites you visit. If this link requires a legal basis for the resulting processing of your personal data, the legal basis is your consent in accordance with Art. 6(1)(a) EU GDPR, which you provide by clicking on the link.
Clicking a link (hyperlink) typically entails processing of the following personal data:
IP address
Screen resolution
Browser used
Bandwidth
Language settings
- Data processing on our website
- Website functions
- Providing our website and generating log files
- Description and scope
We process your personal data in the context of providing our website so that we can provide our website properly on your PC or mobile device. To do this, we need to store some of your personal data for the duration of your session.
We also temporarily store your personal data in log files to ensure the functionality of our website and the security of our IT systems. No other processing of your personal data takes place in log files.
We process the following personal data in order to provide our website and generate log files:
IP address
Access data
Access time
Last visited website (if applicable)
Browser used
Operating system used
- Legal basis
Legitimate interest, Art. 6(1)(f) EU GDPR.
- Purpose
The purpose of this data processing is to provide our website, ensure its functionality and uphold the security of the IT systems we use to do so.
We also have a legitimate interest in processing for this purpose.
- Retention period
Your personal data is stored in log files for a period of 10 weeks. Furthermore, in the context of providing our website, your personal data is only stored for the duration of your session.
- Right to withdraw consent and delete data
The processing of your personal data and the storage of your personal data in log files is essential for us to provide our website, ensure its functionality and uphold the security of our IT systems. You therefore have no right to withdraw your consent to this processing.
- Strictly necessary cookies
- Description and scope
We use strictly necessary cookies to process your personal data. Many of our website’s functions and services that make it easier for you to use our website, or which make it possible for you to use our website in the first place would not function properly without strictly necessary cookies.
We use these strictly necessary cookies to store some of your personal data; however, this data is only used for these functions and services. No other processing of your personal data takes place in this regard.
You can find a list of the strictly necessary cookies we use, along with their purpose, retention periods and other information in our cookie banner.
We process the following personal data in relation to the use of strictly necessary cookies:
IP address
Your browser’s language settings
Browser used
Basket information
- Legal basis
Legitimate interest, Section 25(2) of the German Telecommunications-Telemedia Data Protection Act (TTDSG) in conjunction with Art. 6(1)(f) EU GDPR.
- Purpose
The purpose of this data processing is to provide our website’s functions and services. We also have a legitimate interest in processing for this purpose.
- Retention period
Data is usually stored for the duration of your session unless otherwise specified in the detailed information in the list of strictly necessary cookies we use.
- Right to withdraw consent and delete data
Strictly necessary cookies are stored on your PC or mobile device, from where they are transmitted to our website. You therefore have complete control over the use of strictly necessary cookies.
You can deactivate or limit the transmission of cookies by configuring your browser settings. You can delete cookies saved on your device at any time. You can also automate this task. If you deactivate cookies for our website, you may not be able to access the full extent of all of our website’s functions.
- Non-essential cookies
We may use non-essential cookies in the context of our website’s functions and services. You can find a list of these cookies along with their purpose, retention periods and other information in our cookie banner.
- YouTube videos
- Description and scope
We use YouTube on our website to display video content. This allows us to display content we want to show you on our website in an engaging, uniform manner, regardless of your end device. YouTube is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The integration of YouTube videos results in the processing of the following personal data:
IP address
Browser used
Screen resolution
Playing videos may result in additional personal data being processed by YouTube. You can find further information at: https://policies.google.com/privacy?hl=en#whycollect
- Legal basis
Consent, Art. 6(1)(a) EU GDPR.
- Purpose
The purpose of data processing is to integrate video content in an engaging, uniform manner, regardless of your end device.
- Retention period
We only process your personal data until the end of your visit to our website (privacy-enhanced mode). We have no influence over the deletion of your personal data by YouTube. You can find further information at: https://policies.google.com/privacy?hl=en&gl=en#inforetaining
- Right to withdraw consent and delete data
You can withdraw your consent at any time. You can do this by closing the application and/or reloading our website.
We have no influence over data processing by YouTube. You can find further information about this at: https://policies.google.com/privacy?hl=en
- Google Maps
- Description and scope
We use Google Maps on our website to display map content. This allows us to display content we want to show you on our website in an engaging, uniform manner, regardless of your end device. Google Maps is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The integration of Google Maps results in the processing of the following personal data:
IP address
Screen resolution
Language settings
Location data
Use of the Google Maps service may result in the processing of other personal data. You can find further information at: https://policies.google.com/privacy?hl=en#whycollect
- Legal basis
Consent, Art. 6(1)(a) EU GDPR.
- Purpose
The purpose of processing is to display map content.
- Retention period
We only process your personal data until the end of your visit to our website (privacy-enhanced mode). We have no influence over the deletion of your personal data by Google Maps. You can find further information at: https://policies.google.com/privacy?hl=en&gl=en#inforetaining
- Right to withdraw consent and delete data
You can withdraw your consent at any time. You can do this by closing the application and/or reloading our website. You can find further information about this at: https://policies.google.com/privacy?hl=en-de
- Protection against spam and manipulation
- Description and scope
Our use of Cloudflare Turnstile to protect against spam and manipulation requires us to process your personal data. This is how we protect the input fields on our website, including the comment and contact functions, against misuse (spam) by robot programs (bots). Cloudflare Turnstile is a service provided by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA.
The incorporation of Cloudflare Turnstile results in the processing of the following personal data:
IP address
Access date
Access time
Browser used
Operating system used
Mouse and keyboard behaviour
Installation date of your operating system
Your operating system’s language settings
Screen resolution
Use of the Cloudflare Turnstile service may result in the processing of other personal data. You can find further information at: https://www.cloudflare.com/en-gb/privacypolicy/
- Legal basis
Legitimate interest, Art. 6(1)(f) EU GDPR.
- Purpose
The purpose of data processing is to protect against spam and manipulation.
- Retention period
We only process your personal data until the end of your visit to our website.
We have no influence over the storage of your data by Cloudflare. You can find further information about the period for which your personal data is stored by Cloudflare at: https://www.cloudflare.com/en-gb/privacypolicy/
- Right to withdraw consent and delete data
If you do not want your personal data to be collected in the context of our measures to protect against spam and manipulation, you can object to the future processing of your personal data for this purpose at any time.
We have no influence over data processing by Cloudflare. You can find further information about this at: https://www.cloudflare.com/en-gb/privacypolicy/
- Data processing in the recruitment process
- Description and scope
Prospective applicants can apply for vacant positions directly through our website. We will process the personal data you disclose in the context of your application.
We will process the following personal data about you in the course of the application process:
First name
Last name
Gender
Date of birth
Email address
Telephone number
Street address
Postal code
Town/city
How you found out about us
Earliest possible start date
Preferred location
We will also process personal data you disclose in your CV, your cover letter, your photo and other documents submitted via the upload function on our website.
- Legal basis
Consent, Art. 6(1)(a) EU GDPR, Art. 88(1) EU GDPR in conjunction with Section 26(2) of the German Federal Data Protection Act (BDSG), or
For the processing of special categories of personal data:
Consent, Art. 9(2)(a) EU GDPR.
Establishment of an employment relationship, Art. 6(1)(b) EU GDPR, Art. 88(1) EU GDPR in conjunction with Section 26(1) BDSG.
- Purpose
The purpose of data processing is to conduct the application process and initiate an employment relationship.
- Retention period
Your personal data will be blocked or deleted as soon as the processing purpose has been served.
If, upon conclusion of the application process, we do not enter into an employment contract with you, we will store your store – and block it against further access – for up to 6 months after conclusion of the application process due to the burden of proof requirement in relation to discrimination, Section 21(5) and Section 22 of the German General Act on Equal Treatment (AGG).
If, upon conclusion of the application process, we enter into an employment contract with you and establish an employment relationship, we will store your personal data from the application process until termination of the employment relationship.
Your data may be stored beyond the stated period if specified by European or national law in EU regulations, laws or other provisions to which we are subject.
- Right to withdraw consent and delete data
You can withdraw your consent at any time during the application process. If you do so, your personal data will be deleted. However, we will then be unable to consider you further as a candidate in the application process.
If we enter into an employment contract with you and establish an employment relationship, the processing of your personal data is essential for performance of the employment contract. Consequently, you do not have the right to object to this processing.
- eCommerce
- Contact form and email contact
- Description and scope
We process your following personal data in the context of the contact form and email contact:
First name
Last name
Email address
Subject line contents
Message contents
- Legal basis
Legitimate interest, Art. 6(1)(f) EU GDPR.
- Purpose
The purpose of processing is to process your query.
- Retention period
Your personal data will be stored until the respective purpose has been served. This usually occurs when your query is processed, provided that no longer retention periods apply.
- Right to withdraw consent and delete data
You can withdraw your consent to the future processing of your personal data you provided when contacting us. In this case, however, we will be unable to process your query further. In this case, we will delete all personal data you provided when contacting us, unless statutory retention periods prevent us from doing so. Your personal data will then be blocked until the statutory retention period expires.
- Marketing
- Newsletter
- Description and scope
We process the following personal data in order to distribute our newsletter:
Title
First name
Last name
Email address
- Legal basis
Consent, Art. 6(1)(a) EU GDPR.
- Purpose
The purpose of data processing is to distribute our newsletter.
- Retention period
Your personal data will be stored for as long as we have your consent to do so.
- Right to withdraw consent and delete data
You can withdraw your consent at any time. You can withdraw your consent by unsubscribing from our newsletter. In this case, your personal data will be deleted, which will mean we can no longer provide our newsletter to you.
- Registration for the press mailing list
- Description and scope
You can register for our press mailing list on our website.
Title
First name
Last name
Email address
- Legal basis
Consent, Art. 6(1)(a) EU GDPR.
- Purpose
The purpose of data processing is to perform our public relations work.
- Retention period
Your personal data will be stored for as long as we have your consent to do so.
- Right to withdraw consent and delete data
You can withdraw your consent at any time. You can withdraw your consent by unsubscribing from our newsletter. In this case, your personal data will be deleted, which will mean we can no longer provide our newsletter to you.
- Web analytics through Google Analytics
- Description and scope
We use the Google Analytics platform to collect key indicators about our website and analyse your surfing behaviour.
When you view individual pages of our website, we store the following data:
IP address
Browser used
Operating system used
Screen resolution
Mouse and keyboard behaviour
- Legal basis
Consent, Section 25(1) TTDSG in conjunction with Art. 6(1)(a) EU GDPR.
- Purpose
The purpose of data processing is to analyse your surfing behaviour. Analysing the collected data enables us to generate information about the use of individual elements of our website. This helps us to continuously improve our website and make it more user-friendly.
- Retention period
You can find detailed information on the retention period for each of the tracking cookies we use in our cookie banner.
- Right to withdraw consent and delete data
You can revoke your consent to the future processing of your personal data in relation to the use of Google Analytics at any time as follows:
- Changing your consent settings on our website
Our website offers a convenient way for you to withdraw your consent to the processing of your personal data in relation to the use of Google Analytics.
Simply click “Edit Cookie Settings” in the footer of our website.
- Changing your browser settings
Alternatively, you can deactivate or restrict the transmission of cookies in general by changing your browser settings. You can delete cookies saved on your device at any time. You can also automate this task. If you also deactivate strictly necessary cookies for our website, you may not be able to use the full extent of all of our website’s functions.
- Install a browser add-on
If you do not want your personal data to be processed by Google Analytics, you can also install a browser add-on to opt out from Google Analytics. This add-on instructs the Google Analytics JavaScript (ga.js, analytics.js and dc.js) not to send information to Google Analytics.
If you would like to deactivate Google Analytics, access the page listed below and install the add-on to opt out from Google Analytics for your browser. Detailed information on how to install and uninstall an add-on in your browser’s help settings.
Browser and operating system updates can cause the Google Analytics opt-out add-on to stop working as intended. You can find further information on managing add-ons for Chrome on the pages listed below. If you do not use Chrome, you should consult your browser provider directly to determine whether add-ons work properly in the browser version you use.
The latest versions of Microsoft Edge only load the add-on to opt out from Google Analytics once your personal data has already been sent to Google Analytics. So, if you use Internet Explorer, the add-on installs cookies on your computer. These cookies ensure that any kind of collected data is immediately deleted by the server that collected it. Make sure that you have not blocked third-party cookies for Internet Explorer. If you delete the cookies on your device, the add-on promptly resets these cookies to ensure that your Google Analytics browser add-on continues to function properly.
The browser add-on to opt out from Google Analytics does not prevent your personal data being transmitted to this website or to other tracking services.
You can find further information on the Google Analytics Terms of Service and Privacy Policy at: https://www.google.com/analytics/terms/gb.html and at https://support.google.com/analytics/answer/6004245?hl=en.
IP anonymisation is also activated on our website.
- Social wall
- Description and scope
We display our Instagram profile on our website in order to show video content and social media posts. This allows us to display content we want to show you on our website in an engaging, uniform manner, regardless of your end device. Instagram is a service provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
In relation to the display of our Instagram profile, the service provider Flockler Oy, Rautatienkatu 21 B, 33100 Tampere, Finland processes the following personal data:
IP address
This data is anonymised before being stored by Flockler. You can find further information on data processing by Flockler at:https://flockler.com/privacy-policy
Due to the integration of our Instagram profile, Meta Platforms Ireland Limited also processes the following personal data.
IP address
Browser used
Screen resolution
Playing a video may result in further personal data being processed by Meta Platforms Ireland Limited. You can find further information at: https://privacycenter.instagram.com/policy/
- Legal basis
Legitimate interest, Art. 6(1)(f) EU GDPR.
- Purpose
The purpose of data processing is to integrate social media posts in an engaging, uniform manner, regardless of your end device.
- Retention period
We only process your personal data until the end of your visit to our website. We have no influence over the deletion of your personal data by Instagram or Flockler. You can find further information at:https://privacycenter.instagram.com/policy/ https://flockler.com/privacy-policy
- Right to withdraw consent and delete data
If you do not want your personal data to be collected in relation to the display of our Instagram profile, you can object to the future processing of your personal data in this context at any time.
We do not have any influence over data processing by Meta Platforms Ireland Limited or Flockler. You can find further information about this at: https://privacycenter.instagram.com/policy/ https://flockler.com/privacy-policy
- Dataprotection and the law
- Exercising your data subject rights in accordance with Art. 12 et seq. EU GDPR
- Description and scope
We process your personal data in the context of processing your data subject rights. In this regard, we process the contact details you provide exclusively in order to process and respond to your message and, subsequently, to document this lawful processing in the context of our duty to demonstrate accountability.
The processing of data subject rights results in the processing of the following personal data:
First name
Last name
Postal address
Email address
Telephone number
- Legal basis
Legal obligation, Art. 6(1)(c) in conjunction with Art.12 et seq.EU GDPR.
Legitimate interest in subsequent documentation, Art. 6(1)(f) EU GDPR.
- Purpose
Lawful processing of your rights as a data subject under data protection law.
- Retention period
Three years after the query is processed in accordance with Section 41 BDSG in conjunction with Section 31(2) No. 1 of the Code of Administrative Offences (Gesetz über Ordnungswidrigkeiten – OWiG).
- Right to withdraw consent and delete data
You can withdraw your consent to the future processing of personal data in the context of processing your data subject rights. In this case, however, we will be unable to process your data subject rights under data protection law.
It is essential that we document the legal processing of data for the purpose of processing your data subject rights. Consequently, you do not have the right to object to this processing.
- Legal defence and enforcement
- Description and scope
We will process your personal data in the event that you assert legal claims against us or that we assert claims and rights against you.
- Legal basis
Legitimate interest, Art. 6(1)(f) EU GDPR.
- Purpose
The purpose of data processing is to facilitate our defence against unjustified claims and the legal assertion and enforcement of claims and rights.
This is also our legitimate interest.
- Retention period
Your personal data will be stored until the respective purpose has been served. This is usually specified with legal effect in the respective decision.
- Right to withdraw consent and delete data
The processing of your personal data in the context of legal defence and enforcement is essential for legal defence and enforcement. Consequently, you do not have the right to object to this processing.
- Further data processing in relation to our website
- Instagram profile
- Description and scope
In the context of running our Instagram profile, we process your personal data in order to engage and interact with users of and visitors to the social network Instagram. We publish information about our company on our profile.
If you contact us directly through our Instagram profile (e.g. in a direct message), the data you provide will only be used for the purpose of recording and responding to your enquiry.
We are also able to generate statistics about visits to our Instagram profile. This information is compiled by Meta (“Instagram Insights”) and enables us to conduct more effective, targeted marketing of our activities.
In terms of Instagram Insights data, we are jointly responsible for data processing along with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We have therefore concluded an agreement with Meta Platforms Ireland Limited about which company will handle individual obligations arising from the EU GDPR.
You can view the key aspects of this agreement at: https://www.facebook.com/legal/controller_addendum and https://www.facebook.com/legal/terms/page_controller_addendum
You can view the data Meta uses to analyse the use of our Instagram profile and the information Meta provides for data processing in relation to the Instagram Insights function at: https://en-gb.facebook.com/legal/terms/information_about_page_insights_data
You can find further information on the processing of your personal data by Meta Ireland Limited at: https://privacycenter.instagram.com/policy/ and https://en-gb.facebook.com/legal/terms/information_about_page_insights_data
- Legal basis
Legitimate interest, Art. 6(1)(f) EU GDPR.
- Purpose
The purpose of data processing is to analyse the success of our Instagram profile, design our Instagram profile in accordance with your interests, and process visitor queries.
- Retention period
You can find information on the retention period for which your personal data is stored by Meta Platforms Ireland Limited at: https://privacycenter.instagram.com/policy/
- Right to withdraw consent and delete data
If you do not want your personal data to be collected in the context of the operation of our Instagram account, you can object to the future processing of your personal data in relation to this at any time. In this case, we will inform Meta Platforms Ireland Limited of your objection.
- LinkedIn page
- Description and scope
In the context of operating our LinkedIn page, we process your personal data in order to engage and interact with users of and visitors to the professional network LinkedIn. We publish information about our company on our profile.
If you contact us directly through our LinkedIn page (e.g. by sending a message), the data you provide will only be used for the purpose of recording and responding to your enquiry.
We are also able to generate statistics about visits to our LinkedIn page. This information is compiled by LinkedIn (“Page Insights”) and enables us to conduct more effective, targeted marketing of our activities.
In terms of the Page Insights data, we are jointly responsible for data processing along with LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. We have therefore concluded an agreement with LinkedIn Ireland Unlimited Company about which company will handle individual obligations arising from the EU GDPR.
You can view the key aspects of this agreement at: https://legal.linkedin.com/pages-joint-controller-addendum
You can view the data LinkedIn uses to analyse the use of our LinkedIn page and the information LinkedIn provides for data processing in relation to the Page Insights function at: https://www.linkedin.com/help/linkedin/answer/a547077/linkedin-page-analytics-overview?lang=en
You can find further information on the processing of your personal data by LinkedIn Ireland Unlimited Company at: https://linkedin.com/legal/privacy-policy
- Legal basis
Legitimate interest, Art. 6(1)(f) EU GDPR.
- Purpose
The purpose of data processing is to analyse the success of our LinkedIn page, design our LinkedIn page in accordance with your interests, and process visitor queries.
- Retention period
You can find information on the period for which your personal data is stored by LinkedIn Ireland Unlimited Company at: https://www.linkedin.com/legal/privacy-policy
- Right to withdraw consent and delete data
If you do not want your personal data to be processed by LinkedIn, you can object to the future processing of your personal data in relation to running our LinkedIn page at any time.
You can find information on the processing of your personal data by LinkedIn at: https://linkedin.com/legal/privacy-policy
- Xing page
- Description and scope
In the context of running our Xing page, we process your personal data in order to engage and interact with users of and visitors to the social network Xing. We also occasionally publish information about our company and related offers.
If you contact us directly through our Xing page (e.g.by sending a message), the data you provide will only be used for the purpose of recording and responding to your enquiry.
We are also able to generate statistics about visits to our Xing page. This information is compiled anonymously by Xing and enables us to conduct more effective, targeted marketing of our activities.
You can find information about how Xing processes your personal data at:https://privacy.xing.com/en/privacy-policy/printable-version
- Legal basis
Legitimate interest, Art. 6(1)(f) EU GDPR.
- Purpose
The purpose of data processing is to analyse the success of our Xing page, design our Xing page in accordance with your interests, and process visitor queries.
- Retention period
You can find information on the retention period for which your personal data is stored by New Work SE at: https://privacy.xing.com/en/privacy-policy/printable-version
- Right to withdraw consent and delete data
If you do not want your personal data to be collected in the context of running our Xing page, you can object to the future processing of your personal data in relation to this at any time.
You can find information on the processing of your personal data by Xing at: https://privacy.xing.com/en/privacy-policy/printable-version
- YouTube channel
- Description and scope
We manage a YouTube channel that is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. As the operator of YouTube, Google Ireland Limited collects and processes personal data to the extent described in its Privacy Policy.
You can find information on the processing of your personal data by Google Ireland Limited at: https://policies.google.com/privacy?hl=en&gl=en
If you contact us directly through our YouTube channel (e.g. by sending a message or posting a comment), the data you provide will only be used for the purpose of recording and responding to your enquiry.
We are also able to generate statistics about visits to our YouTube channel. This information is compiled by YouTube through its “Analytics” service and enables us to conduct more effective, targeted marketing of our activities.
You can view the data YouTube uses to analyse the use of our YouTube channel and the information YouTube provides for data processing in relation to the Analytics function at: https://support.google.com/youtube/answer/9002587?hl=en
- Legal basis
Legitimate interest, Art. 6(1)(f) EU GDPR.
- Purpose
The purpose of data processing is to analyse your behaviour when visiting our YouTube channel, analyse the success of the videos we upload, and process enquiries.
- Retention period
You can find information on the retention period for which your personal data is stored by Google Ireland Limited at: https://policies.google.com/privacy?hl=en&gl=en#inforetaining
- Right to withdraw consent and delete data
If you do not want your personal data to be processed by Google Ireland Limited, you can object to the future processing of your personal data in relation to the running of our YouTube channel at any time. In this case, we will inform Google Ireland Limited of your objection.
- Podigee blog
- Description and scope
We operate a Podigee podcast blog on which we publish our podcasts. This service is provided by Podigee GmbH, Schlesische Strasse 20, 10997 Berlin, Germany.
Podigee processes the following personal data:
IP address
Device information
This data is anonymised or pseudonymised prior to being stored in the Podigree database insofar as this data is not necessary for providing the podcasts.
- Legal basis
Consent, Art. 6(1)(a) EU GDPR.
- Purpose
The purpose of data processing is to publish our podcasts.
- Retention period
You can find information on the period for which your personal data is stored at: https://www.podigee.com/en/about/privacy
- Right to withdraw consent and delete data
If you do not want your personal data to be processed by Podigee GmbH, you can withdraw your consent at any time. You can do this by ending the podcast and leaving the blog, for example.
- Press releases
- Description and scope
We process your personal data in the context of press releases to send you our press releases upon request and in the context of your journalistic activities.
We process the following personal data in relation to press releases:
Title
First name
Last name
Email address
- Legal basis
Consent, Art. 6(1)(a) EU GDPR.
- Purpose
The purpose of data processing is to perform our public relations work.
- Retention period
Your personal data will be stored for as long as we have your consent to do so.
- Right to withdraw consent and delete data
You can withdraw your consent at any time. You can withdraw your consent by unsubscribing from our press mailing list. In this case, your personal data will be deleted, which will mean we can no longer send our press releases to you.
- Sale of goods and services
- Description and scope
The following personal data are processed in the context of the sale of goods and services:
First name
Last name
Postal address
Email address
Telephone number
Payment details
We will not process your payment details in relation to initiating a contract.
- Legal basis
Contractual performance, Art. 6(1)(b) EU GDPR.
- Purpose
The purpose of data processing is the initiation and performance of contracts.
- Retention period
Your personal data will be stored until the respective purpose has been served. This usually occurs upon performance on the contract and the expiry of a subsequent three-year period, unless longer retention periods apply. The relevant period for commercial communications is 6 years; the period for invoices is 10 years.
- Right to withdraw consent and delete data
The processing of your personal data in the context of the sale of goods and services is essential for contractual performance. Consequently, you do not have the right to object to this processing.
- Service provider and supplier records; conducting tender processes
- Description and scope
In the context of repeated orders for services, the procurement of products and the initiation of tender processes, we maintain a database in which we process data including companies’ names and, in particular, the names and business contact details for their respective contact partners. We process the following personal data in our database:
First name
Last name
Business email address
Business telephone number
- Legal basis
Legitimate interest, Art. 6(1)(f) EU GDPR.
- Purpose
The purpose of data processing is the internal provision of suitable suppliers and service providers, including their contact partners, for future orders, procurement and tender processes.
- Retention period
Your personal data will be stored until the respective purpose has been served. This is usually the case when no further orders or procurement will take place in the future or when a contact partner is no longer available as a contact partner.
- Right to withdraw consent and delete data
You can object to the future processing of your personal data in relation to service provider and supplier records at any time.
- Business transactions, contract performance and account management for existing customers
- Description and scope
We process the following personal data in the context of business transactions, contract performance and account management for existing customers:
First name
Last name
Business email address
Business telephone number
- Legal basis
Contractual performance, Art. 6(1)(b) EU GDPR.
Legitimate interest, Art. 6(1)(f) EU GDPR.
- Purpose
The purpose of data processing is the initiation and performance of a contract and the associated account management for existing customers.
- Retention period
Your personal data will be stored until the respective purpose ceases to apply. This is usually the case when the contract upon which an order is based has been fulfilled, all claims have lapsed and no further statutory retention periods apply.
The processing of a contact partner’s data ends when the contact partner is no longer available as a contact partner.
- Right to withdraw consent and delete data
The processing of your personal data is essential for contractual performance. Consequently, you do not have the right to object to this processing.
- Recipient categories
We provide personal data to the units and departments within our company that require this data to fulfil the purposes listed above. In addition, we sometimes engage different service providers and may pass on your personal data to further trustworthy recipients. These recipients include:
Banks
Scan services
Printing companies
Letter shops
IT service providers
Cooperation partners
Solicitors and courts
- Data transfers to third countries
In the course of processing your personal data, we may transfer your personal data to trustworthy service providers in third countries. Third countries are countries outside the European Union (EU) and the European Economic Area (EEA).
We work exclusively with service providers who provide us with suitable assurances as to the security of your personal data and are able to guarantee that your personal data will be processed in accordance with strict European data protection standards. You can view a copy of these adequacy agreements by visiting us in person.
When we transfer personal data to third countries, we do so on the basis of an adequacy decision by the European Commission or, if no such decision has been issued, on the basis of standard data protection clauses adopted by the European Commission.
- Your rights
You have the following rights in relation to us:
- Right of access
You have the right to access information about whether we process your personal data and, if so, which personal data we process. In this case, we will also inform you of:
the processing purpose
the data categories
the recipients of your personal data
the envisaged retention period and the criteria used to determine the envisaged retention period.
your other rights
all available information regarding the source of the personal data
(if you did not provide us with this data)
whether automated decision-making takes place as well as information about the logic involved and the scope and intended outcomes of the processing
(if applicable)
- Right to rectification
If the personal data we hold about you is inaccurate or incomplete, you have the right to the rectification and/or completion of this data.
- Right to restriction of processing
You have the right to restrict processing in the following cases:
We are reviewing the accuracy of the personal data we process.
The processing of your personal data is unlawful.
The purpose for which we processed the personal data has been served and you require the data to legally assert your rights.
You have objected to the processing of your personal data and we are examining this objection.
- Right to erasure
You have the right to erasure in the following cases:
We no longer need your personal for the purposes for which it was collected.
You have withdrawn your consent and there is no further legal basis for the processing of your personal data.
You object to the processing of your personal data and – provided that it does not concern direct marketing – there are no overriding reasons for continued processing.
The processing of your personal data is unlawful.
The erasure of your personal data is required by law.
Your personal data as a minor was collected for information society services.
- Right to notification
If you assert your right to rectification, erasure or restriction of processing, we will notify all recipients of your personal data of this rectification, erasure or restriction of processing.
- Right to data portability
You have the right to receive the personal data concerning you that we process on the basis of your consent or in the context of contractual performance in a structured, commonly used and machine-readable format and the right to transmit this data to another controller. If technically feasible, you have the right to instruct us to transmit this data directly to another controller.
- Right to object
In certain justified cases, you have the right to object to the processing of your personal data. In such cases, we will not process your personal data further unless we can demonstrate compelling legitimate reasons to do so.
If your personal data is processed for direct marketing purposes, you have the right to object to this processing at any time.
- Right of withdrawal
You have the right to withdraw your consent at any time. The withdrawal of your consent shall not affect the lawfulness of processing based on your consent prior to its withdrawal.
- Right to lodge a complaint with a supervisory authority
Without prejudice to other administrative or judicial redress, you have the right to lodge a complaint with the relevant supervisory authority if you are of the opinion that our processing of your personal data infringes the EU GDPR.
The relevant supervisory authority for us is:
Bavarian Data Protection Authority (BayLDA)
Promenade 18
91522 Ansbach
Germany