Privacy Policy
01. An overview of data protection
General information
The following information will provide you with an easy to navigate overview of what will happen with your personal data when you visit this website. The term “personal data” comprises all data that can be used to personally identify you. For detailed information about the subject matter of data protection, please consult our Data Protection Declaration, which we have included beneath this copy.
Data recording on this website
Who is the responsible party for the recording of data on this website (i.e., the “controller”)?
The data on this website is processed by the operator of the website, whose contact information is available under section “Information about the responsible party (referred to as the “controller” in the GDPR)” in this Privacy Policy.
How do we record your data?
We collect your data as a result of your sharing of your data with us. This may, for instance be information you enter into our contact form.
Other data shall be recorded by our IT systems automatically or after you consent to its recording during your website visit. This data comprises primarily technical information (e.g., web browser, operating system, or time the site was accessed). This information is recorded automatically when you access this website.
What are the purposes we use your data for?
A portion of the information is generated to guarantee the error free provision of the website. Other data may be used to analyze your user patterns.
What rights do you have as far as your information is concerned?
You have the right to receive information about the source, recipients, and purposes of your archived personal data at any time without having to pay a fee for such disclosures. You also have the right to demand that your data are rectified or eradicated. If you have consented to data processing, you have the option to revoke this consent at any time, which shall affect all future data processing. Moreover, you have the right to demand that the processing of your data be restricted under certain circumstances. Furthermore, you have the right to log a complaint with the competent supervising agency.
Please do not hesitate to contact us at any time if you have questions about this or any other data protection related issues.
Analysis tools and tools provided by third parties
There is a possibility that your browsing patterns will be statistically analyzed when your visit this website. Such analyses are performed primarily with what we refer to as analysis programs.
For detailed information about these analysis programs please consult our Data Protection Declaration below.
02. Hosting
Strato
This website is hosted by an external service provider (host). Personal data collected on this website are stored on the servers of the host. These may include, but are not limited to, IP addresses, contact requests, metadata and communications, contract information, web page access and another data generated through a web site.
The host is used in the interest of secure, fast and efficient provision of our online services by a professional provider (Art 6 (1)(f) GDPR).
Our host will only process your data to the extent necessary to fulfill its performance obligations and to follow our instructions with respect to such data.
We are using the following host:
STRATO AG
Pascalstraße 10
10587 Berlin
03. General information and mandatory information
Data protection
The operators of this website and its pages take the protection of your personal data very seriously. Hence, we handle your personal data as confidential information and in compliance with the statutory data protection regulations and this Data Protection Declaration.
Whenever you use this website, a variety of personal information will be collected. Personal data comprises data that can be used to personally identify you. This Data Protection Declaration explains which data we collect as well as the purposes we use this data for. It also explains how, and for which purpose the information is collected.
We herewith advise you that the transmission of data via the Internet (i.e., through e-mail communications) may be prone to security gaps. It is not possible to completely protect data against third-party access.
Information about the responsible party (referred to as the “controller” in the GDPR)
The responsible party within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:
ARTIMED® Medical Consulting GmbH
Wilhelmsstraße 10 (former Friedrich-Ebert-Str. 25)
34117 Kassel Germany
Phone: +49 561 7050815-0
E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
The controller is the natural person or legal entity that single-handedly or jointly with others makes decisions as to the purposes of and resources for the processing of personal data (e.g., names, e-mail addresses, etc.).
How to reach our data protection officer
The data protection officer of the controller is:
Data Protection Manager of Labquality Oy
Markus Vattulainen
Data Manager, PhD, CRO Services
Labquality Oy
Kumpulantie 15
00520 Helsinki
Finnland
E-Mail:
The data protection officer is not subject to directives with regard to the performance of his duties (§ 5 para. 3 DSG).
General information on data processing
Legal basis for the processing of personal data
In accordance with Art. 13 DSGVO, we inform you of the legal basis for our data processing activities. If the legal basis is not specified in the data protection notice, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a in conjunction with. Art. 7 DSGVO. The legal basis for processing for the fulfillment of our services and implementation of contractual measures, as well as answering inquiries is Art. 6 para. 1 lit. b DSGVO. The legal basis for processing for the fulfillment of our legal obligations is Art. 6 para. 1 lit. c DSGVO. If the processing of your data is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) (f) DSGVO serves as the legal basis for the processing. In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 (1) (d) DSGVO serves as the legal basis.
Data deletion and storage period
We store your personal data only for as long as is necessary to achieve the purposes stated here or as stipulated by the retention periods provided for by law. After the respective purpose ceases to apply or after expiry of statutory retention periods, the corresponding data is routinely deleted in accordance with statutory provisions.
Note on data transfer to third countries
Our website uses tools from companies that are based in third countries such as the USA. These third countries are considered insecure because there is no adequacy decision by the European Commission. The level of data protection provided by the national laws there is not comparable to that in the EU. This means that there is a risk that your data may have to be handed over to security authorities in these countries and may be processed by authorities in these countries for control and monitoring purposes, possibly without any legal recourse on your part. We have no influence over these processing activities.
Rights of the data subject
You have the right at any time to receive free information about the origin, recipient and purpose of your personal data. stored personal data. You also have the right to request that this data be corrected or deleted. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority. For this purpose, as well as for further questions on the subject of data protection, you can contact us at any time. You can find the contact options in the imprint. As a data subject within the meaning of the GDPR, you have the opportunity to assert various rights. The data subject rights resulting from the DSGVO are the right to information (Article 15), the right to rectification (Article 16), the right to erasure (Article 17), the right to restriction of processing (Article 18), the right to object (Article 21), the right to complain to a supervisory authority and the right to data portability (Article 20).
Right of withdrawal
Some data processing can only take place with your explicit consent. You have the possibility to revoke your given consent at any time. However, the lawfulness of the data processing until the revocation is not affected by this.
Right of objection
If the processing is based on Art 6(1)(e) or (f) DSGVO, you as the data subject may object to the processing of personal data relating to you at any time on grounds relating to your particular situation. You also have this right in the case of profiling based on these provisions. Unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or processing serves the purpose of asserting, exercising or defending legal claims, we will no longer process the relevant data following an objection. If the processing of personal data serves the purpose of direct marketing, you also have the right to object at any time. The same applies to profiling associated with direct advertising. Here, too, we will no longer process personal data as soon as you raise an objection.
Right to lodge a complaint with a supervisory authority
If you consider that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, place of work or place of the alleged infringement, without prejudice to any other administrative or judicial remedy.
Right to data portability
To the extent that your data is processed automatically on the basis of consent or performance of a contract, you have the right to receive this data in a structured, common and machine-readable format. You also have the right to request that the data be transferred and made available to another controller, insofar as this is technically feasible.
Right to information, correction and deletion
You have the right to receive information about your processed personal data regarding the purpose of the data processing, the categories, the recipients as well as the duration of the storage. Furthermore, you have the right to know whether there is a right to correction, deletion or restriction of the personal data concerning you. If you have any questions on this topic or on other topics regarding personal data, you can of course contact us using the contact options provided in the imprint.
Right to restriction of processing
You can assert the restriction of the processing of your personal data at any time. To do so, you must meet one of the following requirements:
- You dispute the accuracy of the personal data. For the duration of the verification of the accuracy, you have the right to request a restriction of processing.
- If processing is carried out unlawfully, you may request restriction of the use of the data as an alternative to erasure.
- If we no longer need your personal data for the purposes of processing, but you need the data for the assertion, exercise or defense of legal claims, you can request the restriction of processing as an alternative to erasure.
- If you object to the processing pursuant to Art 21 (1) DSGVO, a balancing of your and our interests will be carried out. Until this balancing has taken place, you have the right to request the restriction of processing.
Restriction of processing has the effect that the personal data, apart from storage, may only be processed with your consent or for the assertion, exercise, defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
Provision of the website web hoster
When you visit our website, we automatically collect and store information in so-called server log files. Your browser automatically transmits this information to our server or to the server of our hosting company.
These are:
- IP address of the end device of the website visitor.
- Device used
- Host name of the accessing computer
- Operating system of the visitor
- Browser type and version
- Name of the retrieved file
- Time of the server request
- Amount of data
- Information whether the retrieval of the data was successful
We do not combine this data with other data sources.
The legal basis for the processing of this data is Art. 6 para. 1 lit. f DSGVO. Our legitimate interest is the technically error-free presentation and optimization of this website.
Instead of operating this website on our own server, we can also have it operated on the server of an external service provider (hosting company). In this case, the personal data collected on this website will be stored on the servers of the hosting company. In addition to the data mentioned above, this may include, for example, contact requests, contact details, names, website access data, meta and communication data, contract data and other data generated via a website.
The legal basis for processing data by engaging a hosting company is our interest in a secure, fast and efficient provision of our website (Art. 6 (1) lit. F DSGVO). Another legal basis may be for the purpose of fulfilling contracts with our future and existing customers (Art. 6 para. 1 lit. b DSGVO). In the event that we have commissioned a hosting company, there is an order processing contract with this service provider.
Storage duration
Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons cease to apply.
Information on data transfer to the USA and other non-EU countries
Among other things, we use tools of companies domiciled in the United States or other from a data protection perspective non-secure non-EU countries. If these tools are active, your personal data may potentially be transferred to these non-EU countries and may be processed there. We must point out that in these countries, a data protection level that is comparable to that in the EU cannot be guaranteed. For instance, U.S. enterprises are under a mandate to release personal data to the security agencies and you as the data subject do not have any litigation options to defend yourself in court. Hence, it cannot be ruled out that U.S. agencies (e.g., the Secret Service) may process, analyze, and permanently archive your personal data for surveillance purposes. We have no control over these processing activities.
Revocation of your consent to the processing of data
A wide range of data processing transactions are possible only subject to your express consent. You can also revoke at any time any consent you have already given us. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.
Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21 GDPR)
IN THE EVENT THAT DATA ARE PROCESSED ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO AT ANY TIME OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON GROUNDS ARISING FROM YOUR UNIQUE SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. TO DETERMINE THE LEGAL BASIS, ON WHICH ANY PROCESSING OF DATA IS BASED, PLEASE CONSULT THIS DATA PROTECTION DECLARATION. IF YOU LOG AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE ARE IN A POSITION TO PRESENT COMPELLING PROTECTION WORTHY GROUNDS FOR THE PROCESSING OF YOUR DATA, THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF THE PURPOSE OF THE PROCESSING IS THE CLAIMING, EXERCISING OR DEFENCE OF LEGAL ENTITLEMENTS (OBJECTION PURSUANT TO ART. 21(1) GDPR).
IF YOUR PERSONAL DATA IS BEING PROCESSED IN ORDER TO ENGAGE IN DIRECT ADVERTISING,YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING AT ANY TIME. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS AFFILIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).
Right to log a complaint with the competent supervisory agency
In the event of violations of the GDPR, data subjects are entitled to log a complaint with a supervisory agency, in particular in the member state where they usually maintain their domicile, place of work or at the place where the alleged violation occurred. The right to log a complaint is in effect regardless of any other administrative or court proceedings available as legal recourses.
Right to data portability
You have the right to demand that we hand over any data we automatically process on the basis of your consent or in order to fulfil a contract be handed over to you or a third party in a commonly used, machine readable format. If you should demand the direct transfer of the data to another controller, this will be done only if it is technically feasible.
SSL and/or TLS encryption
For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.
If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.
Information about, rectification and eradication of data
Within the scope of the applicable statutory provisions, you have the right to at any time demand information about your archived personal data, their source and recipients as well as the purpose of the processing of your data. You may also have a right to have your data rectified or eradicated. If you have questions about this subject matter or any other questions about personal data, please do not hesitate to contact us at any time.
Right to demand processing restrictions
You have the right to demand the imposition of restrictions as far as the processing of your personal data is concerned. To do so, you may contact us at any time. The right to demand restriction of processing applies in the following cases:
In the event that you should dispute the correctness of your data archived by us, we will usually need some time to verify this claim. During the time that this investigation is ongoing, you have the right to demand that we restrict the processing of your personal data.
If the processing of your personal data was/is conducted in an unlawful manner, you have the option to demand the restriction of the processing of your data in lieu of demanding the eradication of this data.
If we do not need your personal data any longer and you need it to exercise, defend or claim legal entitlements, you have the right to demand the restriction of the processing of your personal data instead of its eradication.
If you have raised an objection pursuant to Art. 21(1) GDPR, your rights and our rights will have to be weighed against each other. As long as it has not been determined whose interests prevail, you have the right to demand a restriction of the processing of your personal data. If you have restricted the processing of your personal data, these data – with the exception of their archiving – may be processed only subject to your consent or to claim, exercise or defend legal entitlements or to protect the rights of other natural persons or legal entities or for important public interest reasons cited by the European Union or a member state of the EU.
04. Recording of data on this website
Cookies
We use cookies on our websites. These are text files that are stored via the browser on your end device either for the duration of the visit to the website (session cookies) or permanently. Permanent cookies remain stored until they are deleted by the browser or the user himself.
Without the use of certain cookies, error-free functioning of the website is not possible. The basis for the storage of these technically necessary and functional cookies is Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in storing these technically necessary and functional cookies in order to be able to ensure the necessary technical functions of our website.
Insofar as processing by cookies takes place in the course of contract initiation or contract processing, Art. 6 (1) lit. b DSGVO is the basis for the processing.
For all other cookies, consent is obtained before they are stored. The storage of these cookies and the resulting processing of personal data is therefore based on Art. 6 (1) a DSGVO. You can revoke your consent at any time. The lawfulness of the processing carried out until the revocation remains unaffected. These cookies are stored for various purposes such as the analysis of user behavior or the display of advertising.
Through the settings in your browser, it is possible to prevent or restrict the setting of cookies. The processing of so-called Flash cookies has to be done via the settings of the Flash player and cannot be prevented via the browser. In addition, you can also delete cookies that have already been set via the browser. If corresponding settings have been made in the browser, it may not be possible to use all the functions of our website.
Use of external services
External services are used on our website. External services are services from third-party providers that are used on our website. This can be done for various reasons, for example, for embedding videos or for the security of the website. When using these services, personal data is also passed on to the respective providers. If we do not have a legitimate interest in using these services, we will obtain your consent as a visitor to our website before using them.
Content Delivery Network (CDN)
We use a Content Delivery Network (CDN) to optimize the performance and availability of our website. For this purpose, this service provider, which provides this network, processes your IP address and the information about when you visited our website. All further information on data processing by this service provider can be found in its privacy policy.
We base this processing on a legitimate interest (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest in using a content delivery network is to be able to present our website as quickly, securely and reliably as possible.
jsDelivr
We use the service jsDelivr on our website. The provider of the service is Prospect One Ltd. This company has its branch office in Królewska 65A/1, PL-30-081 Krakow, Poland.
The use of the service may result in data transfer to a third country (USA).
Further information can be found in the privacy information of the manufacturer at the following URL:
https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net
Contact form
On our website there is the possibility to notify us via a contact form. For contacting us via this form, we ask for certain information. In particular, the request must be described and a contact option must be provided. At least this information is mandatory and must be provided in order to use the contact form.
The legal basis for answering the contact questions is the fulfillment of a contract or the implementation of pre-contractual measures. In addition, there may be a legitimate interest in order to maintain business relationships.
The legal basis for processing your data is therefore Art. 6 (1) lit. f DSGVO or Art. 6 (1) lit. b DSGVO.
The data will be deleted when we have answered your inquiry to your satisfaction and when no other retention periods (e.g. tax retention periods) exist.
E-mail traffic and contact via telephone
In accordance with legal requirements, we have provided a telephone number and e-mail address on our website. The data transmitted by telephone or by e-mail are automatically stored by us in order to process corresponding inquiries or to be able to contact the person concerned. Data that we obtain through this process will not be passed on to third parties without consent.
The e-mail traffic and the contact via telephone serve pre-contractual or contractual purposes and the processing of personal data carried out in this context is therefore based on the legal basis Art. 6 para. 1 lit. b DSGVO.
05. Social media
LinkedIn plug-in
This website uses functions of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Any time you access a page of this website that contains functions of LinkedIn, a connection to LinkedIn’s servers is established. LinkedIn is notified that you have visited this website with your IP address. If you click on LinkedIn’s “Recommend” button and are logged into your LinkedIn account at the time, LinkedIn will be in a position to allocate your visit to this website to your user account. We have to point out that we as the provider of the websites do not have any knowledge of the content of the transferred data and its use by LinkedIn.
The use of the LinkedIn plug-in is based on Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in being as visible as possible on social media. If a respective declaration of consent has been obtained, the data shall be processed exclusively on the basis of Art. 6(1)(a) GDPR. This declaration of consent may be revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here:https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-der-?lang=en
For further information on this subject, please consult LinkedIn’s Data Privacy Declaration at: https://www.linkedin.com/legal/privacy-policy.
XING plug-in
This website uses functions of the XING network. The provider is the New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
Any time one of our sites/pages that contains functions of XING is accessed, a connection with XING’s servers is established. As far as we know, this does not result in the archiving of any personal data. In particular, the service does not store any IP addresses or analyze user patterns.
Data are stored and analyzed on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the highest possible visibility on social media. If a respective declaration of consent has been obtained, the data will be processed exclusively on the basis of Art. 6(1)(a) GDPR. Any such consent may be revoked at any time.
For more information on data protection and the XING share button please consult the Data Protection Declaration of Xing at: https://privacy.xing.com/en/privacy-policy
06. Plug-ins and Tools
Google Maps
This website uses the mapping service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To enable the use of the Google Maps features, your IP address must be stored. As a rule, this information is transferred to one of Google’s servers in the United States, where it is archived. The operator of this website has no control over the data transfer. In case Google Maps has been activated, Google has the option to use Google web fonts for the purpose of the uniform depiction of fonts. When you access Google Maps, your browser will load the required web fonts into your browser cache, to correctly display text and fonts.
We use Google Maps to present our online content in an appealing manner and to make the locations disclosed on our website easy to find. This constitutes a legitimate interest as defined in Art. 6(1)(f) GDPR. If a respective declaration of consent has been obtained, the data shall be processed exclusively on the basis of Art. 6(1)(a) GDPR. This declaration of consent may be revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
For more information on the handling of user data, please review Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.
07. eCommerce and payment providers
Processing of customer and contract data
We collect, process and use personal data only insofar as they are necessary for the establishment, content or amendment of the legal relationship (inventory data). This is done on the basis of Art. 6 (1) lit. b DSGVO, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. We collect, process and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill the user.The collected customer data will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.
08. Online-based Audio and Video Conferences (Conference tools)
Data processing
We use online conference tools, among other things, for communication with our customers. The tools we use are listed in detail below. If you communicate with us by video or audio conference using the Internet, your personal data will be collected and processed by the provider of the respective conference tool and by us. The conferencing tools collect all information that you provide/access to use the tools (email address and/or your phone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “context information” related to the communication process (metadata).
Furthermore, the provider of the tool processes all the technical data required for the processing of the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.
Should content be exchanged, uploaded, or otherwise made available within the tool, it is also stored on the servers of the tool provider. Such content includes, but is not limited to, cloud recordings, chat/ instant messages, voicemail uploaded photos and videos, files, whiteboards, and other information shared while using the service.
Please note that we do not have complete influence on the data processing procedures of the tools used. Our possibilities are largely determined by the corporate policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, and which we have listed below this text.
Purpose and legal bases
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6(1)(b) GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest in the meaning of Art. 6(1)(f) GDPR). Insofar as consent has been requested, the tools in question will be used on the basis of this consent; the consent may be revoked at any time with effect from that date.
Duration of storage
Data collected directly by us via the video and conference tools will be deleted from our systems immediately after you request us to delete it, revoke your consent to storage, or the reason for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal retention periods remain unaffected.
We have no influence on the duration of storage of your data that is stored by the operators of the conference tools for their own purposes. For details, please directly contact the operators of the conference tools.
Conference tools used
We employ the following conference tools:
Microsoft Teams
We use Microsoft Teams. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. For details on data processing, please refer to the Microsoft Teams privacy policy: https://privacy.microsoft.com/en-us/privacystatement.
09. Custom Services
Job Applications
It is possible to send us an application (e.g. by post, online application form or e-mail). The personal data received in this way will be stored and processed by us for the purpose of deciding whether to enter into an employment relationship.
The basis for the processing is Art. 6 para 1 lit. b DSGVO as well as Art. 6 para 1 lit. a DSGVO, if consent has been given. Insofar as German law is applicable, Section 26 BDSG is also the legal basis for processing (initiation of an employment relationship). You can revoke your consent at any time. The lawfulness of the processing carried out until the revocation remains unaffected.
If an employment relationship results from the application, the collected data will be stored for the processing of the employment relationship on the basis of Art. 6 (1) lit. b DSGVO. Insofar as no employment relationship results, the data will be stored on the basis of Art. 6 para.1 lit. f DSGVO for up to 6 months after termination of the application process. We have a legitimate interest in storing the data in order to be able to defend ourselves against any lawsuits or accusations. If consent has been given, the data will be stored longer on the basis of Art. 6 (1) a DSGVO. You can revoke your consent at any time. The lawfulness of the processing carried out until the revocation remains unaffected.
Scope and purpose of the collection of data
If you submit a job application to us, we will process any affiliated personal data (e.g., contact and communications data, application documents, notes taken during job interviews, etc.), if they are required to make a decision concerning the establishment or an employment relationship. The legal grounds for the aforementioned are § 26 GDPR according to German Law (Negotiation of an Employment Relationship), Art. 6(1)(b) GDPR (General Contract Negotiations) and – provided you have given us your consent – Art. 6(1)(a) GDPR. You may revoke any consent given at any time. Within our company, your personal data will only be shared with individuals who are involved in the processing of your job application.
If your job application should result in your recruitment, the data you have submitted will be archived on the grounds of § 26 GDPR and Art. 6(1)(b) GDPR for the purpose of implementing the employment relationship in our data processing system.
Data Archiving Period
If we are unable to make you a job offer or you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6(1)(f) GDPR) for up to 6 months from the end of the application procedure (rejection or withdrawal of the application).
Afterwards the data will be deleted, and the physical application documents will be destroyed. The storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the expiry of the 6-month period (e.g., due to an impending or pending legal dispute), deletion will only take place when the purpose for further storage no longer applies.
Longer storage may also take place if you have given your agreement (Article 6(1)(a) GDPR) or if statutory data retention requirements preclude the deletion.
Applicant pool
If no employment relationship is established, the applicant can be included in our applicant pool. In this case, all details of the application are stored in order to be able to contact the corresponding person in the event of suitable job postings.
The storage of data in the applicant pool takes place only after consent has been given on the basis of Art 6. para.1 lit.a DSGVO. This consent can be revoked at any time, whereupon the corresponding data will be deleted, unless there are legal reasons for retention. Deletion will take place no later than two years after the consent was given. The lawfulness of the processing carried out until the revocation remains unaffected.