Data protection declaration of GSR Services GmbH

With the following information we explicitly would like to explain to you how we as a company handle your data when visiting this homepage and how we have implemented the requirements of the legislative body.

For a better understanding and to gain a better overview, the following index enables a quick finding of explanations and indications.

Index

  1. Introduction / Overview
  2. Scope
  3. Definitions
  4. Personal data
  5. Affected person
  6. Processing
  7. Restriction of processing
  8. Profiling
  9. Pseudonymization
  10. Data system
  11. Responsible
  12. Order processor
  13. Recipiant
  14. Third party
  15. Consent
  16. Violation of protection of personal data
  17. Cookies
  18. IP address
  19. Browser
  20. Referrer-URL
  21. Plug-in
  22. Responsible and data protection administrator
  23. Responsible of GSR Services GmbH
  24. Data protection administrator
  25. General information
  26. Data collection and saving
  27. Collection of general data and information when using our homepage
  28. Contacting us via email
  29. Cookies
  30. Inclusion of services and contents of third parties
  31. Inclusion of Google Maps
  32. Use of Google-Analytics with anonymization function
  33. Use of Facebook Social Plug-Ins
  34. Twitter Plug-In
  35. Google Plus
  36. YouTube
  37. Vimeo
  38. Matomo (formerly Piwik)
  39. RSS-Feed
  40. Data Protection in case of applications and application processes
  41. Transmission of data to third parties
  42. SSL- / TLS coding
  43. Existence of an automated decision making
  44. Rights of the affected person
  45. Right of disclosure
  46. Right of correction
  47. Right of deletion
  48. Right of restriction of the processing
  49. Right of information
  50. Right of data transmission
  51. Right of objection
  52. Right of retraction of data laws declaration of consent
  53. Automated decisions in an individual case including profiling
  54. Right of complaint towards a regulating authority
  55. Change of our data protection declaration

 

I.                    Introduction / overview

Data protection has always been an important issue. Only through data protection it is possible to protect every individual person from being hindered in his personal and/or other rights by handling personal data.

Every company needs and maintains data for their existence.

Through steadily increasing digital networking, the danger of data abuse also increases.

Generally though, companies that collect, save or process data should not be protected.

Rather, every individual person should be protected from data abuse and especially from harming their personal rights.

Data protection has always been a high priority for our company.

Therefore, it is not only the requirement to us but also a requirement by the legislative to make sure your data is protected in the best possible way.

Our data protection is therefore always in accordance with applicable law.

Legislative demands for data protection especially include the General Data Protection Regulation (DSGVO), the Federal Data Protection Act (BDSG) as well as the German Telemedia Act (TMG).

In our company, we have inserted and implemented numerous technical and organizational measures to ensure the protection of your personal data possibly without any gaps.

In this data protection declaration, respectively in the following declarations and considerations, we would like to inform you in a most extensive and understandable way about when, where, how / for what reason we collect and process your personal data.

In this context we would at the same time like to inform you on your rights.

Following explanations will enable you to identify the extent to which we collect and process personal data when using our homepage and the relating rights you have.

For a better understanding, this data protection declaration is divided into individual paragraphs with related headlines. From these headlines it becomes clear what each paragraph is dealing with.

Furthermore, for a better understanding of this data protection declaration and for easy access, we have defined terms especially used by the legislator and those ones not known to everyone according to our understanding in a separate paragraph.

For a quick look up, we have implemented references on where to find definitions for numerous terms into the individual paragraph.

Furthermore, we have concretely named the legal basis authorizing us to collect and process the related personal data.

At the same time, we have stated the purpose and as far as possible the duration of the processing in the individual paragraph.

In the individual paragraph we also point out, your concrete rights regarding the respective data processing.

Additionally, your rights are being listed again in a separate paragraph stating the respective legal regulations for you to be able to obtain information on your rights without having to search in the individual paragraph.

In case the following indications and explanations are not sufficient for you and/or if they are not made understandable to you despite our efforts, our data protection administrator (please see IV.2.) is always available to you for further enquiry, proposals, critics etc.

For contact details, please see either this declaration and/or our imprint.

 

II.                 Scope

This homepage is driven by GSR Services GmbH, Auf dem Brink 1, 21394 Suedergellersen. This data protection declaration is therefore applicable to our entire homepage, to our entire web presence respectively.

For further information on our company, please refer to our imprint.

III.              Definitions

Initially, we have pointed out that the legal regulations on data protection are especially resulting from the General Data Protection Regulation (DSGVO), the Federal Data Protection Act (BDSG) as well as the German Telemedia Act (TMG).

A respective current version of the aforementioned laws can be found under the following links:

This data protection declaration therefore fulfills the requirements and specifications of the aforementioned laws.

Because of that, in this data protection declaration, amongst others we are using terms and definitions being used in these laws.

Furthermore, we are using terms arising from the computer language or the IT industry respectively.

For a simpler and better understanding, we would first of all like to define and explain the most important terms used. These definitions have also been used by the legislative authority, especially within the General Data Protection Regulation (DSGVO). In the following definitions and explanations we have whenever possible mentioned the respective legal rules these definitions are originated from.

1.      Personal data
(see also article 4 No. 1 DSGVO)

Personal data are all information relating to an identified or identifiable natural person (in the following “affected person”); as identifiable natural person is being viewed who can be directly or indirectly identified, particularly via assignment to a characteristic value like a name, an identification number, to locations, to an online-identification, or to one or several special attributes that are expressing the physical, physiological, genetical, economical, cultural or social identity of this natural person.

2.      Affected person
(see also article 4 No. 1 DSGVO)

Affected person is any identified or identifiable person whose data is being processed.

3.      Processing
(see also article 4 No. 2 DSGVO)

Processing is any executed procedure with or without help of automated processes or any such sequence of processes in relation to personal data like the collection, the capturing, the organization, the structuring, the saving, the adaptation or changing, the readout, the usage, the disclosure via transmission, spreading or another form of provision, the comparison or the link-up, the restriction, the deletion or the destruction.

4.      Restriction of processing
(see also article 4 No. 3 DSGVO)

Restriction of processing is the marking of saved personal data with the aim to restrict their future processing.

5.      Profiling
(see also article 4 No. 4 DSGVO)

Profiling is any form of automated processing of personal data consisting of using this personal data to assess distinctive personal aspects relating to a natural person, particularly to analyze or make a forecast on aspects relating to workforce, economical situation, health, personal preferences, interests, reliability, behavior, location or change of location of this natural person.

6.      Pseudonymisation
(see also article 4 No. 5 DSGVO)

Pseudonymisation is the processing of personal data in a way so that the personal data cannot be assigned to a specific affected person without consulting additional information, provided this additional information is being stored separately and is subject to technical and organizational measures which guarantee that this personal data cannot be assigned to an identified or identifiable natural person.

7.      Data file system
(see also article 4 No. 6 DSGVO)

Data file system is any structured collection of personal data which is accessible according to specific criteria, independent whether this collection is being lead local, decentralized or sorted according to functional or geographical aspects.

8.      Responsible
(see also article 4 No. 7 DSGVO)

Responsible is the natural or judicial person, authority, institution or other body deciding alone or together with others on the purpose and instrument of processing of personal data; are the purposes and instruments of this processing preset by European Union law or by the law of member states, the responsible or certain criteria of his designation respectively can be arranged according to the European Union law or the law of the member states.

9.      Order processor
(see also article 4 No. 8 DSGVO)

Order processor is a natural or judicial person, authority, institution or other body who is processing personal data on behalf of the Responsible.

10.  Receiver
(see also article 4 No. 9 DSGVO)

Receiver is a natural or judicial person, authority, institution or other body to whom personal data is being disclosed, independently from it being a third person or not. Authorities possibly receiving personal data within the scope of a certain administrative inquiry in line with the regulations of the European Union or of the Member states are not regarded as receiver, the processing of this data through the aforementioned authorities is in accordance with applicable data protection regulations pursuant to the purpose of the processing.

11.  Third Party
(see also article 4 No. 10 DSGVO)

Third Party is a natural or judicial person, authority, institution or other body apart from the affected person, the Responsible, the order processor and the persons being authorized by the Responsible or the order processor to process personal data.

12.  Consent
(see also article 4 No. 11 DSGVO)

Consent is any declaration of will in an informed and unmistakable distinct and confirming way for the particular case, given voluntarily by an affected person in form of a declaration or another confirming act with which the affected person suggests that it agrees with the processing of its personal data.

13.  Violation of the protection of personal data
(see also article 4 No. 12 DSGVO)

Violation of the protection of personal data is a violation of security leading to the destruction, loss or change, whether unintentional or unlawfully, or to the unauthorized disclosure of or unauthorized access respectively to personal data that has been transmitted, saved or processed in another way.

14.  Cookies

Cookies are data sets that are being filed by a webserver on the computer of the user. With the next connection of the user’s computer, they will be sent back to the cookie-sending webserver, aiming at the recognition of the user and his settings. It is a data file locally installed on the user’s computer that is allocating a certain identity to the user, consisting of numbers and letters.

The classification of cookies as being personal data is depending on the technical arrangement of the cookies.

If only a combination of numbers and letters generated by chance is being saved on the user’s computer, the user cannot be defined. An assignment is only possible with the additional knowledge about which combination has been saved on which computer. This additional knowledge is not available to operators of websites only using cookies exclusively having elements of chance.

If the operator incorporates the name of the user or his e-mail-address into the cookie, the user has regularly provided related information to the operator and has identified himself, i.e. with the generation of a costumer/user profile when placing an order on the website of the company, with the usage of an a-mail account of the same operator, with the participation at surveys on the website or similar. The system of the user can be programmed in a way that this additionally won information flows into the identification combination of the cookie. If the name or the e-mail address of the user is being integrated into the cookie, the user can be allocable. The cookie is to be classified as personal data.

Furthermore, a combination of cookies and IP-addresses is possible. In this constellation, the operator of the website that has been visited is saving IP-addresses and is relating them to the predetermined cookies, meaning the allocation of a cookie to a related IP-address is being saved in a data bank. The allocation of the user requires that the operator of the website can relate the IP-address to a specific user without a disproportional effort of time, costs and staff.

Whether IP-addresses are representing personal data in themselves has not been uniformly decided in German jurisdiction. It could be assumed that an IP-address will fall under the term of personal data.

Usually, most of the used cookies will be deleted after the respective browser session is finished (so-called session-cookies). Other cookies remain on the user’s computer, enabling the operator of the respective website to recognize the user’s computer at the user’s next visit (so-called durable cookies).

Cookies are usually serving to create an attractive visit of the website und to enable the use of specific function.

For every user, it is possible to configure his browser in a way so that the browser informs the user on the placement of cookies. That way, the application of cookies will be transparent for the user.

The respective user can of course also set up his browser in a way so that cookies are not being placed on his computer or already placed cookies are being deleted.

For this, you have to first of all activate the browser you are using, like the internet explorer, Firefox, etc. Under settings, category data protection, you can block and/or adjust other cookie settings.

For further information, please see the data protection declaration of your respective browser.

15.  IP address

An IP address is an address within a computer net, which – like the internet – is based on the internet protocol (IP). It is being allocated to devices connected to the net and with that makes the devices addressable and therefore reachable. The IP address can indicate an individual receiver of a group of receiver. In reverse, several IP addresses can be allocated to one computer.

The IP address is mainly being used to transport data from your sender to the designated receiver.

16.  Browser

Browser are special computer programs for the presentation of websites on the internet (World Wide Web) or generally of documents and data.

17.  Referrer-URL

Referrer-URL is marking the website on the internet through which the user has come to the current website or file respectively.

18.  Plug-In

A Plug-In is a software program that autonomously covers functionality partly and with that extends the functionality of the whole system. For the execution of a Plug-In, a platform is needed on a superior level providing the interface needed for the integration of the Plug-In. Plug-Ins are not to be mistaken with Add-Ons that are complementing existing software only optionally and do not provide an own library but solely use existing ones.

Plug-Ins are mostly from third parties and only seldom from the same producer as the main program.

Well known programs are i.e. Flashplayer, Java- or PDF-Plug-Ins for web browser like the internet explorer or Mozilla-Firefox. These are extending browser with functionalities for the presentation of file formats (i.e. video streaming, PDF documents) which are not supported as a standard. Another advantage of external Plug-Ins is that they only have to be loaded once they are really needed. This is saving resources which can be used with higher efficiently in the normal browser usage.

IV.              Responsible and data protection administrator

Here, we would like to inform you about the responsible (for definition please see III.8.) and the data protection administrator for our company.

  1. Responsible

GSR Services GmbH, Auf dem Brink 1, 21394 Suedergellersen, represented by th managing director Henning Gramann

The contact details of the responsible are as follows:

GSR Services GmbH, Auf dem Brink 1, 21394 Suedergellersen
Telefon: +49 (0)4135 31789 - 50
E-Mail: henning.gramann@gsr-services.com 
Website: http://www.gsr-services.com 

For further information on the responsible please refer to our imprint.

  1. Data protection administrator

Basically, a data protection administrator is only needed if generally at least 10 persons are constantly busy with the automated personal data processing in the company.

This is not the case for our company. Although there are exceptions from this rule, the requirements for these exceptions are not relevant. For this reason, we don’t need a data protection administrator.

In matters of data protection you can refer to any of our staff. For contact details, please see this declaration and/or our imprint.

V.                 General Remarks

Generally, you can use our homepage or our internet pages respectively without having to disclose any personal information.

If you would like to make use of our company’s services though, i.e. as a customer, business partner etc., a processing of your personal data (see III.1.) might be required.

This is particularly the case if you are contacting us via e-mail.

We would explicitly like to clearly state that despite our efforts to install technically possible security measures, internet based data transmission might pose a security flaw and therefore we can’t guarantee an absolute protection.

For this reason, you can naturally also transmit personal data on alternative ways, i.e. via telephone. For contact details, please refer to our imprint and/or ask us personally.

VI.              Data raising and saving

Generally, our homepage can be used without any declaration of personal data. Nevertheless, with every call of our homepage data will be raised and saved. Above that, you have the option to contact with us via e-mail.

In the following, it shall be explained which data is being collected and processed, the legal base that is entitling us to do so, the purpose, the duration of the saving as well as your related rights.

  1. Collection of general data and information when using our homepage

With every call of our website, information is automatically collected and saved. In detail, this is the following information or data respectively:

  • Name of the website
  • File
  • Date
  • Time
  • Data quantity
  • Web browser and web browser version
  • Operating system
  • The domain name of your internet provider
  • The so-called referrer-URL
  • The IP-address

The aforementioned data or information respectively is automatically transferred to us by your browser.

This information is of general nature and is not concluding any information on your personality. You are remaining anonymous. A combination of this data or information respectively with other data sources is not being done.

In this context, we do reserve the right though to check on this information, also called server-log files, later on if we do receive concrete knowledge on illegal usage or if we are legally forced by a third party.

This data collection serves to present the contents of this homepage as well as for statistical purposes. The data collection particularly helps us optimizing the technology. The collection of aforementioned data is therefore inevitable.

The legal basis for the aforementioned data collection is article 6 para 1 sentence 1 f DSGVO.

Generally, this data is being saved by us for the duration of 60 days and then being deleted unless we are legally forced by a third party to keep saving this data and/or we do have concrete knowledge of an illegal use               .

The collection and saving of this data is inevitable for the provision and operation of our homepage. For this reason, there is no right of objection and/or right of deletion.

  1. Contacting via e-mail

A quick electronic contact with us is possible any time via Email. When contacting us via e-mail, particularly your e-mail-address, your name and, as long as you provide them, other personal data will be saved automatically. This personal data transferred to us by you on a voluntary basis will be saved for processing and/or contacting purposes. There will be no transmission of this personal data to a third party.

Article 6 para 1 f DSGVO is the legal basis for this data collection. In case the e-mail contact is aiming at the conclusion of a contract, article 6 para 1 b DSGVO is the additional legal basis for the processing.

This data will be deleted by us as soon as they are not required any more for achieving the purpose of their collection. That is the case when the respective email conversation with the user is finished. The conversation is finished when it is obvious that the circumstances of the case are concluded.

You do have the option to revoke your consent to the processing of the personal data any time. If you are contacting us via e-mail, you can revoke the saving of your personal data any time. In that case, the communication cannot be continued. The revocation of the approval can be informal. You can send this revocation in writing, via e-mail, via telephone etc. to our staff. For contact details, please refer to this declaration and/or our imprint.

In case of revocation, all related personal data that has been saved in the course of contacting will be deleted by us.

VII.            Cookies

On our homepage or on our internet pages respectively, we are using so-called cookies (for definition see III.14). In detail, on our homepage or on our internet pages respectively, we are using session cookies as well as permanent cookies (for definition see III.14).

The cookies are being used by us for analyzing and optimization purposes. Cookies are not being used to execute programs or load viruses onto your computer.

Cookies contain information i.e. on the hitherto access of the user to the according server or information on the offers that have been called for so far respectively.

By this, we improve our offer continuously and make it more comfortable.

Therefore, the data collection is inevitable.

Legal basis for the aforementioned data collection is article 6 para 1 sentence 1 f DSGO.

Although, according to article 6 para 1 sentence 1 f DSGVO, no permission is required, we do fade in a cookie warning with the first call of our website pointing out explicitly that cookies are being used. At the same time, we are retrieving your permission for using cookies by clicking the buttons through which the usage of cookies is being approved.

Legal basis therefore is a possible acceptance by you.

You have the right of objection against the use of cookies or a right of elimination respectively. You do have the option to refuse the placement of cookies at any time. This generally works by selecting the according option in the settings of the browser or through additional programs. For further information, please refer to the explanations given under III.14 and/or the data protection declaration as well as to the help function of the respective browser or browser provider respectively used by you.

VIII.         Inclusion of services and information of third parties

To extend and make our offer more attractive, we have included the services of third parties on our homepage.

  1. Inclusion of Google Maps

On our homepage we are making use of Google Maps services. With that, we can present interactive maps directly on the homepage to you, allowing you the comfortable use of the map function.

Google Maps is a component of Google Inc., 1600 Amphitheatre, Parkway, Mountain View, CA 94043, USA. With every single call of the component “Google Maps” incorporated by us, Google places a cookie (for definition see III. 14) to process user settings and user data when the web page on which the component “Google Maps” is integrated is presented.

Generally, this cookie will not be deleted by closing the browser but it will run out after a certain amount of time as long it hasn’t been deleted manually by you.

If you don’t agree to this processing of your data, there is the option to deactivate the service of Google Maps and to prevent the transmission of data to Google. For that, you have to deactivate the Java-Script function in your browser. We are pointing out to you though, that in this case, you can’t make use of “Google Maps” or only in a limited way.

The use of “Google Maps” and the information gained through “Google Maps” is carried out according to the Google terms of use which can be found under the following link: https://policies.google.com/trms?hl=de as well as under the additional terms and conditions for “Google Maps”: https://www.google.com/intl/de_US/help/trms_maps.html. This happens independently from whether Google provides a user account through which you are logged in or if no user account exists. If you are logged in with Google, your data is directly being assigned to your account.

On our homepage or our web presence respectively, we have established Google Maps to create a homepage that is more attractive for the user.

Therefore, the legal basis is article 6 para 1 f DSGVO.

If you don’t want your data to be assigned to your profile at Google, you have to log out of your Google account before using the component “Google Maps”. Google is saving your data as user profile and uses it for advertising purposes, market research and/or tailored configuration of their website. Such an analysis is especially done (even for users that are not logged in) to provide tailored advertising and to inform other users of the social network about your activities on our homepage. You do have the right of objection against the build-up of such user profiles whereas for claiming the same, you have to address Google. Here, you will receive further information on respective rights and setting options for the protection of your privacy.

Google is also processing your personal data in the USA and has subdued to the EU-US-privacy-shield: https://www.privacyshield.gov.

  1. Use of Google-Analytics with anonymization function

On our homepage, we have established Google Analytics, a web analyzing service of Google Inc. 160 Amphitheatre, Parkway, Mountain View, CA 94043, USA. Google-Analytics is using so called cookies (for definition see III. 14). These cookies are being saved on your computer, enabling us to analyze your use of our homepage.

The information created by these cookies, i.e. time, location and frequency of your website visits including your IP-address, is transmitted to and saved at Google in the USA.

On our homepage, we are using Google-Analytics with an IP anonymization function. In this case, your IP address is being shortened and therefore anonymized already within the member states of the European Union or in other contractor states to the convention on the European market.

Google is going to use this information to analyze your use of our homepage, to create a report on website activities for us and to provide additional services connected to the use of the website and the use of the internet. Also, Google will transfer this information to third parties if this is a legal requirement or in case third parties are processing this data on behalf of Google.

We are using Google-Analytics with an IP-anonymization function for analysis purposes and in association with that for a continuous improvement of our services.

Therefore, legal basis is article 6 para 1 f DSGVO.

According to their own declaration, Google will under no circumstances connect your IP-address to other data of Google. You can prevent the installation of cookies through according settings of your browser software but we are pointing out that in this case you might not be able to use all functions of our website to its full extend.

Furthermore, Google is offering a deactivation option for most popular browser which gives you more control on the data that is collected and processed. Should you activate this option, no information on the website visit will be transmitted to Google-Analytics. This activation doesn’t prevent information to be passed on to us or to other web analysis services implemented by us. For further information on the activation of the deactivation option provided by Google please see the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

  1. Use of Facebook Social Plug-Ins

No application at present

  1. Twitter Plus-In

No application at present

  1. Google Plus

No application at present

  1. You tube

For the integration and presentation of video contents, our homepage or internet presence respectively is using YouTube Plug-Ins. YouTube is an internet video portal. Provider of this video portal is the YouTube, LLC, 901 Caerry Ave, San Bruno CA 94066, USA (www.youtube.com).

With the call of our homepage content or our web pages respectively with integrated YouTube Plug-In, a connection to the YouTube servers is automatically being established. This way, YouTube is made aware which of our web pages or contents respectively you have called.

Should you have an own YouTube account, YouTube can link your surfing behavior directly to your account or personal profile respectively if you are logged in to your YouTube account at that time. By logging out beforehand, you do have the possibility to prevent that.

The incorporation of YouTube into our homepage serves an appealing presentation of our online-services.

Therefore legal base is article 6 para 1 f DSGVO.

For details on the handling of user data, please refer to the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.

  1. Vimeo

For the integration and presentation of video contents, our homepage or internet presence respectively is using Plug-Ins of Vimeo. Provider of this video portal is the Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA (www.vimeo.com).

With the call of our web pages containing an integrated Vimeo Plug-In, a connection to the Vimeo server is automatically established. This way, Vimeo is made aware which of our pages you have called. Vimeo gets to know your IP-address, even if you are not logged into the video portal and/or have an account there. The information gathered by Vimeo is being transmitted to the server of the video portal in the USA.

Vimeo can link your user behavior directly to your profile. By logging out beforehand, you do have the possibility to prevent that.

The incorporation of video Plug-Ins on our homepage or web presence respectively serves an appealing presentation of our online-services.

Therefore legal base is article 6 para 1 f DSGVO.

For details on the handling of user data, please refer to the data protection declaration of Vimeo under https://vimeo.com/privacy.

  1. Matomo (formerly Piwik)

Our homepage or web presence respectively is using the web analysis provider Matomo. Motomo (formerly Piwik) is an open source solution.

Matomo is using so-called “cookies” (for definition see III.14.). The information produced via cookies on the use of our homepage or web presence respectively is being saved on our server. Before saving though, your IP-address is being anonymized.

Matomo cookies will remain on your end device until you delete them.

There will be no transfer of information saved in the Matomo cookie on the use of our homepage or our web presence respectively. We are using Matomo for an anonymized analysis of user behavior to optimize and improve our service, also our marketing.

Therefore, legal base is article 6 para 1 f DSGVO.

The setting of cookies through your web browser can be prevented.

Relating to that, we explicitly refer to our explanations under III.14.

Some of the functions of our homepage or web presence respectively could be restricted though.

IX.               RSS-Feed

No application at present

X.                  Data protection in case of applications and application processes

We are offering for applications to be sent to us via e-mail.

We are collecting, saving and processing the personal data of applicants for the purpose of the application procedure processing.

If we conclude a contract of employment with an applicant, the data transmitted to us during the application procedure will be saved for employment processing purposes under adherence to the legal requirements.

If there is no conclusion of a contract of employment with the applicant, the application documents will be deleted 6 months after the decision for rejection as long as there are no other legitimate interests against this deletion, i.e. a burden of proof in a legal action.

Legal base is article 6 para 1 f DSGVO and article 6 para 1 b DSGVO.

You have the option to revoke your consent to processing personal data at any time. So if you do send an application via e-mail to us, you can always revoke the consent to save your personal data. In such a case, the communication can’t go on, meaning that your application can’t be processed any further, following which there will possibly be no employment. The revocation of the consent can be informal. You can send this revocation in writing, via e-mail, via telephone etc. to our other staff. For contact details, please refer to this declaration and/or our imprint.

Generally all personal data saved by us in due course of the application will be deleted In case of a revocation unless there is an interest from our side, i.e. a burden of proof in a legal action.

XI.               Data transfer to third parties

We will not transfer your personal data to third parties unless we are informing you on transference. Our IT service provider has access to our saved data to correct errors and to enable us to process on the required technical measures.

Article 6 para 1 f DSGVO and article 6 para 1 b DSVGO are the related legal base. Our IT service provider has been chosen very carefully by us and has been ordered in writing. He is bound to follow our instructions and is controlled regularly by us. The service provider won’t pass on data to third parties.

Apart from those cases explained in this data protection declaration, without consent we will only pass on user data to third parties if we are required to do so by law or by an authority or court directive.

The collection and saving of this data is mandatory for the processing and maintenance of our whole IT. Therefore, there is no possibility for objection or deletion.

XII.            SSL- / TLS coding

No application at present

XIII.         Existence of an automated decision making

Being a responsible company, we are not using automated decision finding or profiling.

XIV.         Rights of the affected person

The rights of the affected person are particularly important to us. The rights of the affected person are one of the most important elements of legal requirements. At this point we would like to highlight the rights of the affected person in particular. We have therefore set aside the rights of the affected person in the aforementioned explanations. In our view, the rights of the affected person have to be explained in a separate paragraph to ensure that they can be found and read any time and without problems.

The rights of the affected person are explicitly resulting from the data protection regulation (DSGVO). They are regulated in the articles 12 to 23 of the data protection regulation (DSGVO).

The following rights of the affected person exist in detail:

  1. Right of disclosure
    (please also see article 15 DSGVO)

Every affected person has the right to claim a confirmation from us, the responsible, whether personal data relating to the affected person is being processed (so-called right of confirmation). The information has to be given free of charge.

According to article 15 DSGVO, if there is such a processing, you can claim information on the following:

  • (1) the purpose of processing
  • (2) the category of personal date that is being processed
  • (3) the receiver or category of receivers to whom data has been disclosed or is still being disclosed, especially when receivers are in third countries or in case of international organizations
  • (4) the planned duration of saving of personal data if possible, otherwise the criteria for the determination of this duration
  • (5) the existence of a right of correction or deletion of personal data related to them or on restrictions on processing through the responsible or a right of objection against this processing
  • (6) the existence of a right of complaint towards an authority
  • (7) all available information on the origin of the data if the personal data is not being raised from the affected person directly
  • (8) the existence of an automated decision finding including profiling according to article 22 para 1 and 4 DSGVO and – at least in these cases – significant information on the logic involved as well as the consequences and the impacts pursued of such a processing for the affected person

Furthermore, the affected person has a right of disclosure on whether personal data is or has been transmitted to a third country or to an international organization. Relating to this, according to article 46 DSGVO, the affected person can demand to be informed on the relevant guarantees in relation to the transmittance.

If an affected person intends to make use of this right of disclosure, he can always refer to our staff. For contact details, please refer to this declaration or to our imprint.

  1. Right of correction
    (see also article 16 DSGVO)

Any affected person has the right to demand an instant correction and/or completion from us, the responsible, as long as the processed personal data affecting them is incorrect or incomplete. If the correction and/or completion are demanded from us, we have to do the correction immediately.

If an affected person intends to make use of this right of correction or right of completion, he can always refer to our staff. For contact details, please refer to this declaration or to our imprint.

  1. Right of deletion (“Right of being forgotten”)
    (see also article 17 DSGVO)

As long as the processing is not necessary, any affected person has the right to demand from us the responsible that the personal data related to them is being deleted immediately if one of the following reasons is applicable:

  • (1) the personal data is not relevant any more for the reasons they have been collected or processed in another way
  • (2) the affected person revokes the consent to this processing based on article 6 para 1 a or article 9 para 2 a DSGVO and there’s no other legal basis for the processing
  • (3) the affected person objects to the processing as per article 21 para 1 DSGVO und there are no overriding eligible reasons or the affected person objects against the processing according to article 21 para 2.
  • (4) the personal data has been processed unlawfully
  • (5) the deletion of personal data is necessary for the fulfilment of a lawful duty according to the Union law or according to the law of the member states the responsible is subjected to.
  • (6) the personal has been collected as per article 8 para 1 DSGVO in relation to offered services of the information company.

Have we, the responsible, made the personal data public and are we bound to delete them as per article 17 para 1 DSGVO, we will take appropriate measures, also of technical nature, under the consideration of the available technology and the costs of implementation, to inform the person responsible for data processing and who is processing the personal data that an affected person has demanded the deletion of all links to this personal data or of copies or replica of this personal data.

The right of deletion does not exist though if the processing is necessary

  • (1) for the exercise of the right of freedom of expression and information;
  • (2) for the fulfilment of a lawful duty demanding the processing as per the right of the Union or of the member states the responsible is subjected to, or for the percipience of a task being of public interest or for exercising public force that has been transferred to the responsible;
  • (3) for reasons of public interest in the field of public health as per article 9 para 2 a and i DSGVO as well as article 9 para 3 DSGVO;
  • (4) for archiving purposes that are of public interest, scientific or historical research or for statistical purposes as per article 89 para 1 DSGVO, as far as the in article 17 para 1 DSGVO mentioned right (right of deletion) presumably doesn’t render the realization of the aims of this processing impossible or seriously impacts them, or
  • (5) for the enforcement, exertion or defense of legitimate claims

If an affected person intends to make use of this right of deletion, he can always refer to our staff. For contact details, please refer to this declaration or to our imprint.

  1. Right of restriction of the processing
    (see also article 18 DSGVO)

Every affected person has the right to demand the restriction of the processing from us, the responsible, if one of the following assumptions is given:

  • (1) the correctness of the personal data is being contested by the affected person for a period of time enabling the responsible to check on the correctness of the personal data;
  • (2) the processing is unlawful and the affected person is denying the deletion of the personal data and requires the restriction of the use of the personal data;
  • (3) the responsible doesn’t need the personal data for the purpose of processing any more but the affected person needs it for the enforcement, exertion or defense of legitimate claims or
  • (4) the affected person objects against the processing as per article 21 para 1 DSGVO as long as it is not clear whether the legitimate reasons of the responsible are outweighing the ones of the affected person.

Has the processing of the personal data related to you been restricted, this personal data is – apart from the saving - only allowed to be processed with your consent or for the enforcement, exertion or defense of legitimate claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a member state.

Has the restriction of the processing been restricted as per the above mentioned conditions, you will be informed by us before the restriction will be cancelled.

If one of the aforementioned conditions are met and an affected person requires the restriction of personal data that is saved by us, the affected person can always refer to our staff. For contact details, please refer to this declaration or to our imprint.

  1. Right of information
    (see also article 19 DSGVO)

If you have enforced the right of correction, deletion or restriction of the processing towards us, the responsible, we are obliged to inform all receivers of personal data related to you on the correction or deletion of the data or restriction of the processing, unless this is proven to be impossible or bears a disproportional high effort to do so.

You have the right to be informed about these receivers by us.

If you would like to make use of the right to be informed on these receivers you can always refer to our staff. For contact details, please refer to this declaration or to our imprint.

  1. Right of data transferability
    (see also article 20 DSGVO)

Every affected person has the right to receive the personal data related to him and provided by him to us, the responsible, in a structured, established and machine-readable format. Additionally, every affected person has the right to transfer this data to another responsible without hindrance through the responsible to which the personal data has been provided if

  • (1) the processing is based on an agreement as per article 6 para 1 a DSGVO or article 9 para 2 a DSGVO or on a contract as per article 6 para 1 b DSGVO
  • (2) the processing is done with the help of automated processes.

In performing this right, the affected person additionally has the right to enforce that the personal data related to him is directly transferred from one responsible to another as far as this is technical viable. Prerequisites are though that freedom and rights of other persons are not being affected by that.

This right of data transferability is not applicable for a processing of personal data that is required for the percipience of a task which is of public interest or is being carried out in the exertion of public force that has been transferred to us, the responsible.

If an affected person intends to enforce the right of data transferability he can always refer to our staff. For contact details, please refer to this declaration or to our imprint.

  1. Right of objection
    (see also article 21 DSGVO)

Every affected person has the right, for reasons stemming out of his special situation, to object against the processing of personal data relating to him which is collected as per article 6 para 1 e or f DSGVO; this is also valid for a profiling based on these regulations.

We as responsible are not processing the personal data any more unless we can prove forcing and protection requiring reasons that are outweighing the interest, rights and freedom of the affected person or the processing serves for the enforcement, exertion or defense of legitimate claims.

In case the personal data is processed for direct advertising, every affected person has the right to object to processing personal data relating to them for such advertising purposes at any time; this is also valid for the profiling as long as it is connected to such direct advertising.

Does an affected person object to the processing for direct advertising, the personal data will not be processed for these purposes any more.

Stemming from their special situation, the affected person has furthermore the right to object to the processing of personal data related to them for scientific or historical research purposes or for statistical purposes as per article 89 para 1 DSGVO, unless the processing is necessary for fulfilling tasks of public interest.

In relation to the use of services of the information corporation, every affected person has the option to make use of their right of objection via automated processes where technical specifications are being used – irrespective of the guideline 2002/58/EG.

For the exertion of the right of objection the affected person can always refer to our staff. For contact details, please refer to this declaration or to our imprint.

  1. Right of retraction of the data laws declaration of consent
    (see also article 21 DSGVO)

Every affected person has the right to retract their data laws declaration of consent at any time. The lawfulness of the processing based on the declaration of consent until its retraction will not be impacted by the retraction.

For the exertion of this right the affected person can always refer to our staff. For contact details, please refer to this declaration or to our imprint.

  1. Automated decisions in an individual case including profiling
    (see also article 22 DSGVO)

Every affected person has the right to not be subjected to a decision exclusively based on automated processing - including profiling – which unfolds legal effects against him or similarly impacts him heavily.

This does not apply if the decision

  • (1) is necessary for the conclusion or completion of a contract between the affected person and the responsible,
  • (2) is permissible based on legal provisions of the Union or of the Member States the responsible is subjected to and these legal provisions contain appropriate measures for ensuring their rights and freedom as well as their eligible interests or
  • (3) is carried out with their explicit permission.

However, these decisions are not allowed to be based on special categories of personal data as per article 9 para 1 DSGVO, as long as article 9 para 2 a or b DSGVO are not applicable and appropriate measures have been taken for the protection of their rights and freedom as well as their eligible interest.

Concerning the cases mentioned in (1) and (3), we, the responsible, take appropriate measures to keep the rights and freedom as well as the eligible interest of the affected person, whereas at least the right of effecting the intervention by a person on our side, the responsible, of demonstrating the own point of view and of contesting the decision belong to them.

  1. Right of complaint towards a regulating authority
    (see also article 51 ff. DSGVO)

Notwithstanding of other rights and/or the legal remedies, every affected person has a right of complaint towards the responsible authority in case of violations of data protection law. The responsible authority for questions relating to data protection law is the state data protection commissioner of the state where our company has its place of business, in this case the state data protection commissioner of Lower Saxony. The state data protection commissioner for the data protection Lower Saxony can be contacted as follows:

Prinzenstraße 5, 30159 Hannover
Phone: +49(0)511 – 1204500
Fax:       +49(0)511 – 1204599

The aforementioned inspection authority where a complaint is being filed will inform the claimant on the status and the results of the complaint including the possibility of a judicial appeal as per article 78 DSGVO.

  1. Change of our data protection declaration

To ensure that our data protection declaration is always in accordance with the latest legal requirements, we reserve the right of changes at any time. This also applies in case the data protection declaration has to be adjusted because of new or revised services. The new data protection declaration then applies at your next visit on our homepage.