Data protection

With this privacy statement, we want to inform you about the functions of our website relevant for data protection. It explains which data we collect and what they are used for, and you are informed about your rights.

CONTENT

1. Generalities
2. Terms
3. Information according to article 13 GDPR
4. Information on the applications on our website

1. GENERALITIES

From time to time, a data transmission via Internet can contain security gaps so that an absolute protection cannot be guaranteed. Therefore, you can also transfer your data otherwise, e.g. by telephone.

SSL encryption

Our website is SSL-encrypted. This is a system to protect the transmission of data; in general, they can then not be read by any third parties. You can recognize an encrypted connection by the small padlock shown in the address line of your browser and the switch from “http” to “https”.

Collection of general data and information

When you access our website, a series of general data and information is collected automatically. They are saved in so-called logfiles of the server. The following information can be seized:

  • Browser type and versions used
  • Operating system used by the accessing system, i.e. in general your computer
  • Referrer, i.e. the website from which you/the accessing system arrives on our website
  • The sub-websites which are targeted on our website through the accessing system
  • Date and time of access to our website
  • IP address (Internet Protocol Address)
  • The Internet Service Provider of the accessing system
  • Other similar data and information serving the defence against dangers in case of attacks on our systems 

These data are collected anonymously. We do not use these data to draw any conclusions about the concerned person. You can find information on the applications and functions used on our website which are privacy-related in the section “Information on the applications on our website”.

2. TERMS

To make the following privacy statement more comprehensible for you, we introduce you to some definitions of terms that we consider important:

GDPR is the abbreviation of General Data Protection Regulation (Regulation 2016/679 of the European Parliament and the Council from April 27, 2017)

Personal data is all information relating to an identified or identifiable individual (hereinafter “concerned person”). An individual is deemed identifiable if he/she can be directly or indirectly identified, in particular by assignation to an identifier like the name, ID number, site data, an online ID or one or more special characteristics which are expressions of the physical, physiological, genetical, psychical, economic, cultural or social identity of such individual.

Concerned person is every identified or identifiable individual the personal data of whom are processed by the Processing Responsible.

Processing is every procedure or series of procedures executed with or without automated methods relating to personal data like the rising, collection, organization, sorting, saving, adjustment or change, selection, retrieval, use, disclosure by transmission, dissemination or any other form of provision, reconciliation or combination, limitation, deletion or destruction.

Limitation of processing is the marking of saved personal data for the purpose of limiting their future processing.

Responsible or Processing Responsible is the individual or entity, authority, institution or other body which, alone or together with others, decides on the purposes and means of processing of personal data. If the purposes and means of such processing are imposed by EU law or the laws of the member states, the Responsible / the particular criteria of its/his nomination can be provided for according to EU law or the law of the member states.

Processor is an individual or entity, authority, institution or other body which/who processes the personal data on behalf of the Responsible.

Recipient is an individual or entity, authority, institution or other body to which/whom personal data are disclosed irrespective of whether it is a third party or not. Authorities which may receive personal data within a particular investigation mandate according to EU law or the law of the member states, however, are not deemed recipients.

Third party is an individual or entity, authority, institution or other body other than the concerned person, the Responsible, the Processor and the persons authorized to process the personal data under the direct responsibility of the Responsible or the Processor.

Consent is every expression of will voluntarily provided by the concerned person in an informed and unequivocal manner for the particular case in the form of a declaration or another clear confirming act by which the concerned person communicates that he/she consents to the processing of the personal data relating to him/her.

Third country within the meaning of the GDPR is every country that is neither a member of the European Union nor of the European Economic Area.

3. INFORMATION ACCORDING TO ARTICLE 13 GDPR

Name and address of the Responsible
The Responsible within the meaning of the General Data Protection Regulation is

INFAI GmbH
Gottfried-Hagen-Str. 60-62
D-51105 Köln
Tel.: +49 22188044-3
Fax: +49 22188044-55
Email: mail@infai.de
represented by the managing director Dr. Sitke Aygen

Name and address of the Data Protection Officer
The Data Protection Officer is
Ms. Christiane Henneken (lawyer)
henneken & partner rechtsanwälte
Aachener Straße 340-346
D-50933 Köln
datenschutz@infai.de

Categories of concerned persons

  • Visitors and users of our website/our online offer.
  • Types of processed data
  • Contact data (e.g. email, telephone numbers), as far as they are provided
  • Contents data (e.g. text entries)
  • Usage data (e.g. access times, visited pages)
  • Meta-/communications data (e.g. device information, IP addresses)

Purpose of processing

  • The processing occurs for the following purposes:
  • For the provision of our online offer, its functionalities and contents
  • To optimize our website and its security
  • To measure the reach/for marketing (see details in the section “Information on the applications on our website”)

Legal basis of the processing
As far as the legal basis is not mentioned in the privacy statement, in particular in the section “Information on the applications on our website”, the following applies:

  • The legal basis for obtaining your consent is Art. 6 par. 1a)
  • The legal basis for processing to fulfil our services, execute contractual and pre-contractual measures and reply to requests is Art. 6 par. 1b) GDPR
  • The legal basis for processing to fulfil our legal obligations is Art. 6 par. 1c) GDPR
  • The legal basis for processing to preserve our justified interest is Art. 6 par. 1f) GDPR

Deletion and blocking of personal data
We only process and store your personal data for the period of time required to achieve the purpose of storage or, if this is provided for in the laws and provisions, for the period of time imposed there. If the purpose of storage lapses or if the legally provided retention period expires, the personal data are routinely deleted according to the legal provisions.

Processor
If we transmit data to other persons and companies or otherwise grant them an access to the data, this only occurs on the basis of a legal permission. As far as we assign the processing of data to any third parties on the basis of a so-called “processing contract”, this occurs on the basis of Art. 28 GDPR.

Transmission to third countries
If we process any data in a third country or this occurs within the use of third-party services, this will only occur as far as we are legally permitted to do so. As far as we process any data in a third country or have them processed by any third parties (contract processing), this occurs on the basis of Article 44 et seq. GDPR.

Your rights as concerned person
Right to information (Art. 15 GDPR). You have the right to demand information from us on whether we process any of your personal data and, if this is the case, you also have the right to demand information about the following issues:

  • The purposes of processing
  • The categories of personal data being processed
  • The recipients or categories of recipients to which the personal data have been or will be disclosed, in particular in case of recipients in third countries or with international organizations
  • If possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for the determination of such duration
  • The existence of a right to correction or deletion of personal data concerning them or to limitation of the processing by the Responsible or of the rights to objection to such processing
  • The existence of a right to complaint with a supervisory authority
  • If the personal data are not collected from the concerned person: all available information about the origin of the data
  • The existence of an automated decision-making including profiling according to article 22 par. 1 and 4 GDPR and — at least in such cases — conclusive information about the involved logics and the reach and the intended effects of such processing on the concerned person 

If your personal data are transmitted into a third country or to an international organization, you further have the right to be informed about the suitable guarantees according to article 46 GDPR in connection with the transmission. Within the information request, we will provide you with a copy of such personal data which are subject to the processing according to article 15 par. 3 GDPR. We can demand an appropriate remuneration for any additional copy. If you submit the application electronically, we will provide the data in an electronic format unless you provide any other indication.

Right to correction (Art. 16 GDPR)
You have the right to require us to correct any incorrect personal data concerning you. You also have the right to demand the completion of incomplete personal data under consideration of the purpose of the processing.

Right to deletion (so-called right to be forgotten, Art. 17 GDPR)
You have the right to require us to delete your personal data if the following applies, as far as the processing of the personal data is not necessary:

  • The personal data are no longer necessary for the purposes for which they have been collected or have been otherwise processed.
  • You have revoked your consent on which the processing is based, and there is no other legal basis for the processing.
  • You object to the processing according to Art. 21 par. 1 GDPR, and there are no prevailing justified reasons for the processing, or you object to the processing according to Art. 21 par. 2 GDPR.
  • The personal data have been unlawfully processed.
  • The deletion of the personal data is required to fulfil a legal obligation according to EU law or the law of the member states we are subject to.
  • The personal data have been collected with respect to services offered by us according to Art. 8 par. 1 GDPR.

If the personal data have been published by us and if we are obliged to delete the personal data as the Responsible according to Art. 17 par. 1 GDPR, we will take the appropriate measures, including technical measures, under consideration of the available technology and the cost of implementation, to inform other Processing Responsibles processing the published personal data that you have required those other Processing Responsibles to delete all links to these personal data or copies or replications of these personal data, as far as the processing is not necessary.

Right to limitation of the processing (Art. 18 GDPR)
You have the right to require us to limit the processing if one of the following preconditions is fulfilled:

  • You deny the correctness of the personal data for a duration allowing us to check the correctness of the personal data.
  • The processing is unlawful, and you refuse the deletion of the personal data and demand the limitation of the use of the personal data instead.
  • We do not need the personal data anymore for the purposes of the processing, but you still need them to assert, exercise or defend any legal rights.
  • You have objected to the processing according to Art. 21 par. 1 GDPR, and it is not yet sure if our justified reasons prevail over your justified reasons.

If the processing of your personal data has been limited according to the above-mentioned provisions, we may process them only - apart from their storage - with your consent or to assert, exercise or defend legal rights or to protect the rights of another individual or entity or for reasons of an important public interest of the EU or of a member state. We will inform you before a limitation is cancelled.

Right to objection (Art. 21 GDPR)
You have the right to object anytime to the processing of the personal data concerning you occurring on the basis of Art. 6 par. 1 e or f GDPR (processing for public interest or to preserve a justified interest) for reasons resulting from your special situation; this also applies to a profiling based on these provisions. We will no longer process the personal data then, unless we can prove compulsive reasons for the processing worthy of protection which prevail over your interests, rights and freedoms or if the processing serves to assert, exercise or defend legal rights. If personal data are processed to conduct direct advertising, you have the right to object to the processing of the personal data for the purpose of such advertising any time; this also applies to the profiling as far as it is connected to such direct advertising.

Right to revocation (Art. 7 par. 3 GDPR)
If you have granted us consent to process your personal data, you have the right to revoke it any time without indicating any reasons. The lawfulness of the data processing that has occurred until the revocation remains unaffected by the revocation.

Automated decisions in the individual case including profiling
You have the right not to be subjected to a decision exclusively based on an automated processing – including profiling – that becomes legally effective vis-à-vis you or significantly affects you in a similar way as far as the decision is not necessary for the conclusion or performance of a contract between you and us or is admissible on the basis of legal provisions of the EU or of the member states we are subject to and these legal provisions include appropriate measures to preserve your rights and freedoms and the justified interest or if it occurs with your express consent. If the decision is necessary for the conclusion or performance of a contract between you and us or if it occurs with your express consent, we will take appropriate data protection measures to preserve your rights and freedoms and the justified interest, which includes at least the right to effectuate our intervention, to explain your own view and to object to the decision.

Right to data portability (Art. 20 GDPR)
You have the right to receive the personal data concerning you which you have provided to us in a structured, common and machine-readable format. Besides, you have the right to transmit these data to another Responsible without any interference by us as far as the processing is based on the consent according to Art. 6 par. 1 a GDPR or Art. 9 par. 2 a GDPR or on a contract according to Art. 6 par. 1 b GDPR and the processing occurs by means of automated procedures.You have the right to cause us to directly transmit the data to another Responsible as far as this is technically possible and no rights and freedoms of any other persons are impaired.

Right to complaint (Art. 77 GDPR)
Irrespective of any other remedies under administrative or judicial law, you have the right to complain with a supervisory authority if you think that we process your personal data in violation of the GDPR. A supervisory authority can be, in particular, the one in the member state of your place of residence, your place of work or the place of the assumed violation. You can find an overview of the German supervisory authorities e.g. on the website of the Federal Data Protection Officer.
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

4. INFORMATION ON THE APPLICATIONS ON OUR WEBSITE 

Cookies
Like many other websites, our website uses cookies. Cookies are text files that are deposited and saved on a computer through an Internet browser; they do not cause any damage. They serve to make the offer of the website user-friendly and to optimize it.

Cookies have a cookie ID. This is a unique identifier consisting of a series of characters. It allows assigning websites and servers to the Internet browser in which the cookie has been saved. This allows the visited website/the server to differentiate the browser of the concerned person from other Internet browsers. Cookies allow for recognition of the users of our website, this is supposed to facilitate the use of our website.

At the moment of access to our website, we place cookies to assess the screen resolution in which the breadth and height of the screen pixels is saved. This serves to guarantee the best possible display of our website on your screen to you.

You can avoid the use of cookies by our website by adjusting the settings of your browser. You can also delete any cookies already placed through your browser anytime. If you configure the settings of your browser so that no more cookies can be placed, this might limit the functionality of our website.

Cookies which are necessary to execute the electronic communication or to provide certain functions are saved on the basis of Art. 6 par. 1f) GDPR. We have a justified interest to save cookies to be able to provide our websites in a technically flawless and optimized manner.

Analytical tool Webalizer
For analytical purposes, we use the tool “Webalizer” on our website, which statistically evaluates the visitors’ accesses to our website. Webalizer saves no/only abbreviated IP addresses. On the basis of the data of the server logfiles, Webalizer prepares overviews, for which purpose the following statistical data are collected by Webalizer:

  • Hits (every request to the server)
  • Files (answers sent, e.g. HTML page or graphic)
  • Pages/ page views (every HTML document)
  • Sites (number of the different IP addresses having sent requests to the server)
  • Visits (visit of a website within a determined period of time)
  • Kbytes (scope of the data sent by the server within the reporting period)
  • Top entry and exit websites
  • Total referrers (websites from which the visitors have come)
  • Search strings (terms used to search in the search engines)
  • Browser/ user agents (browsers used by the visitors of the website)
  • Countries (from which countries have requests been sent to the server)

Data protection for job applications
If you send us any application documents per email, we process the personal data to process the job application. If no employment relationship is concluded between you and us, we will delete the application documents six months from the notification of the negative decision, as far as there are no other justified interests preventing a deletion. Such a justified interest is e.g. a burden of proof in procedures according to the General Equal Treatment Act (AGG, Allgemeines Gleichbehandlungsgesetz). If an employment contract is concluded, we process the personal data to execute the employment relationship; in such case, you will be informed once more separately at contract conclusion according to Art. 13 GDPR.

© henneken & partner rechtsanwälte  - http://www.henneken.biz

Diese Seite verwendet Cookies, um Ihnen als Nutzer das bestmögliche Nutzererlebnis zu ermöglichen. Mit der Nutzung unserer Dienste erklären Sie sich mit unserem Einsatz von Cookies einverstanden. Details erfahren Sie hier.