1. Home
  2. Privacy Policy

Information about data processing

V2 (022024)

Ingentis uses the onlyfy one service (by XING) to process job applications. This Privacy Policy will inform you about the processing of your data by the onlyfy one service and by Ingentis.

Shared responsibility

With regard to interaction within the company account of Ingentis, Ingentis and New Work SE have shared responsibility pursuant to Article 26 GDPR, as they jointly determine the purposes and means of processing pursuant to Article 4 (7) GDPR. The current version of the agreement on shared responsibility pursuant to Article 26 GDPR, which New Work SE concludes with companies that use onlyfy one, can be viewed here https://www.xing.com/terms/onlyfy-one to gain information on the key aspects of the agreement.

Data processing by New Work SE

onlyfy one is part of the extensive XING service operated by New Work SE, which pursues the aim of improving and simplifying users’ working lives with a variety of applications (onlyfy one, as well as the XING social and jobs network, kununu, etc.), and creates a more fulfilling working world of work for individuals while boosting the performance of companies. As part of the extensive XING service, onlyfy one is an online platform on which or through which talent and companies meet.

With regard to data processing for which New Work SE is solely responsible or is responsible within the scope of the shared responsibility with Ingentis, detailed information is available in the XING Privacy Policy at https://privacy.xing.com/en/privacy-policy. You will also find contact details for New Work SE, as well as for the New Work SE data protection officer there.

Job applications with onlyfy one

When submitting an application, you enter into a user relationship with New Work SE for the purpose of processing applications. In addition, you will receive support and New Work SE can present you with other opportunities in support of your career. A public profile will not be automatically created for you on the XING social and jobs network. The legal basis for New Work SE processing your data is, in particular, Article 6 (1)(b) GDPR (processing necessary for the performance of a contract).

Pausing your online application

You can pause the creation of your online application at any time and continue at a later point. Cookies are used for this purpose. The data you provide to create the user account, as well as any uploaded documents, are recorded in the company account of Ingentis in onlyfy one. The data remains recorded even if an application is paused and/or not completed. In this case, your application is flagged as incomplete and the data remains visible to Ingentis only.

Visibility of your data

The data you have provided as part of the online application can be read, edited, or updated in your candidate profile at any time.

Notes on the special functions of onlyfy one

Calendar function

If the calendar function is used, your data is processed during and for the purpose of setting appointments within the application process. The legal basis is Article 6 (1)(f) GDPR. The calendar function is provided by an IT service provider (Cronofy Ltd., United Kingdom). The United Kingdom is classified as a secure third country based on the adequacy decision of the European Commission. Further information on data protection at Cronofy is available here: https://www.cronofy.com/gdpr/ and https://docs.cronofy.com/policies/privacy-notice/

WhatsApp application

If you use the apply using WhatsApp function, your consent, which can be withdrawn at any time, forms the legal basis for communication (Article 6 (1)(a) GDPR). When applying via WhatsApp, all required applicant information is requested during a WhatsApp chat. The data is then sent directly to onlyfy one through a service provider, and is processed further there as part of and for the purpose of the normal application process.

The apply via WhatsApp function is provided by an IT service provider (PitchYou) that can gain access to your data for this purpose. More information is available here: https://www.pitchyou.de/en/pitchyou-gdpr. Candidate data from apply via WhatsApp are transferred to onlyfy one via an interface. Immediately after this transfer, candidate data are deleted from the apply via WhatsApp infrastructure in PitchYou. Further processing then takes place exclusively in onlyfy one.

Please note that you use your personal WhatsApp account for applications, and therefore we cannot rule out that messages will be transferred, to the USA in particular. WhatsApp data protection information, such as its processing or exercising of data protection rights with regard to WhatsApp is available here: https://www.whatsapp.com/legal/privacy-policy-eea.

Subject to your consent, your application will be sent from WhatsApp via the PitchYou infrastructure to onlyfy one. You have the right to withdraw your consent to this at any time. Either way, your application data will be deleted from the PitchYou infrastructure once transferred to onlyfy one, meaning that PitchYou will not process your data any further.

Applicability of the Swiss Federal Data Protection Act (FADP)

The FADP applies to circumstances which have an impact on Switzerland, even if said circumstances are initiated outside of Switzerland. Correspondingly, this privacy policy applies to information in line with the EU GDPR and the FADP. Here, EU GDPR terminology is used in favour of FADP terminology. However, FADP terminology is used if the FADP applies and the terminology differs from EU GDPR terminology in a given language. The About this site section on XING contains the name and address of our representative in Switzerland.

Data privacy policy

Preamble

This document is for informational purposes only. The legally binding version is always the German version of this document. Prescreen International GmbH, Mariahilfer Straße 17, 1060 Vienna, Austria (hereinafter referred to as “Prescreen”) offers the e-recruiting system “Prescreen” on the *.jobbase.io domain (hereinafter referred to as “jobbase.io”), where companies can advertise job vacancies and receive and manage applications. Within the framework of these activities, Prescreen processes personal data on behalf of and for the purposes of the company that you wish to contact with regard to your application. In terms of data protection legislation, that company is designated as a controller within the meaning of Art. 4 (7) of the General Data Protection Regulation (GDPR). Prescreen acts in this relationship as a processor within the meaning of Art. 4 (8) GDPR. The protection and confidentiality of your data are of particular importance to Prescreen. Of course, your data are processed exclusively in accordance with the relevant data protection provisions, in particular the Austrian Data Protection Act (DSG), the Austrian Telecommunications Act (TKG), the German Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG). This Data Protection Policy also meets all of the statutory requirements that will become mandatory with the enactment of the European General Data Protection Regulation (GDPR). The GDPR comes into force on 25 May 2018. Under no circumstances will Prescreen transmit your personal details to third parties for advertising, marketing or other purposes without authorisation. If you have any questions about this Data Protection Policy, you can contact the company responsible or Prescreen by email at support@prescreen.io.

  1. What are personal data?

    Personal data are considered to be all information that allows conclusions to be drawn about your personal or material circumstances, or from which it is possible to identify you.

  2. What data are collected?

    1. For the automated processing of your application, the following data are collected and processed:
      1. first name, surname, email address and, as necessary, address/location, date of birth, title, telephone number, nationality
      2. Additional questions depending on the respective job vacancy (e.g. driving licence)
      3. CV, in particular information about professional experience and training
      4. Skills (e.g. Photoshop, MS Office)
      5. Application photo
      6. Qualifications, awards and linguistic skills
      7. Covering letter
      8. Any files and documents that you upload
    2. We store the written electronic communication that takes place between you and the company to which you are applying. In addition, we process comments and assessments that are written about you in the course of your application process.

    3. To allow us to adapt our services to your needs in future and facilitate easy use of our website, we record statistical information about your surfing behaviour on our website (e.g. the areas of the website you click on or the times when you log in). This data may be recorded for the purposes of support or service optimisation and viewed at any time by the Prescreen administrator, as required.

  3. Purpose of data collection

    Prescreen processes and uses the personal data collected to provide Prescreen services, for the purposes of registration on the companies’ websites, and for the purposes of sharing information between applicants and companies. We wish to draw your attention to the fact that for the purposes of direct advertising we will send you electronic messages about new job offers from companies to which you have previously applied. On behalf of those companies, we process your name, your email address and the data that you entered on your previous application. You can object to receiving these messages at any time by emailing the company concerned or Prescreen at support@prescreen.io.

  4. What are cookies?

    1. Prescreen uses “cookies” to operate its website. These are used to make our website content more user-friendly, more effective and more secure. Cookies are small text files that are stored on your computer. “Session cookies” are deleted as soon as you leave our website. In contrast, permanent cookies (e.g. to enable you to return to the application process at a later stage) remain on your computer’s hard drive until they are deleted by your browser. You can prevent the installation of cookies on your computer by adjusting your browser software accordingly. Please note, however, that in this case some functions of Prescreen may not be available to you to their full extent.
    2. Cookies may be required to maintain the “functionality” of the website. Use of such cookies does not require consent and cannot therefore be deactivated. Cookies that are used to “analyse” your behaviour on our website are saved only with your consent. If we use cookies that require consent, when you first access our website there will appear a cookie banner on which you can agree to the use of cookies that require consent. If you wish to change your cookie settings at a later date, you can make the change on the website in the “Cookies” section.
    3. Below is a list of the cookies used:
      PHPSESSID Session Cookie Function This cookie is used to identify the user during his/her use of Prescreen. The cookie is essential for the website to function properly. The cookie ceases to be valid once the browser is closed. jobbase.io
      REMEMBERME Persistent Cookie Function This cookie is used to restore a session that has timed out. The cookie ceases to be valid after two weeks. jobbase.io
  5. Are data transferred to or collected by third parties?

    Data collected within the context of your application are not published or forwarded without authorisation, i.e. without your consent, to third parties. Apart from our employees who process your data in the course of providing our services, we transfer your data to the following recipients:

    1. Companies with which contact is to be made in the context of your application process.
    2. Sub-contracted processors acting as IT service providers help us provide our services and in the context of hosting services. They have registered offices in Austria and Germany. If other processors are commissioned with maintenance work, those processors may gain access to your data in the course of their work. In such cases, Prescreen undertakes to oblige them contractually to comply with the applicable data protection provisions and with the provisions regarding data protection and confidentiality under this Agreement.
    3. Prescreen may be legally obliged to disclose your data if the data are required to assert, exercise or defend legal claims of the customer in respect of the authorities.

    If Prescreen wishes to use your data in a way that goes beyond that described above, Prescreen will first obtain your express consent.

  6. Storage periods

    1. Personal data of rejected applicants are stored for a maximum of six months, starting from the date of rejection of the application. If you prefer a longer storage period for your application process (to continue your application at a later date, for example), we request that you adjust the settings accordingly when you register.

    2. Longer storage periods may also result from the fact that the data are required to assert, exercise or defend legal claims in respect of the authorities or if statutory storage periods apply. The data will be stored as long as necessary to fulfil these purposes.
  7. Your rights with regard to stored data

    1. You have the right to free information about the personal data about you that we process, as well as the right to correct and erase data, to limit data processing, and the right to data transferability. If you wish to assert these rights or obtain further information about them, please send an email to the relevant company or Prescreen at support@prescreen.io.
    2. As a matter of principle, our Data Protection Policy and our responsibility and liability in this connection does not cover websites of third-party providers to which we provide links or to which you are forwarded. We are also not responsible for subsequent data processing by the operators of those websites in such cases.


  8. Withdrawal option

    1. You may at any time withdraw any consent you may have given as required by data protection law, with effect from that point forward. If you wish to exercise your right to withdraw, please send an email to the relevant company or Prescreen at support@prescreen.io.
    2. If we use cookies that require consent on our website and you have also agreed to their use, you can withdraw that consent on our website in the “Cookies” section. You will find further information about cookies under section 4, “What are cookies”.


  9. Validity of the Agreement (severability clause)

    The legal inadmissibility, ineffectiveness, invalidity or unenforceability of parts of these data protection provisions and conditions of use does not affect the effectiveness and validity of the remaining provisions.

  10. Complaints to the data protection authorities

    If you believe that we are processing your data in contravention of applicable legal regulations, you can make a complaint to the Austrian data protection authorities or other responsible supervisory authority (in particular in the member state of your place of residence or work).

  11. Contact details of the controller company under data protection legislation

    support@prescreen.io


Privacy Statement Ingentis

Data protection is paramount for out company. You do not have to provide personal data when visiting our website. If an affected person wishes to use particular services of our company online, however, it may be necessary to process personal data. If personal data does need to be processed and if there is no legal basis for such processing, we generally obtain the consent of the affected person.

The processing of personal data, such as name, address, email address or telephone number of an affected person is always in compliance with the Federal Data Protection Act (BDSG), the EU General Data Protection Regulation (DS-GVO), effective from 2018-05-25, and other applicable legislation. Our company is issuing this Privacy Statement to provide information about the type, scope and purpose of the personal data we process and to make the affected persons aware of their rights.

Our company has implemented numerous technical and organizational measures to ensure that the processed personal data is afforded the most comprehensive protection possible. Nonetheless, Internet-based data transmissions can essentially involve vulnerabilities, and so absolute protection cannot be guaranteed.

1 Definitions

Our company's Privacy Statement is based on the DS-GVO. Our Privacy Statement is designed to be easily readable and understandable. To ensure that this is the case, we would like to explain the terms used therein at the outset:

1.1 Personal data

Personal data means "all items of information that refer to an identified or identifiable natural person (referred to below as "affected person"); a natural person, who can be identified, either directly or indirectly, specifically by association to an identifying attribute such as a name, location data, an online identifying attribute or one or several special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of such natural persons, is considered to be identifiable" (DS-GVO, Article 4, para. 1).

1.2 Affected person

An affected person is any identified or identifiable natural person, whose personal data is processed by the party responsible for processing.

1.3 Processing

Processing is any operation carried out with or without the aid of automated processes, or any such series of operations in connection with personal data, including the collection, recording, organization, arrangement, storage, amendment or modification, exporting, requesting, usage, disclosure by means of circulation or any other form of provisioning, reconciliation or linking, limitation, deletion or destruction.

1.4 Limitation of processing

Limitation of processing is the marking of stored personal data, the aim being to limit the future processing thereof.

1.5 Profiling

Profiling is any kind of automated processing of personal data during which such personal data are used in order to obtain and evaluate certain personal aspects that refer to a natural person, in particular in order to analyze or predict aspects with respect to performance, economic situation, health, personal preferences, interests, dependability, conduct, whereabouts or change of location of such natural person.

1.6 Pseudonymization

Pseudonymization is the processing of personal data, such that these personal data can no longer be associated with a specific affected person without referring to additional information. These additional information are stored separately and are governed by technical and organizational measures to guarantee that the personal data cannot be associated with an identified or identifiable natural person.

1.7 Responsible party or party responsible for processing

A responsible party or party responsible for processing is the natural or legal person, authority, institution or other facility that decides, alone or together with other parties, on the purpose for and method of processing personal data.

1.8 Order processor

An order processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the responsible party.

1.9 Recipient

A recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, whether a third party or not. Authorities that might receive personal data under the terms of a specific inquiry remit in accordance with European Union legislation or the law of the member stages are not, however, considered to be recipients.

1.10 Third parties

A third party is a natural or legal person, authority, institution or other body, other than the affected person, the responsible party, the order processor and those persons who are authorized to processes the personal data under the direct responsibility of the responsible person or the order processor.

1.11 Consent

Consent is any declaration of intent given voluntarily by the affected person for the case concerned in an informed and clear manner in the form of a declaration or any other distinct, affirming action, through which the affected person states that they consent to the processing of their personal data.

2 Name and address of the party responsible for processing

The responsible party pursuant to the DS-GVO is:

Ingentis Softwareentwicklung GmbH
Raudtener Str. 7
90475 Nuremberg
Germany
Email:mail@ingentis.com

www.ingentis.com

3 Contact data for our external Data Protection Officer

Mr. Michael Gruber
BSP-SECURITY
Franz-Mayer-Str. 1
D-93053 Regensburg

Tel. +49 (0) 941 46 29 09 29
info[at]bsp-security.de
www.bsp-security.de

Any affected person can contact our Data Protection Officer directly if they have any questions or suggestions regarding data protection.

4 Cookies

The websites of our company use cookies. Cookies are text files that are placed and stored on a computer system via an Internet browser.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID, which is unique to the cookie concerned. It is made up of a character sequence via which websites and servers can be associated with the very Internet browser in which the cookie was stored. This allows the visited websites and servers to distinguish between the browser of the affected person and other Internet browsers that contain different cookies. A particular Internet browser can be recognized and identified via the unique cookie ID. Cookies allow Ingentis Softwareentwicklung GmbH to provide the users of this website with more user-friendly services that would not have been possible had cookies not been set.

A cookie allows the information and offers on our website to be optimized for the user's purposes. Cookies allow us, as already mentioned, to recognize the users of our website. The purpose of such recognition is to make it easier for such users to make use of our website. For example, the users of a website that uses cookies do not have to re-enter their access data at each visit. This is done by the website and the cookies stored on the user's computer system. Another example is the cookie of a shopping cart in the online shop. The online shop remembers the items a customer has placed in the virtual shopping cart via a cookie.

The affected person can prevent cookies being stored by our website at any time via a setting in the Internet browser used. In this case, cookies will never be stored. Furthermore, cookies that have already been stored can be deleted at any time via an Internet browser or a different software program. This is possible in all standard Internet browsers. If the affected person deactivates cookies in the Internet browser used, the full functionality of our website may not be available.

5 Recording general data and information

The webserver of Ingentis Softwareentwicklung GmbH gathers a series of general data and information each time an affected person or an automated system launches the website. This general data and information are stored in the server's logfiles. Data that can be gathered include the used browser types and versions, the operating system used by the accessing system, the website from which an accessing system enters our website, the sub-websites that are directed to our website via an accessing system, the date and time of an access to our website, an Internet protocol address (IP address), the Internet Service Provider of the accessing system and other similar data and information that serve to avert risk in case of attacks on our IT systems.

In using this general data and information, Ingentis Softwareentwicklung GmbH does not draw any conclusions about the affected person. Instead, such information is required in order to deliver the contents of our website in a correct manner, to optimize the contents of our website and the advertising for such websites, to guarantee the permanent functionality of our IT systems and the technology of our websites, and also to provide the law enforcement authorities with the information required to carry out prosecution proceedings in case of a cyber attack. Ingentis Softwareentwicklung GmbH analyzes this anonymously collected data and information for statistical purposes. Another aim is to increase the level of data protection and data security within in our company in order to ultimately ensure optimized protection for the personal data we process. The anonymous data in the server logfiles are stored separately from any personal data provided by an affected person.

6 Contact possibility via the website

To comply with statutory regulations, our company website contains data that allows fast electronic contact with our company and direct communication with us, including a general address for so-called electronic mail (email address). Insofar as an affected person makes contact with the party responsible for processing via email or a contact form, the personal data transmitted by the affected person are automatically stored. Such personal data transmitted voluntarily by an affected person to the party responsible for processing are stored for the purposes of processing or contacting the affected person. These personal data are not transmitted to any third party.

7 Routine deletion and blocking of personal data

The party responsible for processing processes and stores personal data of the affected person only for the period required to achieve the processing purpose and insofar as this is prescribed by the legislators in laws or regulations with with the party responsible for processing is obliged to comply. If the reason for storage no longer applies or if a storage period prescribed by the legislators expires, the personal data will be blocked or deleted as a matter of routine and in accordance with the statutory regulations.

8 Rights of the affected person

8.1 Right to confirmation

Each and every affected person is entitled to request the party responsible for processing to provide confirmation of whether the affected personal data are being processed. If an affected person wishes to exercise this right to confirmation, they are welcome to contact our Data Protection Officer or any other employee of the party responsible for processing at any time.

8.2 Right to information

Each and every person affected by the processing of personal data is entitled to receive from the party responsible for processing free information about their stored personal data and a copy of such information, as well as the information stated below:

  • the purposes of processing
  • the categories of personal data that is processed
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly in case of recipients in third-party countries or at international organizations
  • where possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for specifying such period
  • the existence of a right to the correction or deletion of their personal data or to any limitation of processing by the responsible party or right of objection to such processing
  • the existence of a right to lodge a complaint with a supervisory authority
  • if the personal data are not collected from the affected person: all available information about the origin of the data
  • the existence of an automated decision-making processing, including profiling pursuant to Article 22, para. 1 and 4 DS-GVO and — in such cases as a minimum — meaningful information about the logic involved, and also the scope and the intended effects of such processing for the affected person

Moreover, the affected person is entitled to information as to whether personal data have been transmitted to a third-party country or to an international organization. If this is the case, the affected person is also entitled to information about the safeguards appropriate for such transmission.

If an affected person wishes to exercise this right to information, they are welcome to contact our Data Protection Officer at any time.

8.3 Right to correction

Each and every person affected by the processing of personal data is entitled to demand the immediate correction of incorrect personal data relating to them. Moreover, the affected person is entitled, with due consideration for the purposes of processing, to demand the completion of incomplete personal data — including by means of a supplementary declaration.

If an affected person wishes to exercise this right to correction, they are welcome to contact our Data Protection Officer or any other employee of the party responsible for processing at any time.

8.4 Right to deletion (right to be forgotten)

Each and every person affected by the processing of personal data is entitled to demand that the party responsible for processing deletes their personal data immediately, insofar as one of the following reasons applies and insofar as such processing is not required:

  • The personal data has been collected or processed for purposes that no longer exist.
  • The affected person revokes their consent, on which the processing pursuant to Article 6, para. 1 a DS-GVO or Article 9, para. 2 lit. a DS-GVO is based, and no other legal basis for processing exists.
  • The affected person objects to the processing pursuant to Article 21, para. 1 DS-GVO, and there are no overriding reasons for the processing, or the affected person objects to the processing pursuant to Article 21, para. 2 DS-GVO.
  • The personal data have been processed unlawfully.
  • The deletion of personal data is required to fulfil a legal obligation in accordance with European Union legislation or the law of the member states with which the responsible party is obliged to comply.
  • The personal data were collected in connection with the services offered by the information society pursuant to Article 8, para. 1 DS-GVO.

Insofar as one of the aforementioned reasons applies and an affected person wishes to arrange for the deletion of the personal data stored at our company, they are welcome to contact our Data Protection Officer at any time. Our Data Protection Officer will arrange for the deletion request to be met without delay.

If the personal data has been disclosed by our company and our company is under an obligation, as the responsible party pursuant to Article 17, para. 1 DS-GVO, to delete the personal data, our company will, with due consideration for the available technology and the implementation costs, take measures, including those of a technical nature, to ensure that other parties responsible for data processing, which process the published personal data, are informed that the affected person has demanded that such other parties responsible for data processing delete all links to such personal data or copies or replications of this personal data, insofar as the processing is not required. The Data Protection Officer will make the necessary arrangements on a case-by-case basis.

8.5 Right to limitation of processing

Each and every person affected by the processing of personal data has the right, granted under European Directives and the regulators, to demand that the responsible party limits processing, if one of the following criteria is met:

  • The accuracy of the personal data is contested by the affected person, specifically for a period that allows the responsible party to verify the accuracy of the personal data.
  • The processing is unlawful, the affected person refuses the deletion of the personal data and demands, instead, the limitation of use of the personal data.
  • The responsible party no longer requires the personal data for the processing purpose, although the affected person does requires the data to assert, exercise or defend legitimate claims.
  • The affected person has objected to the processing pursuant to Article 21, para. 1 DS-GVO and it is still unclear whether the legitimate reasons of the responsibly party outweigh those of the affected party.

Insofar as one of the criteria is met and an affected person wishes to demand a limitation to the processing of the personal data stored at our company, they are welcome to contact our Data Protection Officer at any time. The Data Protection Officer will arrange for the limitation of processing.

8.6 Right to data assignability

Each and every person affected by the processing of personal data is entitled to receive their personal data, which was provided by the affected person to a responsible party, in a structured, standard and machine-readable format. The person also has the right, to transmit this data to a different responsible party without hindrance from the responsible party to whom the data was provided, insofar as the processing is based on the consent pursuant to Article 6, para. 1 a DS-GVO or Article 9, para. 2 a DS-GVO or on a contract pursuant to Article 6, para. 1 b DS-GVO, and the processing is executed by automated procedures, insofar as the processing is not required for a task that is carried out in the public interest or by exercising official authority that was granted to the responsible party.

Moreover, the affected person is entitled, in exercising their right to data assignability pursuant to Article 20, para. 1 DS-GVO, to seek that the personal data are assigned by the responsible party to a different responsible party, insofar as this is technically viable and does not compromise the rights and freedoms of other persons.

In order to assert the right to data assignability, the affected person is welcome to contact our Data Protection Officer at any time.

8.7 Right to objection

Each and every person affected by the processing of personal data is, for reasons ensuing from their particular situation, entitled to object to the processing of their personal data, which is carried out pursuant to Article 6, para. 1 e or f DS-GVO, at any time. This also applies to any profiling based on these provisions.

In case of an objection, our company will cease to process the data unless we are able to demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the affected person, or such processing serves to assert, exercise or defend legitimate claims.

If our company processes personal data for the purpose of direct advertising, the affected person shall be entitled to object to the processing of personal data for the purposes of such advertising. This also applies to any processing associated with such direct advertising. If the affected person objects to our company processing personal data for direct advertising purposes, we shall cease to process the personal data for these purposes.

Moreover, the affected person is entitled, for reasons ensuing from their particular situation, to object to the processing of their personal data, which is carried out at our company for scientific or historical research purposes or for statistical purposes pursuant to Article 89, para. 1 DS-GVO, unless such processing is required to fulfil a task in the public interest.

In order to exercise the right to object, the affected person is welcome to contact our Data Protection Officer directly.

8.8 Automated decisions on a case-by-case basis, including profiling

Each and every person affected by the processing of personal data is entitled not to be ruled by a decision based exclusively on automated processing, including profiling, which stands contrary to their legal effect or which significantly compromises them in a similar way, insofar as the decision is not required to conclude or fulfil the terms of a contract between the affected person and the responsible party, or is permitted under the legislation of the European Union or the member states with which the responsible party is obliged to comply, and such legislation includes measures appropriate to the granting of rights and freedoms, as well as the legitimate interests of the affected person or is taken with the express consent of the affected person.

If the decision is required to conclude or fulfil the terms of a contract between the affected person and the responsible party, or is taken with the express consent of the affected person, out company will take the measures appropriate for safeguarding the rights and freedoms, and also the legitimate interests, of the affected person, including at least the right to seek the intervention of a person by the responsible part, explain their point of view and contest the decision.

If the affected person wishes to assert rights concerning automated decisions, they are welcome to contact our Data Protection Officer at any time.

8.9 Right to revoke consent under data protection law

Each and every person affected by the processing of personal data is entitled to revoke their consent to the processing of personal data at any time. If the affected person wishes to assert their right to revoke consent, they are welcome to contact our Data Protection Officer at any time.

9 Data protection with respect to applications and the application process

The party responsible for processing collects and processes the personal data from applicants for the purposes of the application process. Processing can also be carried out electronically. This is the case particularly if an applicant transmits to our company application documents electronically, by email or via a web form on the website, for example. If our company concludes an employment contract with an applicant, the transmitted data will be stored for the purposes of realizing the employment relationship in compliance with the statutory regulations. If our company does not conclude an employment contract with the application, the application documents will be deleted automatically 6 months after the rejection decision is announced, unless such deletion stands contrary to any other legitimate interests of the party responsible for processing. Other legitimate interest in this sense includes the burden of proof in proceedings pursuant to the General Equal Treatment Act (AGG).

10 Data protection provisions: Tracking tools

Data protection provisions for the deployment and use of Google Analytics

The party responsible for processing has integrated the Google Analytics component (with anonymization function) into this website. Google Analytics is a web analysis service. Web analysis means the gathering, collection and evaluation of data about the behavior of visitors to our web pages. A web analysis service logs data about the website from which an affected person arrives on a website (so-called referrer), which pages of the website are accessed or how often, and the length of time for which a website has been viewed. A web analysis is used primarily to optimize a website and for the cost/benefit analysis of Internet advertising.

The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The party responsible for processing uses the suffix "_gat._anonymizeIp" for web analysis. Google uses this suffix to shorten and anonymize the IP address of the Internet connection of the affected person if our web pages are accessed from a member state of the European Union or from a different state party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze the visitor flows to our website. Google uses the gathered data and information to evaluate how our website is used in order to prepare for us online reports describing the activities on our websites and in order to provide other services associated with the use of our website.

Google Analytics places a cookie on the IT system of the affected person. The meaning of cookies is explained above. Cookies allow Google to analyze how our website is used. Whenever any of the pages of this website, which is operated by the party responsible for processing and into which a Google Analytics component has been integrated, the Internet browser on the IT system of the affected person is automatically prompted by the respective Google Analytics component concerned to transmit data to Google for the purposes of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the affected person, via which Google identifies the origin of the visitors and the clicks and subsequently facilitates commission computations.

Cookies are used to store personal information, such as access time, location from which access is gained and the frequency of visits to our website by the affected person. Each time our website is visited, these personal data, including the IP address of the Internet connection used by the affected person, are transmitted to Google in the USA. These personal data are stored by Google in the USA. Google can potentially transmit these personal data, which are collected by means of technical processes, to third parties.

The affected person can prevent cookies being stored by our website, as described above, at any time via a setting in the Internet browser used. In this case, cookies will never be stored. Making such a setting in the Internet browser would prevent Google from placing a cookie on the IT system of the affected person. In addition, cookies that have already been set by Google Analytics can be deleted at any time via the Internet browser or a different software program.

Furthermore, the affected person has the opportunity to object to, and thereby prevent, the logging of data generated by Google Analytics concerning the use of this website and also to the processing of such data by Google. This requires the affected person to download, and then install, a browser add-on from https://tools.google.com/dlpage/gaoptout. This browser add-on tells Google Analytics, via JavaScript, that no data or information about the visits is allowed to be transmitted from websites to Google Analytics. Google deems the installation of the browser add-on an objection. If the IT system of the affected person is deleted, formatted or re-installed at a later time, the affected person must install the browser add-on again in order to deactivate Google Analytics. Insofar as the browser add-on is de-installed or deactivated by the affected person or a different person under their sphere of influence, the browser add-on can be re-installed or reactivated.

Further information and the applicable data protection provisions of Google can be retrieved from https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at https://www.google.com/intl/de_de/analytics/.

Data protection provisions for the deployment and use of Google Remarketing

The party responsible for processing has integrated Google Remarketing services into this website. Google Remarketing is a function of Google AdWords, which permits a company to fade in advertisements for those Internet users that have visited the company's website beforehand. Accordingly, the integration of Google Remarketing permits a company to create user-related advertisements and consequently to show the Internet user potentially relevant advertisements.

The operating company of the Google Remarketing services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google Remarketing is to fade in potentially relevant advertisements. Google Remarketing allows us to display advertisements through the Google content network, or on other websites, which are matched to individual requirements and interests of Internet users.

Google Remarketing places a cookie on the IT system of the affected person. The meaning of cookies is explained above. Google sets cookies in order to recognize the visitor to our website if they subsequently launch websites that also belong to the Google content network. Whenever a website into which Google Remarketing services have been integrated is launched, Google automatically recognizes the Internet browser of the affected person. During the course of this technical process, Google obtains knowledge of personal data, such as the user's IP address and the surfing behavior, and then uses such knowledge to fade in potentially relevant advertisements.

Cookies are used to store personal information, such as the websites visited by the affected person. Whenever our website is visited, these personal data, including the IP address of the Internet connection used by the affected person, are transmitted to Google in the USA. These personal data are stored by Google in the USA. Google can potentially transmit these personal data, which are collected by means of technical processes, to third parties.

The affected person can prevent cookies being stored by our website, as described above, at any time via a setting in the Internet browser used. In this case, cookies will never be stored. Making such a setting in the Internet browser would prevent Google from placing a cookie on the IT system of the affected person. In addition, cookies that have already been set by Google Analytics can be deleted at any time via the Internet browser or a different software program.

Moreover, the affected person has the opportunity to object to Google fading in potentially relevant advertisements. This requires the affected person to retrieve each of the Internet browsers it has used from www.google.de/settings/ads and make the setting there.

Further information and the applicable data protection provisions of Google can be retrieved from https://www.google.de/intl/de/policies/privacy/.

Data protection provisions for the deployment and use of Google AdWords

The party responsible for processing has integrated Google AdWords into this website. Google AdWords is a service for Internet advertising that permits advertisers to place advertisements in the Google search engine results and also in the Google content network. Google AdWords allows an advertiser to define in advance certain keywords, via which an advertisement will be displayed in the Google search engine results only if the user enters a search result relevant to the keyword into the search engine. Within the Google content network, the advertisements are distributed via an automatic algorithm and by observing the previously defined keywords on relevant websites.

The operating company of the Google AdWords services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is to advertise our website by fading in potentially relevant advertisements on the websites of third-party companies and in the Google search engine results and by fading in third-party advertising on our website.

If an affected person arrives on our website through a Goggle advertisement, Google places a so-called conversion cookie on the IT system of the affected person. The meaning of cookies is explained above. A conversion cookie is rendered invalid after thirty days and is not designed to identify the affected person. The conversion cookie, unless expired, is used to establish whether certain web pages, the shopping cart in our online shop for example, has been selected from our website. The conversion cookie tells both us and Google whether the affected person, who arrived on our website via an AdWords advertisement, generated revenue, i.e. completed or failed to complete a purchase.

Google uses the data and information collected through the use of the conversion cookies to create visit statistics for our website. We then use these visit statistics to determine the total number of users referred to us via AdWords advertisements, i.e. the success or failure of the respect AdWords advertisement, and to optimize our AdWords advertisements for the future. Neither our company nor other advertising customers of Google AdWords receive information from Google, via which the affected person could be identified.

Conversion cookies are used to store personal information, such as the websites visited by the affected person. Whenever our website is visited, these personal data, including the IP address of the Internet connection used by the affected person, are transmitted to Google in the USA. These personal data are stored by Google in the USA. Google can potentially transmit these personal data, which are collected by means of technical processes, to third parties.

The affected person can prevent cookies being stored by our website, as described above, at any time via a setting in the Internet browser used. In this case, cookies will never be stored. Making such a setting in the Internet browser would prevent Google from placing a conversion cookie on the IT system of the affected person. In addition, cookies that have already been set by AdWords can be deleted at any time via the Internet browser or a different software program.

Moreover, the affected person has the opportunity to object to Google fading in potentially relevant advertisements. This requires the affected person to retrieve each of the Internet browsers it has used from www.google.de/settings/ads and make the setting there.

Further information and the applicable data protection provisions of Google can be retrieved from https://www.google.de/intl/de/policies/privacy/.

Data protection provisions for the deployment and use of YouTube

The party responsible for processing has integrated YouTube components into this website. YouTube is an Internet video portal that allows video publishers to create, free-of-charge, video clips and other users to view, rate and comment on such videos, also free-of-charge. YouTube permits the publication of all kinds of videos. Therefore, entire film and TV programs, as well as music videos, trailers or videos created by users themselves, can be retrieved via the Internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Whenever any of the pages of this website, which is operated by the party responsible for processing and into which a YouTube component (YouTube video) has been integrated, the Internet browser on the IT system of the affected person is automatically prompted by the respective YouTube component concerned to download a depiction of the corresponding YouTube component from YouTube. Further information about YouTube can be retrieved from https://www.youtube.com/yt/about/de/. During the course of this technical process, YouTube and Google obtain knowledge about which specific page of our website has been visited by the affected person.

Insofar as the affected person is logged into YouTube at the same time, YouTube recognizes which specific page of our website has been visited by the affected person when the page containing a YouTube video is launched. This information is gathered by YouTube and Google and assigned to the respective YouTube account of the affected person.

YouTube and Google are always informed, via the YouTube component, that the affected person has visited our website if the affected person is logged into YouTube when our website is launched; this occurs regardless of whether the affected person has clicked on a YouTube video or not. If the affected person does not wish such information to be transmitted to YouTube and Google, they can prevent this by logging out of their YouTube account before launching our website.

The data provisions published by YouTube, which can be retrieved from https://www.google.de/intl/de/policies/privacy/, provide information on the collection, processing and use of personal data by YouTube and Google.

Payment method: Data protection provisions on PayPal as a method of payment

The party responsible for processing has integrated PayPal components into this website. PayPal is an online service provider for payments. Payments are processed via so-called PayPal accounts, which constitute virtual personal or business accounts. PayPal also offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed through an email address, and therefore no conventional account number exists. PayPal allows online payments to be made to third parties, and also payments to be received. In addition, PayPal performs custodian functions and offers purchaser protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxemburg.

If the affected person selects "PayPal" as a payment method during the order process in our online shop, the data of the affected person is automatically transmitted to PayPal. By selecting this payment option, the affected person is consenting to the transmission of the personal data required to process the payment.

The personal data transmitted to PayPal usually comprises first name, last name, address, email address, IP address, telephone number, mobile telephone number or other data required to process the payment. Personal data concerning the respective order are considered necessary to conclude the purchase contract.

Data are transferred in order to process the payment and prevent fraud. The party responsible for processing will transmit personal data to PayPal, particularly if there is a legitimate interest in such transmission. PayPal may potentially transmit the personal data exchanged between PayPal and the party responsible for processing to credit rating agencies. Such transmission allows identify and credit check to be carried out.

PayPal may pass the personal data to associated companies and service providers or subcontractors, insofar as this is required to fulfil contractual obligations or the data are to be processed on behalf of a third party.

The affected person has the opportunity to revoke, at any time, the consent given to PayPal to use their personal data at any time. A revocation does not affect personal data that has to be processed, used or transmitted for (contractual) payment processing.

The applicable data protection provisions of PayPal can be retrieved from https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

11 Notice of the rights of the data subjects regarding camera monitoring by Ingentis Softwareentwicklung GmbH

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, the right to access the personal data and the information listed in section 15 GDPR.

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her and the right to ask for incomplete personal data to be completed(section 16 GDPR).

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the grounds listed in section 17 GDPR applies, e.g. if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (right to erasure).

The data subject shall have the right to obtain from the controller restriction of processing where one of the grounds listed in section 18 GDPR is met, e.g. when the data subject has objected to the processing, for the period of verification by the controller.

The data subject is, for reasons ensuing from his/her particular situation, entitled to object to the processing of his/her personal data at any time. In this case, the controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims (section 21 GDPR).

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, if the data subject considers that the processing of personal data relating to him or her infringes GPDR (section 77 GPDR). The data subject can practice this right in the Member State of his or her habitual residence, place of work, or place of the alleged infringement.

12 Competent data protection supervisory authority

Bavarian State Office for Data Protection Supervision

Promenade 27 (Schloss)
D-91522 Ansbach
Germany

Phone: +49 (0) 981 53 1300

Fax: +49 (0) 981 53 98 1300
email: poststelle@lda.bayern.de

13 Amendments to the data protection provisions

We reserve the right to amend our security and data protection provisions, insofar as this is required to keep pace with technical developments. In such cases, we will adapt the information we provide about data protection accordingly. Please always observe the latest version of our Privacy Statement.

(04/2018)

Imprint | Privacy Policy