Privacy Policy | SITS

1.      Data protection at a glance

 

General notes

The following information provides a simple overview of what happens to your personal data when you visit this website or our fan pages (LinkedIn, Xing). Personal data is any data with which you can be personally identified. For detailed information on the subject of data protection, please refer to our Privacy Policy below.

 

Data collection on this website

 

Who is responsible for the data collection on this website?

Data processing on this website is carried out by the website operator. You can find his contact details in the imprint of this website.

 

How do we collect your data?

You can generally use our website without disclosing your identity. If you wish to register for one of our personalised services, sign up for our newsletter or contact us, we will ask you for your name and other personal information. It is your free decision whether you enter this (extended) data. Data that we absolutely need from you to provide our services are marked as such.

Other data is automatically collected by our IT systems when you visit the website. This is mainly technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.

 

What do we use your data for?

Part of the data is collected to ensure error-free provision of the website. Other data may be used to analyse your user behaviour.

 

What rights do you have regarding your data?

You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. You can contact us at any time at the address given in the imprint with regard to this and other questions on the subject of data protection. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

You also have the right to request the restriction of the processing of your personal data under certain circumstances. For details, please refer to the Privacy Policy under “Right to restriction of processing”.

 

2.      Hosting

 

External hosting

This website is hosted by an external service provider (hoster). Personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated via a website.

Our hoster will only process your data insofar as this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data. We have concluded a Data Processing Agreement with the hoster in accordance with Art. 28 GDPR.

 

3.      General notes and mandatory information

 

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this Privacy Policy.

When you use this website, various personal data are collected. Personal data is data that can be used to identify you personally. This Privacy Policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

 

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

 

Information on the controller pursuant to Art. 4 No. 7 GDPR

Swiss IT Security Group AG

Etzelmatt 1, CH-5430 Wettingen
jointly responsible with its subsidiaries.

E-Mail: info@sits.ch oder info@sits-d.de

Tel.: +49 611 945881-0

Tel.: +41 (0) 848 088 088

 

Data Protection Officer

Dr. Bettina Kraft, DPO@SITS-GROUP.CH

 

Revocation of your consent to data processing

Some data processing operations are only possible with your express consent, which is voluntary. You can revoke your consent at any time. All you need to do is send us an informal e-mail. The lawfulness of the data processing carried out until the revocation remains unaffected by the revocation.

 

Right to object to the collection of data in specific cases and to direct marketing (Art. 21 GDPR)

If the data processing is based on Art. 6 (1) lit. f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this Privacy Policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection pursuant to Art. 21 (1) GDPR).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct advertising (objection pursuant to Art. 21 (2) GDPR).

 

Right to lodge a complaint with the competent supervisory authority

In the event of breaches of the GDPR, data subjects shall have a right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

 

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

 

Information, deletion and correction

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, a right to correction or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the imprint.

 

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
  • If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.
  • If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balancing of your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.
  • If you have restricted the processing of your personal data, such data may – apart from being stored – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

 

Access

Access to your personal data stored by us is restricted to our employees and the service providers commissioned by us, who have to handle this personal data due to their tasks.

If third parties gain access to your data, we have obtained permission from you or there is a legal basis for this.

We also use service providers to provide services and process your data (including for hosting, sending newsletters, delivering ordered goods, processing payments, sending letters or e-mails as well as maintaining and analysing databases, securing our web servers or for website tracking). The service providers process the data exclusively on our instructions and have been obliged to comply with the applicable data protection regulations. All processors have been carefully selected and are only given access to your data to the extent and for the period required to provide the services or to the extent that you have consented to the processing and use of the data.

 

Data exchange within the group of companies

Data exchange within the group of companies to which we belong takes place exclusively within the EU/EEA and Switzerland as a country with an adequate level of protection pursuant to Art. 45 (1) GDPR and serves only internal administrative purposes. By group of companies, we mean affiliated companies within the meaning of Art. 4 No. 19 GDPR.

 

4.      Data collection on this website

 

Cookies

We use so-called cookies in some areas of our website, e.g. to recognise visitors’ preferences and to be able to optimally design the website accordingly. This facilitates navigation and a high degree of user-friendliness of a website. Cookies also help us to identify particularly popular areas of our website. Cookies are small files that are stored on a visitor’s hard drive. They allow information to be retained for a certain period of time and identify the visitor’s computer. We use permanent cookies for better user guidance and individual performance presentation.

Furthermore, we use so-called session cookies, which are automatically deleted when you close your browser. You can set your browser to inform you about the placement of cookies. This makes the use of cookies transparent for you. This is done in order to check the authorisation of actions and the authentication of the requesting user of our services. The legal bases are Art. 6 (1) lit. c in conjunction with. Art. 32 and Art. 6 (1) lit. f GDPR. Our legitimate interest is to secure our web server, for example to defend against attacks, and to ensure the functionality of our services.

We only set cookies that are not technically necessary with your express consent. You can revoke your consent here at any time: Insert link to cookie banner.

If you completely exclude the use of cookies, you will not be able to use individual functions of our website – including the option of cookie-based opt-out from tracking. If necessary, please allow the opt-out cookies of the services for which you would like to prevent tracking.

Please also bear in mind that deleting all cookies will also delete opt-out cookies. You may therefore have to set them again. Cookies are also browser-bound, i.e. they must be set separately for each browser you use on each device you use. You will find the necessary links below in the description of the respective service.

The following cookies are used by us – provided you allow this and have not set one or more opt-out cookies – for the purpose described in more detail:

Name of the cookie Purpose Storage period Technically necessary
__hs_do_not_track This cookie can be set to prevent the tracking code from sending any information to HubSpot. 13 Months No
__hssc This is used to determine whether HubSpot should increment the session count and timestamp in the __hstc cookie. It contains the domain, the number of page views (viewCount, the increment of each page view in the session) and the timestamp of the session start. 30 Minutes No
__hssrc This cookie is also set when the HubSpot software changes the session cookie. This is used to determine whether the visitor has restarted the browser. If the cookie is not present when HubSpot manages the cookie, this is considered a new session. If present, it will contain the value “1”. It expires at the end of the session. Session No
__hstc The main cookie used to track visitors. It contains domain, user token (utk), first timestamp (for the first visit), last timestamp (for the last visit), current timestamp (for this visit) and number of sessions (for each subsequent visit) increment)). 13 Months No
ubspotutk This cookie is used to track the identity of the visitor. This is passed to HubSpot when the form is submitted and is used to deduplicate contacts. 13 Months No
__cduid This cookie is set by Cloudflare, HubSpot’s CDN provider. This helps Cloudflare identify malicious visitors to your website and reduce blocking of legitimate users. It can be placed on a visitor’s device to identify individual clients behind a public IP address and apply security settings to each client. This is required to support Cloudflare’s security features. 30 Days No
__hs_opt_out Opt-in privacy policy

Use this cookie to remember not to ask visitors to accept cookies again.

13 Months No
__hs_initial_opt_in This cookie prevents the banner from always being displayed when visitors are browsing in strict mode. 7 Days No
hs_ab_test This cookie is used to always show visitors the same version of an A/B test page that they have seen before. Session No
hs-messages-is-open This cookie is used to determine whether the chat widget is open along with future visits. 30 Minutes No
__hsmem This cookie is set when a visitor logs into a website hosted by HubSpot. 1 Year No
hs-membership-csrf This cookie is used to ensure that content member logins cannot be tampered with. Session No
hs_langswitcher_choice This cookie is used to store the language selected by the visitor when pages are accessed in multiple languages. 2 Years No
messagesUtk This cookie is used to identify visitors who chat with you via the Chatflows tool. If a visitor leaves your website before being added as a contact, this cookie is linked to their browser. 13 Months No
IDE
cookiesession1

 

 

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address
  • This data is not merged with other data sources.

The collection of this data is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – for this purpose, the server log files must be collected.

 

Contact form/Appointments

If you send us enquiries via the contact form or make an appointment with us via a form (e.g. at a trade fair), your details from the form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions.

The processing of the data entered in the form is carried out in accordance with Art. 6 (1) lit. f GDPR. The processing of data voluntarily entered by you in the form is based on your consent in accordance with Art. 6 (1) lit. a GDPR.

The data you enter in the form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your enquiry). Mandatory legal provisions – in particular retention periods – remain unaffected.

We use the order processor HubSpot Germany GmbH to provide contact forms and to arrange appointments.

 

Download of documents

We offer you the possibility to have the information provided in the download section sent to you by e-mail. For this purpose, we collect your e-mail address as well as your surname, first name and which document you would like to receive. We will then send you the document by e-mail, Art. 6 (1) 1 lit. b GDPR. The data is stored for as long as its processing is necessary for these purposes or until the expiry of any subsequent retention periods.

We reserve the right to contact you in accordance with Art. 6 (1) 1 lit. f GDPR, § 7 (3) Act against Unfair Competition (UWG) via the e-mail address provided and with a personal address (if name details are available) in order to offer you advice or further information on the products and services contained in the document. You have the option at any time to object to direct advertising in accordance with Art. 21 (2) GDPR with effect for the future at info@sits-d.de .

 

Request by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 (1) lit. a GDPR) and/or on our legitimate interests (Art. 6 (1) lit. f GDPR), as we have a legitimate interest in effectively processing the enquiries addressed to us.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

 

Online application procedure

This part of the Privacy Policy applies to applicants to job advertisements of SITS Group companies. This only applies insofar as these applicants submit personal data to us as part of the application process, e.g. application in paper form, e-mail, contact forms with attachments or through the Greenhouse applicant portal. Application documents submitted on paper are scanned and stored in Greenhouse; the paper documents are then either returned or disposed of via a shredder or a certified service provider in compliance with data protection law. Application documents sent by e-mail are stored in Greenhouse, the e-mails are then deleted.

We only process your personal data to process your application and/or within the framework of the talent pool. The processing of your application also includes, if necessary, the use of your data to contact you by e-mail and/or post and/or telephone. The recruiting managers as well as the respective HR managers and interviewers have access to your documents. Another form of processing is carried out anonymously for the purpose of measuring the success of job placements and the technical application channels used as well as with regard to the skills of applicants submitted.

Insofar as you have given your consent to the processing of your personal data, Art. 6 (1) lit. a GDPR serves as the legal basis. This is particularly the case in the context of the talent pool. When processing your personal data that is necessary for the performance of a contract to which you are a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures in the context of recruiting.

The data is processed with the help of systems of Greenhouse Software Inc., a company based in the USA. The SITS Group has concluded a contract with Greenhouse on the basis of the EU Standard Contractual Clauses in accordance with Art. 46 GDPR and has implemented sufficient technical and organisational measures to adequately protect your data. The data is stored exclusively on European servers. The transmission of the data entered by you as well as the file attachments sent along is carried out via a transport-secured connection. If you would like more detailed information about the use of Greenhouse as a US service provider, please contact us: datenschutz@it-sec.de.

The deletion of the applicant’s stored personal data takes place automatically at the earliest after 4 weeks, but at the latest after 5 years, from the time the applicant was informed that the position will not be filled by him/her and no further legal requirements conflict with this. The time limit results from the legal requirements of the respective countries for the equal treatment of applicants.

If you have given your consent to be included in the talent pool, your data will be stored in our system for up to 1 year in order to be considered in advance for future job advertisements. We use the data you provide to contact you by e-mail and/or post and/or telephone.

When sending application documents outside our application portal, by post, by e-mail or via a recruitment agency, you will receive a summary of this Privacy Policy together with an acknowledgement of receipt of your letter or, at the latest, in the event of a rejection on our part. We then enter the applicant data in our Greenhouse applicant portal unless you expressly object to this procedure in your e-mail.

 

5.      Analysis tools and advertising

 

Matomo (formerly Piwik)

We use the website analysis software Matomo to optimise and statistically evaluate visitor access to our website.

This website uses Matomo exclusively without the use of cookies, which means that Matomo does not set cookies on your end device at any time. Personal usage data is therefore only processed anonymously. The processing of the data obtained in this way takes place exclusively on our own servers in Germany. The data is not accessed by third parties.

Alternatively, you can also object to the storage and analysis of the data collected by Matomo at any time HERE. In this case, a so-called opt-out cookie ensures that Matomo does not collect any session data.

In addition, as part of our website analysis, we naturally respect your ‘Do not Track’ preference as you have set it in your browser.

Further information on data protection can be found in the data protection declaration at: matomo.org/privacy-policy/.

Data processing is based on your consent pursuant to Section 25 (1) TTDSG, Art. 6 (1) lit. a GDPR, provided you have given your consent via our banner. You can revoke your consent at any time. Please make the appropriate settings via our banner.The storage period of the data in Matomo is set at 6 months. The cookies set by Matomo are valid for up to 6 months.

 

HubSpot

We use the service provider HubSpot for tracking on the website for marketing purposes.

The data is stored for as long as is necessary to fulfil the purpose and then deleted immediately.

As part of website tracking, we use cookies to track which of our pages are visited and of interest to you. The following data is processed in the process:

  • Device identifier
  • Internet service provider
  • IP address
  • Device operating system
  • Referrer URL
  • Browser type
  • Geographical location
  • Pages viewed
  • Domain name
  • Operating system version
  • Mobile application information
  • Clickstream data
  • Files viewed
  • Aggregated usage
  • Device model
  • Frequency of use of the mobile application
  • Duration of page visit
  • Performance data
  • Time of access or retrieval
  • Where the application was downloaded from
  • Events occurring within the application
  • Navigation information
  • Subscription service credentials
  • Web beacons

We only use website tracking with your consent in accordance with Art. 6 (1) 1 lit. a GDPR.

Recipient of the data: HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin, Germany.

For more information on data protection at HubSpot, please see their privacy policy: https://legal.hubspot.com/de/privacy-policy

 

Google Remarketing

Our website uses Google Remarketing. This is a process with which we would like to address you again. Through this application, you can be shown our advertisements when you continue to use the internet after visiting our website. This is done by means of cookies stored in your browser, which Google uses to record and evaluate your usage behaviour when you visit various websites. In this way, Google can determine your previous visit to our website. According to its own statements, Google does not combine the data collected in the course of remarketing with your personal data, which may be stored by Google. In particular, according to Google, pseudonymisation is used in remarketing.

We only use Google Remarketing with your consent pursuant to Art. 6 (1) 1 lit. a GDPR.

Recipients of the data: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland

 

6.      Plugins and tools

 

Social Media Buttons

Our website uses social media buttons (LinkedIn) to allow you to interact with third parties.

These social media buttons are not integrated as plugins via a so-called iFrame, but are stored as links. By clicking on the social media buttons, you will be forwarded directly to the page of the corresponding provider. The respective provider is then responsible for compliance with the data protection provisions and for the accuracy, timeliness and completeness of the information provided there on data processing within the meaning of Art. 4 No. 7 GDPR.

 

7.      Newsletter

At your request, we will send you our monthly newsletter on selected topics and information about our group of companies. Please note that we can only send you the newsletter if you have either expressly confirmed your wish to receive it again as part of our double opt-in procedure or if your e-mail address has already been verified on the basis of existing contact with us.

We therefore require your e-mail address for registration. You can tell us your name, but you do not have to. If you provide us with your name, we will use it to address you personally. You will then receive an e-mail to the e-mail address you have provided asking you to click on a link provided in order to confirm your subscription to the newsletter. Your e-mail address will only be activated for sending the newsletter once you have confirmed (double opt-in procedure). If you have registered for the newsletter, you have given the following declaration of consent:

“Yes, I would like to receive monthly information from the SITS Group about news, cyber incidents and interesting offers relating to IT security at the e-mail address I have provided above. The newsletter contains tracking pixels to evaluate the success of the campaigns. I have taken note that I can revoke this consent to the use of my data for e-mail advertising at any time, e.g. by clicking on the unsubscribe link at the end of each newsletter or by writing to MARKETING@SITS-GROUP.CH

The personal data collected as part of the newsletter registration will be used exclusively for sending and personalizing the newsletter. You can revoke your consent to the storage of personal data that you have given us for sending the newsletter at any time with effect for the future. For the purpose of revoking your consent, each newsletter contains a corresponding link; alternatively, you can also contact us directly (MARKETING@SITS-GROUP.CH) so that we can implement your revocation.

Our newsletter contains tracking pixels. A tracking pixel is an invisible graphic in HTML emails with the purpose of enabling a log file recording and a recording of the links activated from the newsletter with subsequent analysis when the email is opened. This enables us to evaluate the success of our newsletter campaigns by means of statistical evaluations and to optimize our newsletter, for example to present you with topics and offers that better match your interests.

The personal data collected in this way is processed by our service provider named below, including in the USA. If you do not agree to this, you can unsubscribe from the newsletter at any time via the link in each newsletter or by sending a message with “Unsubscribe newsletter” to MARKETING@SITS-GROUP.CH.

Empfänger der Daten: HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin und deren Unterauftragnehmer.

The legal basis for the transfer is an order processing contract as well as the EU standard contractual clauses pursuant to Art. 46 (2) lit. c GDPR and the additional measures implemented to protect the data.

 

8.      Fanpages

 

General information

We would like to point out that our fanpages in the social networks are merely another of various options for contacting us or receiving information from us. Alternatively, the information offered via our fanpages can also be accessed on our website, for example.

Supplementary information on the individual social networks can be found in the following paragraphs.

Categories of data subjects: Visitors to our fanpage who are registered on the social network as well as those who are not registered.

We point out to the data subjects that they use the respective social network and its functions on their own responsibility. This applies in particular to the use of the interactive functions (e.g. sharing, rating).

Categories of personal data: Data that we process from registered visitors to our fanpage:

User ID or user name under which you are registered, released profile data (e.g. name, profession, addresses, contact details, possibly also special categories of personal data such as religious affiliation, health data, etc.), data that arise when sharing content, exchanging messages and communicating, data that are required in the context of initiating or performing a contract at the request of registered visitors.); otherwise, we only process pseudonymised data such as statistics and insights into how people interact with our fanpage, the posts, pages, videos and other content provided (page activities, page views, “likes”, reach, general demographic, location and interest-related information on age, gender, country, city, language), evaluations of the success and background of our advertisements.

The pseudonymised data cannot be merged by us with the corresponding assignment feature (e.g. name details). This means that it is not possible for us to identify individual visitors, who therefore remain anonymous for us.

Data we process from non-registered visitors to our fanpage:

Pseudonymised data such as statistics and insights into how people interact with our fan page, the posts, pages, videos and other content provided via it (page activity, page views, “like” votes, reach, general demographic, location and interest-related information on age, gender, country, city, language), evaluations of the success and background of our advertisements.

The pseudonymised data cannot be merged by us with the corresponding assignment feature (e.g. name details). This means that it is not possible for us to identify individual visitors, who therefore remain anonymous for us.

Origin of the data We receive the data from the data subjects directly or from the platform operator.
Legal basis of the data processing We process the data on the following legal basis:

–        Art. 6 (1) 1 lit. a GDPR: Consent of the data subjects

–        Art. 6 (1) 1 lit. b GDPR: Performance of a contract with the data subject or implementation of pre-contractual measures at the request of the data subject.

–        Art. 6 (1) 1 lit. f GDPR: Legitimate interest

o    Simplification of communication and data exchange, in that the existing communication channels, such as website, press releases, print products and events, are usefully supplemented by the fanpage.

o    Promoting sales of our products and services or demand, as well as recruiting young talents through transparent conduct and regular contributions.

o    Optimisation of our fanpage

We process special categories of personal data, if at all, only on the following legal basis:

­    Art. 9 (2) lit. a GDPR: Consent of the data subject

­    Art. 9 (2) lit. e GDPR: The data subject has manifestly made the personal data public

Purposes of data processing The data will be processed for the following purposes:

–        External presentation and advertising

–        Communication and data exchange

–        Event Management

–        Contract initiation and execution

Categories of recipients, transfer to third countries Only our employees and service providers who manage our fanpage and require the data for the above-mentioned purposes have access to the data we process. If the data subjects post their data publicly on our fanpage, it can be accessed by other registered and possibly also non-registered visitors. Also from third countries.
Rights of the data subjects Data subjects have various rights with regard to the processing of their data, which they can assert directly against the platform operator on the basis of the agreement within the meaning of Art. 26 (1) GDPR. More detailed information on the rights of the data subjects can be found in this Privacy Policy under point 3.

 

In addition, data subjects generally have the right not to be subject to automated individual decision-making pursuant to Art. 22 (1) GDPR. Insofar as such an automated individual decision is permissible pursuant to Art. 22 (2) lit. a to c GDPR, data subjects are granted the following rights pursuant to Art. 22 (3) GDPR: the right to express one’s point of view, the right to object to a person’s intervention on the part of the controller, the right to challenge the automated individual decision (right contest the decision).

 

Further information on social networks and how data subjects can protect their data can also be found here: https://www.youngdata.de/.

LinkedIn

Social network: LinkedIn: https://de.linkedin.com/
Controller with whom our LinkedIn account (‘Fanpage’) is jointly operated (‘Platform Operator’): LinkedIn Ireland Unlimited Company

Wilton Place

Dublin 2

Ireland

In an agreement pursuant to Art. 26 (1) GDPR, it was determined between the joint controllers who fulfils which obligation pursuant to the GDPR The agreement within the meaning of Art. 26 (1) GDPR can be found at the following link: https://legal.linkedin.com/pages-joint-controller-addendum

The platform operator makes the essential contents of this agreement available to the data subjects. We have no influence on whether or how the platform operator actually uses data (purpose, storage, deletion, disclosure, transmission, profiling). We also have no effective control options in this respect.

Contact details for data protection: You can contact the platform operator’s data protection officer using the following web form https://www.linkedin.com/help/linkedin/ask/TSO-DPO?lang=en
Categories of personal data: Data that we process from registered visitors to our fanpage:

Shared profile data (ProFinder profile data, education, work experience, salary expectations, photo, location data, skills and knowledge confirmations, professional achievements (e.g. patent granting, professional recognition, projects)), other data and content freely published, provided, disseminated, posted or uploaded by the data subjects on LinkedIn or via their LinkedIn account.

Legal basis of the data processing The legal bases on which the platform operator bases the data processing can be found here: https://www.linkedin.com/legal/privacy-policy
Data transfers to third countries

 

The platform operator will transfer the data to the United States, Ireland and any other country in which the platform operator does business and store and otherwise process the data there, regardless of the residence of the data subjects.

Associated data transfers to third countries are secured by an adequacy decision of the EU Commission pursuant to Art. 45 GDPR or by appropriate safeguards pursuant to Art. 46 GDPR: https://www.linkedin.com/help/linkedin/answer/62533?lang=en

Further information Further information, in particular on the categories of personal data, the origin of the data, the storage period, the purposes of the data processing and the categories of recipients, can be found in the following links:

https://www.linkedin.com/legal/privacy-policy

https://www.linkedin.com/help/linkedin/answer/a517610?lang=en

 

è  Information on the available personalisation and data protection setting options can be found here (with further references): https://privacy.linkedin.com/de-de/faq

Supervisory authority responsible for the platform operator (Art. 77 GDPR) Data Protection Commission

21 Fitzwilliam Square, Dublin 2
D02 RD28, Ireland

Web address: https://www.dataprotection.ie/da/contact/how-contact-us

Instagram

Social network: Instagram: https://www.instagram.com/
Controller with whom our LinkedIn account (‘Fanpage’) is jointly operated (‘Platform Operator’): Meta Platforms Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland
In an agreement pursuant to Art. 26 (1) GDPR, it was determined between the joint controllers who fulfils which obligation pursuant to the GDPR Die Vereinbarung i.S.v. Art. 26 Abs. 1 DSGVO ist zu finden unter folgendem Link:

https://www.facebook.com/legal/terms/page_controller_addendum

Der Plattformbetreiber stellt die wesentlichen Inhalte dieser Vereinbarung den betroffenen Personen zur Verfügung. Wir haben keinen Einfluss darauf, ob oder wie der Plattformbetreiber Daten tatsächlich nutzt (Zweck, Speicherung, Löschung, Offenlegung, Übermittlung, Profiling). Auch haben wir insoweit keine effektiven Kontrollmöglichkeiten.

Contact details for data protection: Der Datenschutzbeauftragte des Plattformbetreibers kann unter folgendem Webformular kontaktiert werden: https://www.facebook.com/help/contact/540977946302970
Legal basis of the data processing Die Rechtsgrundlagen, auf die der Plattformbetreiber die Datenverarbeitung stützt, können folgenden Links entnommen werden:

https://www.facebook.com/about/privacy/legal_bases

https://help.instagram.com/519522125107875

Data transfers to third countries

 

Der Plattformbetreiber wird die Daten unabhängig vom Wohnsitz der betroffenen Personen in die Vereinigten Staaten, Irland und jedes andere Land, in dem Facebook geschäftlich tätig wird, übertragen und dort speichern und in sonstiger Weise verarbeiten.

Damit verbundene Datenübermittlungen in Drittstaaten sind abgesichert durch einen Angemessenheitsbeschluss der EU-Kommission gemäß Art. 45 DSGVO oder durch geeignete Garantien gemäß Art. 46 DSGVO:

https://www.facebook.com/privacy/explanation

https://help.instagram.com/519522125107875

Further information Weitere Informationen, insbesondere zu den Kategorien personenbezogener Daten, der Herkunft der Daten, der Speicherdauer, den Zwecken der Datenverarbeitung und den Kategorien der Empfänger, können folgenden Links entnommen werden:

https://www.facebook.com/privacy/explanation

https://www.facebook.com/policies/cookies/

https://help.instagram.com/519522125107875

Supervisory authority responsible for the platform operator (Art. 77 GDPR) Data Protection Commission

21 Fitzwilliam Square, Dublin 2
D02 RD28, Ireland

Webadresse: https://www.dataprotection.ie/da/contact/how-contact-us

Xing

Social network: Xing: https://www.xing.com
Controller with whom our Xing account (‘Fanpage’) is jointly operated (‘Platform Operator’): New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
In an agreement pursuant to Art. 26 (1) GDPR, it was determined between the joint controllers who fulfils which obligation pursuant to the GDPR We have no influence on whether or how the platform operator actually uses data (purpose, storage, deletion, disclosure, transmission, profiling). We also have no effective control options in this respect.
Contact details for data protection: The platform operator’s data protection officer can be contacted at the following web form https://www.xing.com/support/contact or at the following address:

New Work SE

Am Strandkai 1

20457 Hamburg

Germany Tel.: +49 40 419 131-0

Fax: +49 40 419 131-11

E-mail: datenschutzbeauftragter@xing.com

Categories of personal data: Data that we process from registered visitors to our fanpage:

Released profile data (ProFinder profile data, education, work experience, salary expectations, photo, location data, skills and knowledge confirmations, professional achievements (e.g. patent grant, professional recognition, projects)),

other data and content freely published, provided, disseminated, posted or uploaded by data subjects on Xing or through their Xing account.

Legal basis of the data processing The legal bases on which the platform operator bases the data processing can be found here: https://privacy.xing.com/da/privacy-policy
Further information Further information, in particular on the categories of personal data, the origin of the data, the storage period, the purposes of the data processing and the categories of recipients, can be found at the following link: https://privacy.xing.com/da/privacy-policy
Supervisory authority responsible for the platform operator (Art. 77 DSGVO) Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit

Ludwig-Erhard-Str 22, 7. OG

20459 Hamburg

Tel.: 040 / 428 54 – 4040

Fax: 040 / 428 54 – 4000

E-mail: mailbox@datenschutz.hamburg.de

 

 

9.      Swiss IT Security Deutschland as processor

For most of the operational services provided by Swiss IT Security Deutschland, Swiss IT Security Deutschland acts as a processor within the meaning of Art. 28 GDPR.

The legislator requires the conclusion of a Data Processing Agreement between the controller and the processor. Furthermore, technical and organisational measures have to be agreed upon to protect the data.