Information according to Art. 13 and 14 DSGVO
Processing your data in accordance with data protection regulations is a top priority for us. Therefore, we would like to inform you about some basic aspects of the processing of your data.
Data processor
Responsible entity
itap GmbH, Marie-Curie-Straße 8, 26129 Oldenburg, Telefon: 0441 57061-0, Fax: 0441 57061-10, E-Mail: info_at_itap.de
Data Protection Officer
Prof. Ulf Glende, GLENDE.CONSULTING GmbH & Co. KG, Friedrich-Barnewitz-Str. 7, 18119 Rostock, info_at_glende-consulting.de
Data processing when visiting our website
General
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. When you use this website, various personal data are collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done. We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.
Purposes of the processing and legal bases of the processing
Some of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior. If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO, if special categories of data are processed according to Art. 9 para. 1 DSGVO. In the case of explicit consent to the transfer of personal data to third countries, the data processing is also based on Art. 49 (1) a DSGVO. If you have consented to the storage of cookies or to the access to information in your terminal device (e.g. via device fingerprinting), the data processing is additionally carried out on the basis of Section 25 (1) TDDDG. The consent can be revoked at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b DSGVO. Furthermore, if your data is required for the fulfillment of a legal obligation, we process it on the basis of Art. 6 para. 1 lit. c DSGVO. Furthermore, the data processing may be carried out on the basis of our legitimate interest according to Art. 6 para. 1 lit. f DSGVO. Information about the relevant legal basis in each individual case is provided in the following paragraphs of this privacy policy.
Duration for which the personal data are stored
Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.
Data source
On the one hand, your data is collected by you providing it to us. This can be, for example, data that you enter in a contact form. Other data is collected automatically or after your consent when you visit the website by our IT systems. This is mainly technical data (e.g. Internet browser, operating system or time of page view). The collection of this data takes place automatically as soon as you enter this website.
Obligation to provide personal data
The provision of your data is voluntary.
Recipients and transfer of personal data to a third country
Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
Hosting
We host the content of our website with the following provider: Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp (hereinafter Mittwald). For details, please refer to Mittwald's privacy policy: https://www.mittwald.de/datenschutz. The use of Mittwald is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in ensuring that our website is presented as reliably as possible. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TDDDG. The consent can be revoked at any time.
Cookies
Our Internet pages use so-called "cookies". Cookies are small data packets and do not cause any damage to your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser. In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services). Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertising. Cookies that are necessary to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 (1) lit. f DSGVO, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG); the consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.
Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you separately about this within the framework of this data protection declaration and, if necessary, request your consent.
Consent with Consent Manager
Our website uses Consent Manager technology to obtain your consent to the storage of certain cookies on your terminal device or to the use of certain technologies and to document this consent in accordance with data protection law. The Consent Manager is an add-on of the used content management system Redaxo, the provider of this technology is Friends of REDAXO, website: https://github.com/FriendsOfREDAXO (hereinafter "Consent Manager").
When you visit our website, your consents and other declarations regarding cookie use are obtained. Subsequently, Consent Manager stores a cookie in your browser in order to be able to assign the consents granted to you or their revocation. The data collected in this way is stored until you request us to delete it, delete the Consent Manager provider cookie yourself, or until the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected. Consent Manager is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c DSGVO.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- browser type and browser version
- Operating system used
- referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data is not merged with other data sources.
The collection of this data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - for this purpose, the server log files must be collected.
Google Maps
This site uses the map service Google Maps. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. If Google Maps is activated, Google may use Google Fonts for the purpose of uniform display of fonts. When calling up Google Maps, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/. More information on the handling of user data can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de.
Data processing in the context of business relations with us
Processing framework
Categories of personal data processed
We only process such data that are connected with the contract formation or pre-contractual measures. This can be identification and/or contact data concerning your person or persons in your company, as well as any other data that you provide us with in connection with the establishment of the contract.
Purposes and legal basis of the processing Insofar as personal data are required for the initiation or execution of a contractual relationship or in the context of the implementation of pre-contractual measures, processing is lawful under art. 6 para. 1 lit. b GDPR. If you give us your express consent to process personal data for specific purposes (e. g. transfer to third parties, evaluation for marketing purposes, advertising by e-mail), the lawfulness of this processing is based on your consent in accordance with art. 6 para. 1 lit. a GDPR. Consent that has been granted can be revoked at any time with effect for the future (see "Rights of data subjects"). Where necessary and legally permissible, we will process your data beyond the actual contractual purposes in order to fulfil legal obligations in accordance with art. 6 para. 1 lit. c GDPR. In addition, processing may also be carried out to protect the legitimate interests of us or third parties and to defend and assert legal claims in accordance with art. 6 para. 1 lit. f GDPR. If necessary, we will inform you separately, stating the legitimate interest.
Duration for which the personal data are stored
Where necessary, we process and store your personal data for the duration of our business relationship or for the fulfilment of contractual purposes. This also includes the initiation and execution of a contract. In addition, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code and the German Fiscal Code. The periods of retention or documentation prescribed there are two to ten years. Finally, the duration of storage also depends on the statutory limitation periods, which, for example, are laid down in sections 195 ff. GCC, for example, generally three years, but in certain cases up to thirty years.
Obligation to provide personal data
The provision of personal data for the purpose of deciding on the conclusion of a contract, the performance of a contract or the implementation of pre-contractual measures is voluntary. However, we can only make a decision within the framework of contractual measures if you provide such personal data as are necessary for the conclusion of the contract, the fulfilment of the contract or pre-contractual measures.
Transfer and international reference
Recipients of personal data
Within our company, we will only pass on your personal data to those departments and persons who require this data to fulfil contractual and legal obligations or to implement our legitimate interests. Otherwise, data will only be passed on to recipients outside the company if this is permitted or required by law, if the transfer is necessary for processing and thus for the fulfilment of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent or if we are authorized to provide information.
Transfer of personal data to a third country
In principle, we do not transfer any data to a third country.
Data processing in the context of your application or employment with us
Processing frame
Categories of personal data processed
Application
With your decision to apply for this position, you are also submitting information about your educational and professional background in addition to your personal data. When you send us your application documents by e-mail, they are automatically recorded. All documents sent (cover letter, resume, certificates and other evidence) as well as the information contained therein will be stored. If you still send us your application documents in person or by mail, we first digitize them and then also record them in our applicant management system.
Inadmissible contents
You are solely responsible for the content of the posted texts. Please make sure that you do not send us any file attachments containing viruses or worms. Personal data that you submit to us should generally not include the following:
- Information about diseases, possible pregnancy
- information about ethnic origin,
- political, religious or philosophical beliefs,
- trade union membership and sexual orientation,
- defamatory or degrading information,
- Information that is not specifically related to your application
The information you submit to us must be truthful, not violate any third party rights, public law or morality (" Inadmissible Content "). Please also note that you will indemnify us against any claims that we may have as a result of information containing Prohibited Content that you submit to us.
Employment
The required data includes, in particular, your master data (especially first and last name, name affixes, nationality), your contact data (especially private address, mobile and landline number, e-mail address), other data from the employment relationship, such as time recording data, vacation periods, periods of incapacity to work, skill data, social data, bank details, social security number, pension insurance number, salary data, tax identification number, special health data and, if applicable, criminal records) as well as log data that accrue when using the IT systems.
Sources of the data
Your personal data is mainly collected directly from you. However, due to legal requirements, your data may also be collected from other sources, such as the tax office for the purpose of querying tax-related information, the health insurance company for information on periods of incapacity for work or, if applicable, from other third parties, such as an employment agency or from publicly accessible sources (e.g. professional networks).
Purposes and legal bases of processing
Application
Your application data will be processed exclusively by the responsible person for the purpose of your application for an employment relationship. The legal basis for this is Article 88 (1) DSGVO in conjunction with Section 26 (1) and (8) sentence 2 BDSG. Furthermore, we may process personal data about you insofar as this is necessary for the defense of asserted legal claims against us arising from the application process. The legal basis for this is Art. 6 Para. 1 lit. f DSGVO; the legitimate interest here is, for example, the duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).
Employment
The primary purpose of data processing is the establishment, implementation and termination of the employment relationship. The relevant legal basis for this is Art. 88 para. 1 GDPR in conjunction with Section 26 para. 1 BDSG. In addition, collective agreements (group, general and company agreements as well as collective bargaining agreements) pursuant to Art.
Art. 88 para. 1 GDPR in conjunction with § 26 para. 4 BDSG as well as, if applicable, your separate consents pursuant to.
Art. 88 para. 1 GDPR in conjunction with § 26 para. 2 BDSG (e.g. in the case of video recordings) may be used as a data protection permission provision. We also process your data in order to be able to fulfill our legal obligations as an employer, in particular in the area of tax and social security law. This is done on the basis of Art. 6 para. 1 lit. c GDPR. Where necessary, we also process your data on the basis of Art. 6 para. 1 lit. f GDPR in order to protect legitimate interests of us or of third parties (e.g. authorities). This applies in particular to the investigation of criminal offences
(Section 26 para. 1 sentence 2 BDSG) or within the Group for purposes of Group management, internal communication and other administrative purposes. Insofar as special categories of personal data are processed pursuant to Art. 9 para. 1 GDPR, this serves the exercise of rights or the fulfillment of legal obligations arising from labor law, social security law and social protection within the framework of the employment relationship (e.g. disclosure of health data to the health insurance fund, recording of severe disability due to additional leave and determination of the severe disability levy). This is done on the basis of Art. 88 para. 1 GDPR in conjunction with Section 26 para. 3 BDSG. In addition, the processing of health data may be necessary for the assessment of your fitness for work pursuant to Art. 9 para. 4 GDPR in conjunction with Section 26 para. 3 sentence 1 BDSG (e.g. vis-à-vis our clients in the context of fitness requirements). In addition, the processing of special categories of personal data may be based on consent pursuant to Art. 88 para. 1 GDPR in conjunction with Section 26 para. 2 BDSG (e.g. occupational health management).
Duration for which the personal data are stored
Application
If there is no legal retention period, the data will be deleted as soon as storage is no longer necessary or the legitimate interest in storage no longer exists. If the employee is not hired, this is usually the case no later than six months after completion of the application process. The duration of storage then depends on the statutory retention obligations, e.g. from the German Fiscal Code (6 years) or the German Commercial Code (10 years). If you are not hired, but your application is still of interest to us, we will ask you whether we may retain your application for future job openings.
Employment
The storage period of the collected data is limited to the employment relationship. We delete your personal data as soon as they are no longer required for the above-mentioned purposes. After termination of the employment relationship, the data will be stored and then deleted in accordance with the statutory or official retention periods, which result, among other things, from the German Commercial Code and the German Fiscal Code. The storage periods thereafter amount to up to ten years. In addition, personal data may be stored for the statutory limitation period of three or up to 30 years if claims can be asserted against us.
Obligation to provide personal data
Application
The processing of your data is necessary for the processing of your application received by us. If you do not provide us with this data, we will not be able to consider your application. However, you are not obliged to give consent to data processing with regard to the application process for data that is not relevant or not required by law.
Employment
The disclosure of the above-mentioned data (see "Categories of personal data") by the employee is required by law and by virtue of ancillary obligations under the employment contract, as well as for the conclusion and performance of the aforementioned employment contract within the meaning of Art. 13 (2) lit. e GDPR. If these data were not provided, the proper performance of the employment relationship by the employer would not be possible.
Transfer and foreign reference
Recipients of personal data
Within our company, your personal data will be disclosed only to those persons who need it to fulfill our contractual and legal obligations, such as the HR department, the accounting department, the specialist department, the works council or the representative for the severely disabled. It goes without saying that we treat your data confidentially and do not pass it on to third parties. If necessary, we use service providers who are strictly bound by instructions, who support us e.g. in the areas of EDP or the archiving and destruction of documents and with whom separate contracts for order processing have been concluded. Outside the company, we transfer your data to other recipients to the extent necessary to fulfill our contractual and legal obligations. These are, in particular, the social insurance institutions, the health insurance fund, the pension insurance fund, professional pension institutions, service providers who take over the company medical and other occupational medical care for us, the employment agency, the employers' liability insurance association, the tax authorities, accident and liability insurers, courts, banks, competent bodies in order to be able to guarantee claims from the company pension scheme or capital-forming benefits, third-party debtors in the case of wage and salary garnishments or insolvency administrators in the case of private insolvency.
Transfer of personal data to a third country
In principle, we do not transfer any data to a third country. However, in the course of your contractual relationship with us, we may transfer some of your data to clients or business partners (see "Purposes and legal basis") in third countries.
Data subjects' rights
Withdrawal of given consent (Art. 7 DSGVO)
You may revoke any consent you have given at any time with effect for the future without affecting the lawfulness of the processing carried out to date.
Right to object to processing (Art. 21 GDPR)
You have the right to object to the processing of your personal data.
Further rights in relation to your data
You also have the right to information, correction, deletion and restriction of processing of your data.
Right of appeal
If you are of the opinion that we are violating German or European data protection law in processing your data, please contact us to clarify any questions. Of course, you also have the right to contact the competent supervisory authority:
Die Landesbeauftragte für den Datenschutz Niedersachsen, Barbara Thiel, Prinzenstraße 5, 30159 Hannover
Telefon: +49 (0511) 120 45 00, Telefax: +49 (0511) 120 45 99, E-Mail: poststelle_at_lfd.niedersachsen.de
If you wish to assert any of the aforementioned rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.