codafish ><> GmbH
CEO: Andreas Wroblewski, Timo Müller
Am Altenfeldsdeich 56
25371 Seestermühe
Germany
Phone: +1 888 926323
E-Mail: hello@codafish.net
Website: http://codafish.net/en
The following information applies to data processing on our website in general. If there are exceptions or additions to this information, these are described in detail in the respective sections.
We process personal data in accordance with the provisions of the GDPR, depending on the type and purpose of processing, as follows
| Authorization | Requirement of the GDPR |
| Consent | Art. 6 para. 1 lit. a |
| Fulfillment of a contract | Art. 6 para. 1 lit. b |
| Implementation of pre-contractual measures | Art. 6 para. 1 lit. b |
| Fulfillment of legal obligations | Art. 6 para. 1 lit. c |
| Protection of vital interests | Art. 6 para. 1 lit. d |
| Safeguarding our legitimate interest | Art. 6 para. 1 lit. f |
Our legitimate interest as defined in Article 6(1)(f) GDPR is based on the performance of our business activities to maintain our operational capability and to ensure the employment of our employees.
Once the purpose of storage no longer applies, the retention periods are generally at least six or ten years. Data is generally deleted immediately in accordance with our deletion concept, provided that this does not conflict with a retention obligation, necessity for contract fulfillment or a legitimate interest.
We only store your personal data for the period required to fulfill the specified purpose. Once the purpose no longer applies and any retention periods have expired, your data will be deleted immediately. If deletion is not possible, the data will be blocked instead.
Provided that one of the following conditions is met:
As soon as you visit our website, our web server collects some general data and technical information - as shown in the following table:
Data collected | Purpose of the survey |
|---|---|
| Browser types and versions used | Correct display of page content |
| Operating system used, visitor origin (referrer, e.g. Google), subpages clicked on | Optimization of our website content and advertising |
| Date and time of access to the website as well as the visitor\'s IP address and internet service provider | Ensuring the permanent functionality of our IT systems (for the operation of the website) and preventing misuse |
Other data and information for security purposes in the event of attacks | Provision of relevant information for law enforcement authorities in the event of a cyber attack |
The following information applies to data processing on our website in general. If there are exceptions or additions to this information, these are described in detail in the respective sections.
For the operation of this website, a so-called hosting service provider is used, on whose European servers the contents of the Internet presence are stored. The hosting partner collects certain meta data (including IP addresses of website visitors) in log files to ensure the security of the systems and for verification purposes; see also under "Collection of general data and information".
The hosting service provider was carefully selected; all necessary measures were also taken to ensure data processing that is permissible under data protection law (for example, the conclusion of an agreement on commissioned processing, AVV).
On this website we use cookies; these are small text files that are placed or stored on your computer via your internet browser (e.g. Google Chrome, Safari, Firefox, Edge). These cookies are used for various purposes: many cookies are technically necessary to provide you with certain website functions (e.g. shopping cart functions, saving your login information), other cookies are used to ensure the security of your data or the website and some cookies can be used to analyze your user behavior. The latter cookies may contain a so-called cookie ID - a unique identifier consisting of a string of characters that allows Internet pages and servers to be assigned to the storing browser.
Cookies that are necessary to carry out the transmission of a message via a public telecommunications network and cookies that are absolutely necessary to provide you with an expressly requested function are referred to as "technically necessary cookies" and may be set without your explicit consent (Section 25 (2) TTDSG). All other cookies are subject to consent (§ 25 para. 1 TTDSG); if applicable, regulated by our Consent Management Platform.
We use cookies partly only for the duration of your stay on the website, partly for a predefined period and partly permanently. You can delete all these cookies manually or automatically at any time via your web browser.
It is possible to use our offers (although possibly not to the full extent of their functions) without cookies. Most browsers are set to accept cookies automatically. However, you can deactivate the storage of cookies or set your browser to notify you as soon as cookies are sent.
| Purpose of the processing | Tool for increasing sales and marketing activities by identifying visitors to the website and supporting the website operator in communicating with website visitors. |
| Legal basis | Consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG) |
| Recipient, if applicable (in case of forwarding) | Zoho Corporation GmbH, c/o Mütze Korsch Rechtsanwaltsgesellschaft mbH, Trinkausstraße 7, 40213 Düsseldorf, Germany (hereinafter "Zoho CRM"). We have concluded an order processing contract with the recipient to ensure that the personal data of our website visitors is only processed in accordance with our instructions. |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA, India. The data transfer is based on the standard contractual clauses of the EU Commission. The parent company Zoho Corporation Pvt. Ltd. is certified in accordance with the EU-US Data Privacy Framework (DPF). |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | IP address (shortened) |
| Change of purpose, if applicable | none |
| Purpose of the processing | Zoho Real User Monitoring is a method for measuring the end-user experience in application performance management. It provides insight into the user experience of a website or app by passively collecting and analyzing timing, error and dimensional information from end users in real time. Zoho Real User Monitoring helps the website operator understand how the website code affects page performance, user experience and other performance aspects. |
| Legal basis | Consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG) |
| Recipient, if applicable (in case of forwarding) | Zoho Corporation GmbH, c/o Mütze Korsch Rechtsanwaltsgesellschaft mbH, Trinkausstraße 7, 40213 Düsseldorf, Germany (hereinafter "Zoho CRM"). We have concluded an order processing contract with the recipient to ensure that the personal data of our website visitors is only processed in accordance with our instructions. |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA, India. The data transfer is based on the standard contractual clauses of the EU Commission. The parent company Zoho Corporation Pvt. Ltd. is certified in accordance with the EU-US Data Privacy Framework (DPF). |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | IP address |
| Change of purpose, if applicable | none |
| Purpose of the processing | This is a service for conversion tracking and retargeting. |
| Legal basis | Exercise of legitimate interest (Art. 6 para. 1 lit. f GDPR), if the use is in the interest of the widest possible visibility in social media, otherwise consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG) |
| Recipient, if applicable (in case of forwarding) | LinkedIn Ireland Unlimited Company; Wilton Place, Dublin 2, Ireland |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA. The data transfer is based on the standard contractual clauses of the EU Commission. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | Device information, IP address, referrer URL, timestamp, browser information, user agent |
| Change of purpose, if applicable | none |
| Opt-Out | https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com |
| Data protection officer of the provider | https://www.linkedin.com/help/linkedin/ask/TSO-DPO |
| Privacy policy of the provider | https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com |
| Purpose of the processing | Detection of code errors |
| Legal basis | Exercise of legitimate interest (Art. 6 para. 1 lit. f GDPR), if the use of ClickCease is in the interest of preventing click fraud, otherwise consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG) |
| Recipient, if applicable (in case of forwarding) | CHEQ AI Technologies Ltd, 23 Yehuda Halevi St. 6513601 Tel Aviv - Jaffa, Israel. |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA. The data transfer is based on the standard contractual clauses of the EU Commission. |
| If known: Duration of data storage | Data is deleted as soon as it is no longer required for the purposes for which it was processed. See General time limits for data erasure |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | IP address, browser type/browser version, operating system used, referrer URL, host name of the accessing computer, time of the server request |
| Change of purpose, if applicable | none |
| Data processing agreement (DPA) or data processing addendum (DPA) | https://sentry.io/legal/dpa/3.0.0/ |
| Purpose of the processing | Facebook Connect simplifies the registration process for new web services for Facebook users. Instead of creating a new user account as before, Facebook users log in to the new service with their Facebook profile. |
| Legal basis | Consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG). If personal data is collected on our website using this tool and forwarded to Facebook, we are jointly responsible for this data processing with Meta Platforms Ireland Ltd (Art. 26 GDPR). We expressly point out that this joint responsibility is limited exclusively to the collection of data and the transfer to Facebook. The further processing of personal data by Facebook is the responsibility of Facebook. You can find the wording of the agreement on joint processing here: https://www.facebook.com/legal/controller_addendum. |
| Recipient, if applicable (in case of forwarding) | Meta Platforms Ireland Limited, Meta Platforms Inc, 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA. The data transfer is based on the standard contractual clauses of the EU Commission. Meta Platforms is certified in accordance with the EU-US Data Privacy Framework (DPF). |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | If applicable, Facebook account information, device information, interactions with the embed, IP address, referrer URL, user agent |
| Change of purpose, if applicable | none |
| Data protection officer of the provider | https://www.facebook.com/help/contact/540977946302970 |
| Privacy policy of the provider | https://www.facebook.com/privacy/explanation/ |
| Purpose of the processing | Our website uses the visitor action pixel from Meta (formerly Facebook) to measure conversions. The behavior of website visitors can be tracked after they have been redirected to the provider\'s website by clicking on a Facebook ad. In this way, the effectiveness of Facebook ads can be evaluated for statistical and market research purposes and optimized for future advertising measures. |
| Legal basis | Consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG). If personal data is collected on our website using this tool and forwarded to Facebook, we are jointly responsible for this data processing with Meta Platforms Ireland Ltd (Art. 26 GDPR). We expressly point out that this joint responsibility is limited exclusively to the collection of data and the transfer to Facebook. The further processing of personal data by Facebook is the responsibility of Facebook. You can find the wording of the agreement on joint processing here: https://www.facebook.com/legal/controller_addendum. |
| Recipient, if applicable (in case of forwarding) | Meta Platforms Ireland Limited, Meta Platforms Inc, 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA. The data transfer is based on the standard contractual clauses of the EU Commission. Meta Platforms is certified in accordance with the EU-US Data Privacy Framework (DPF). |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | If applicable, Facebook account information, device information, interactions with the embed, IP address, referrer URL, user agent |
| Change of purpose, if applicable | none |
| Data protection officer of the provider | https://www.facebook.com/help/contact/540977946302970 |
| Privacy policy of the provider | https://www.facebook.com/privacy/explanation/ |
| Purpose of the processing | We use the WhatsApp Business instant messaging service to communicate with our customers and other third parties. |
| Legal basis | Our legitimate interest (Art. 6 para. 1 lit. f GDPR) in communicating as quickly and effectively as possible with customers, interested parties and other business and contractual partners. |
| Recipient, if applicable (in case of forwarding) | WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA. The data transfer is based on the standard contractual clauses of the EU Commission. WhatsApp is certified in accordance with the EU-US Data Privacy Framework (DPF). |
| If known: Duration of data storage | We store the communication content exchanged with us on WhatsApp Business until our respective communication partners ask us to delete it, revoke their consent to storage or the purpose for data storage no longer applies (e.g. after processing an inquiry). Mandatory statutory provisions - in particular retention periods - remain unaffected. |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | Communication takes place via end-to-end encryption (also known as peer-to-peer encryption). This prevents WhatsApp or other third parties from gaining access to the communication content. However, the service provider receives access to metadata that is created in the course of the communication process (e.g. sender, recipient of the message and time the message was sent). |
| Change of purpose, if applicable | none |
| Privacy policy of the provider |
| Purpose of the processing | Offer service (video service), offer support, answer inquiries, service optimization |
| Legal basis | Fulfillment of a contract (Art. 6 para. 1 lit. b GDPR), if we contact potential or existing contractual partners via the video service or offer certain services. Our legitimate interest (Art. 6 para. 1 lit. f GDPR), if the use of the video service serves to simplify and speed up the process of contacting us or our company. Consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG), if this has been requested. |
| Recipient, if applicable (in case of forwarding) | Zoho Corporation Pvt. Ltd, c/o Mütze Korsch Rechtsanwaltsgesellschaft mbH, Trinkausstraße 7, 40213 Düsseldorf, Germany (hereinafter "Zoho"). We have concluded an order processing contract with the recipient to ensure that the personal data of our website visitors is only processed in accordance with our instructions. |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA, India. The data transfer is based on the standard contractual clauses of the EU Commission. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision of the data is mandatory on the basis of the underlying contract. |
| Consequences of non-compliance (failure to provide the required data) | The provision of the data is mandatory on the basis of the underlying contract. |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | Last name, first name, e-mail address, IP address, session schedule, configuration data, session metadata, function usage data, performance data, browser type, referrer URL, operating system, date/time stamp |
| Change of purpose, if applicable | none |
| Purpose of the processing | Auth0 is an Identity-as-a-Service (IDaaS) platform that supports authentication and authorization processes on this website and ensures compliance with security standards. Auth0 enables the integration of authentication methods such as social logins, single sign-on (SSO) and multi-factor authentication (MFA). |
| Legal basis | Our legitimate interest (Art. 6 para. 1 lit. f GDPR) and, where requested, your consent (Art. 6 para. 1 lit. a GDPR) |
| Recipient, if applicable (in case of forwarding) | Okta Inc., 100 First Street, 6th Floor, San Francisco, CA 94105, USA. We have concluded an order processing contract with the recipient to ensure that the personal data of our website visitors is only processed in accordance with our instructions. |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer to and storage and processing of personal data in the USA. The data transfer is based on the standard contractual clauses of the EU Commission. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (failure to provide the required data) | none |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | IP address, e-mail address, login data |
| Change of purpose, if applicable | none |
| Privacy policy of the provider | https://www.okta.com/privacy-policy/ |
| Purpose of the processing | Processing the payment of purchases made on this website |
| Legal basis | Fulfillment of a contract (Art. 6 para. 1 lit. b GDPR) |
| Recipient, if applicable (in case of forwarding) | 1) PayPal PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") 2) Stripe Stripe Payments Europe, Ltd,1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter "Stripe") 3) GoCardless GoCardless SAS, 7 rue de Madrid, 75008. Paris, France (hereinafter "GoCardless") |
| If applicable, intention of onward transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees) | to 1) PayPal The data transfer to third countries outside the European Union, e.g. the USA, is based on the standard contractual clauses of the EU Commission. Details can be found here: https://stripe.com/de/privacy https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full. Details can be found in PayPal\'s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full. to 2) Stripe The data transfer to third countries outside the European Union, e.g. the USA, is based on the standard contractual clauses of the EU Commission. Details can be found here: https://stripe.com/de/privacy and here: https://stripe.com/de/guides/general-data-protection-regulation. Further details can be found in Stripe\'s privacy policy: https://stripe.com/de/privacy. to 3) GoCardless On June 28, 2021, the European Commission adopted the adequacy decisions for the transfer of personal data to the United Kingdom under the General Data Protection Regulation (GDPR) and the Law Enforcement Directive (LED). With the recognition of the adequate level of data protection, data transfers from the EEA to the United Kingdom, within the scope of the decisions, do not require any special authorization. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The data (in the mandatory fields) must be provided as part of the underlying contract. |
| Consequences of non-compliance (failure to provide the required data) | It is not possible to create a customer account in this case. |
| If applicable, existence of automated decision-making | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data originates from the person concerned. |
| Where applicable, categories of personal data (if not collected directly from the data subject) | Name, payment amount, bank account details, credit card number |
| Change of purpose, if applicable | none |
In accordance with legal requirements, you will find our telephone number and e-mail address on our website. If you select these contact options, we will automatically store data in order to process your inquiries or contact you. We will not pass this data on to third parties without your consent.
If you contact us by telephone or via our e-mail address for pre-contractual or contractual purposes, the processing of personal data by us is based on the legal basis of Art. 6 para. 1 b GDPR. For all other contact from you, the processing of personal data by us is based on our legitimate interest in accordance with Art. 6 para. f GDPR.
The following information explains how we process your data, which you have provided to us for the purpose of implementing the pre-contractual relationship or the contract with you, as part of the customer relationship, and what rights you have in connection with this data processing.
Purposes of processing
Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other relevant data protection regulations. The processing and use of the individual data depends on the agreed contractual service. You can find further details and additions to the processing purposes in the contractual documents (which may include offers, forms, declarations of consent and other information/documents provided to you).
Legal bases
Consent (Art. 6 para. 1 lit. a GDPR)
If you have given us your consent to process personal data, the respective consent is the legal basis for the processing specified therein. You can revoke your consent at any time with effect for the future.
Fulfillment of contractual obligations (Art. 6 para. 1 lit. b GDPR)
We process your personal data for the execution of our contracts with you, i.e. in particular within the framework of our consulting contract. In addition, your personal data is processed to carry out measures and activities in the context of pre-contractual relationships.
Fulfilment of legal obligations (Art. 6 para. 1 lit. c GDPR)
We process your personal data if this is necessary to fulfil legal obligations (e.g. commercial and tax laws).
Furthermore, we may process your data for the fulfilment of tax control and reporting obligations, for the archiving of data for data protection and data security purposes and for audits by the tax office and other authorities. In addition, the disclosure of personal data may become necessary in the context of official or judicial measures for the purposes of gathering evidence, criminal prosecution or the enforcement of civil law claims.
Legitimate interest of us or third parties (Art. 6 para. 1 lit. f GDPR)
We may also use your personal data on the basis of a balancing of interests to protect the legitimate interest of us or third parties. This is done, for example, for the purposes of advertising or market research if you have not objected to the use of your data, obtaining information and exchanging data with credit agencies if your order affects our risk-bearing capacity and the assertion of legal claims and defense in legal disputes.
We process basic data about our contractual partner and the contact persons and the existing business relationship with our contractual partner, which we refer to collectively as master data. This includes in particular all information that was provided to us when the business relationship was established or that we requested from our contractual partner or a contact person, such as personal data (name, date of birth, place of birth, nationality, marital status, profession/industry and comparable data) and contact data (address, e-mail address, telephone number and comparable data) and those data that we have collected in connection with the establishment of the business relationship (such as in particular the details of the contract(s) concluded). of the contracts concluded).
We also process personal data that arises in the course of the business relationship, which may go beyond a mere change of master data and which we refer to as "historical data". This includes, in particular, information about the services you have accepted on the basis of the contracts concluded, information about the services we have provided on the basis of the contracts concluded, information that you or a contact person provide to us in the course of the business relationship - either actively or at our request - and personal data that we receive in any other way from you, a contact person or third parties in the course of our business relationship.
To the extent permitted by law, we also store personal data from third parties in addition to the master and historical data. This includes, for example, data on the economic situation of our contractual partners if this is necessary to assess economic risks - such as payment defaults.
We also process personal data from public sources (e.g. internet, media, press, commercial and association registers, population registers). If necessary for the provision of our services, we process personal data that we have lawfully obtained from third parties (e.g. address publishers, credit agencies).
We pass on your personal data within our company to those areas that require this data to fulfill contractual and legal obligations or to implement our legitimate interest.
In addition, processors employed by us (Art. 28 GDPR), service providers for supporting activities and other controllers within the meaning of the GDPR, in particular in the areas of IT services, logistics, courier services, printing services, external data centers, support/maintenance of IT applications, archiving, document processing, accounting and controlling, data destruction, purchasing/procurement, customer administration, letter stores, marketing, telephony, website management, tax consultancy, auditing services, credit institutions; public bodies and institutions in the event of a legal or official obligation under which we are obliged to provide information, report or pass on data or the passing on of data is in the public interest; bodies and institutions on the basis of our legitimate interest or the legitimate interest of the third party (e.g. to public authorities, credit agencies, credit agencies). to authorities, credit agencies, debt collection agencies, lawyers, courts, experts and supervisory authorities) and other bodies for which you have given us your consent to transfer your data.
Data processing outside the EU or the EEA does not take place.
Where necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract. In addition, we are subject to various retention and documentation obligations arising from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The retention and documentation periods specified there are up to 10 years beyond the end of the business relationship or the pre-contractual legal relationship. Ultimately, the storage period also depends on the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.
We deal with you and your application request personally and do not use any automated decision-making processes and therefore no profiling in accordance with Article 22 GDPR.
The following information explains how we process your data, which you have provided to us for the purpose of implementing the pre-contractual relationship or the contract with you, as part of the business relationship, and what rights you have in connection with this data processing.
Purposes of processing
Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other relevant data protection regulations. The processing and use of the individual data depends on the agreed contractual service. Our contractual documents (and the offers, forms, declarations of consent and other information/documents exchanged) contain further details and additions to the processing purposes.
Legal bases
Consent (Art. 6 para. 1 lit. a GDPR)
If you have given us your consent to process personal data, the respective consent is the legal basis for the processing specified therein. You can revoke your consent at any time with effect for the future.
Fulfillment of contractual obligations (Art. 6 para. 1 lit. b GDPR)
We process your personal data for the execution of contracts concluded with you. In addition, your personal data will be processed to carry out measures and activities in the context of pre-contractual relationships.
Fulfilment of legal obligations (Art. 6 para. 1 lit. c GDPR)
We process your personal data if this is necessary to fulfil legal obligations (e.g. commercial and tax laws).
Furthermore, we may process your data for the fulfilment of control and reporting obligations under tax law, for the archiving of data for data protection and data security purposes and for audits by the tax office and other authorities. In addition, the disclosure of personal data may become necessary in the context of official or judicial measures for the purposes of gathering evidence, criminal prosecution or the enforcement of civil law claims.
Legitimate interest of us or third parties (Art. 6 para. 1 lit. f GDPR)
We may also use your personal data on the basis of a balancing of interests to protect the legitimate interest of us or third parties. This is done, for example, for the purposes of asserting legal claims and defending ourselves in legal disputes, preventing and investigating criminal offenses; as well as managing and further developing our business activities, including risk management.
We pass on your personal data within our company to those areas that require this data to fulfill contractual and legal obligations or to implement our legitimate interest.
In addition, processors employed by us (Art. 28 GDPR), service providers for supporting activities and other controllers within the meaning of the GDPR, in particular in the areas of IT services, logistics, courier services, printing services, external data centers, support/maintenance of IT applications, archiving, document processing, accounting and controlling, data destruction, purchasing/procurement, customer administration, letter stores, marketing, telephony, website management, tax consultancy, auditing services, credit institutions; public bodies and institutions in the event of a legal or official obligation under which we are obliged to provide information, report or pass on data or the passing on of data is in the public interest; bodies and institutions on the basis of our legitimate interest or the legitimate interest of the third party (e.g. to public authorities, credit agencies, credit agencies). to authorities, credit agencies, debt collection agencies, lawyers, courts, experts and supervisory authorities) and other bodies for which you have given us your consent to transfer your data.
Data processing outside the EU or the EEA does not take place.
Where necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract. In addition, we are subject to various retention and documentation obligations arising from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The retention and documentation periods specified there are up to 10 years beyond the end of the business relationship or the pre-contractual legal relationship. Ultimately, the storage period also depends on the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.
We deal with you and your inquiries personally and do not use any automated decision-making processes and therefore no profiling in accordance with Article 22 GDPR.
You disclose personal data with your application. This data protection information explains in detail how we process your data and what rights you are entitled to in connection with this data processing.
Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other relevant data protection regulations.
We process personal data about you for the purpose of your application for an employment relationship, insofar as this is necessary for the decision on the establishment of an employment relationship with us. The legal basis for the processing of your personal data in the application process is primarily Art. 6 para. 1 lit. b GDPR.
Furthermore, we may process personal data about you insofar as this is necessary to defend against legal claims asserted against us in the application process. The legal basis for this is Art. 6 para. 1 lit. f GDPR; the legitimate interest is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).
If there is an employment relationship between you and us, we will continue to process the personal data already received from you for the purposes of the employment relationship if this is necessary for the performance or termination of the employment relationship or for the exercise or fulfillment of the rights and obligations of the representation of employees\' interests arising from a law or a collective agreement, a works or service agreement (collective agreement).
We process data in connection with your application. This may be general personal data (such as name, address and contact details), information about your professional qualifications and schooling or information about further professional training or other information that you provide to us in connection with your application. We may also process job-related information that you have made publicly available, such as a profile on professional social media networks.
Data processing outside the EU or the EEA does not take place.
Your personal application data will generally be deleted automatically six months after completion of the application process. This does not apply if statutory provisions prevent deletion, if further storage is necessary for the purpose of providing evidence or if you have expressly consented to longer storage.
If we are unable to offer you a current vacancy but, based on your profile, we believe that your application may be of interest for future vacancies, we will store your personal application data for twelve months, provided you expressly consent to such storage and use.
We deal with you and your application request personally and do not use any automated decision-making processes and therefore no profiling in accordance with Article 22 GDPR.
Chapter III of the EU General Data Protection Regulation (GDPR) provides for extensive rights for data subjects (e.g. visitors to this website, customers, suppliers, subcontractors, business partners or applicants), which we explain below with regard to the processing of personal data (the explanatory texts can be opened by clicking on the gray buttons). The rights apply to all so-called "data subjects" (the GDPR refers to identified or identifiable natural persons, see explanation above, i.e. visitors to the website, customers, etc.). These rights therefore apply to all data protection information provided below.
This requirement concerns in particular information on the following details of data processing:
We will correct any erroneous data immediately, provided that you inform us of the circumstance accordingly.
If the processing is no longer necessary and one of the following conditions is met:
If it is technically possible and does not affect the rights and freedoms of other persons, we will - at your request - transfer your data to another recipient (responsible party).
If we collect or have collected and process personal data from you (on the basis of Art. 6 (1) e or f or Art. 9 (2) a GDPR), you have the right to object to the data processing (including profiling) at any time (with effect for the future). In exceptional cases, the objection may be ineffective, e.g. if we can demonstrate compelling interests worthy of protection for the processing that outweigh your interests or processing serves the assertion, exercise or defense of legal claims. If we process your personal data for the purpose of direct marketing, you have the right to object to such processing at any time. This also applies to profiling, insofar as it is related to such direct advertising. You also have the right to object to processing of your data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
If we collect or have collected and process personal data from you, you have the right not to be subject to any decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. Exceptions to this requirement apply if the decision is necessary for the conclusion or performance of a contract between you and us or you have expressly consented to the processing. In any case, we will take reasonable steps to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain the intervention of a person on our part, to express our own point of view and to contest the decision.
You have the right to withdraw your consent to the processing of personal data at any time.
We use the WEBSITE-SCAN of the GDPR service to ensure that data protection information in connection with the services on our website is always up to date. We also use this service to keep the other data protection information on our website up to date.
We have concluded an order processing contract with the GDPR service in accordance with Art. 28 GDPR. The service is operated by Consultatio Inh. Kerstin Hofmann, Am Andreasberg 15, 99326 Stadtilm.