POLÍTICA DE PRIVACIDAD
Nos complace mucho su interés en SkillScout, un servicio de apsa personnel concepts gmbh (en adelante, apsa). La protección de datos es de particular importancia para nosotros. El uso de las páginas de Internet de apsa es posible sin ninguna indicación de datos personales. Sin embargo, si un interesado desea utilizar servicios especiales de nuestra empresa a través de nuestro sitio web, puede ser necesario el procesamiento de datos personales. Si el procesamiento de datos personales es necesario y no existe una base legal para dicho procesamiento, generalmente obtenemos el consentimiento del interesado.
El procesamiento de datos personales, como el nombre, la dirección, la dirección de correo electrónico o el número de teléfono de un interesado, siempre se llevará a cabo de acuerdo con el Reglamento General de Protección de Datos y de conformidad con las regulaciones de protección de datos específicas del país aplicables a apsa. Mediante esta declaración de protección de datos, nuestra empresa desea informar al público sobre la naturaleza, el alcance y el propósito de los datos personales que recopilamos, utilizamos y procesamos. Además, los interesados son informados de sus derechos mediante esta declaración de protección de datos.
apsa ha implementado numerosas medidas técnicas y organizativas para garantizar la protección más completa de los datos personales procesados a través de este sitio web. Sin embargo, las transmisiones de datos basadas en Internet pueden tener en principio brechas de seguridad, por lo que no se puede garantizar una protección absoluta. Por esta razón, todo interesado es libre de transferir datos personales a nosotros a través de medios alternativos, por ejemplo, por teléfono.
1. DEFINICIONES
La declaración de protección de datos de apsa se basa en los términos utilizados por el legislador europeo para la adopción del Reglamento General de Protección de Datos (GDPR). Nuestra declaración de protección de datos debe ser legible y comprensible para el público en general, así como para nuestros clientes y socios comerciales. Para asegurar esto, nos gustaría explicar primero la terminología utilizada.
Utilizamos los siguientes términos, entre otros, en esta declaración de protección de datos:
- a) Datos personales
Datos personales significa cualquier información relativa a una persona física identificada o identificable (“interesado”). Se considera identificable una persona física que pueda ser identificada, directa o indirectamente, en particular mediante un identificador como un nombre, un número de identificación, datos de ubicación, un identificador en línea o uno o más factores específicos de la identidad física, fisiológica, genética, mental, económica, cultural o social de dicha persona física.
- b) Interesado
Interesado es cualquier persona física identificada o identificable cuyos datos personales son procesados por el controlador responsable del procesamiento.
- c) Procesamiento
Procesamiento es cualquier operación o conjunto de operaciones que se realiza en datos personales o en conjuntos de datos personales, ya sea por medios automatizados o no, como la recopilación, registro, organización, estructuración, almacenamiento, adaptación o alteración, recuperación, consulta, uso, divulgación por transmisión, difusión o de otra manera puesta a disposición, alineación o combinación, restricción, borrado o destrucción.
- d) Restricción del procesamiento
Restricción del procesamiento es la marcación de los datos personales almacenados con el objetivo de limitar su procesamiento en el futuro.
- e) Perfilado
Perfilado significa cualquier forma de procesamiento automatizado de datos personales que consista en el uso de datos personales para evaluar ciertos aspectos personales de una persona física, en particular para analizar o predecir aspectos relacionados con el rendimiento laboral, la situación económica, la salud, las preferencias personales, los intereses, la fiabilidad, el comportamiento, la ubicación o los movimientos de dicha persona física.
- f) Seudonimización
Seudonimización es el procesamiento de datos personales de tal manera que los datos personales ya no pueden atribuirse a un interesado específico sin el uso de información adicional, siempre que dicha información adicional se mantenga por separado y esté sujeta a medidas técnicas y organizativas para asegurar que los datos personales no se atribuyan a una persona física identificada o identificable.
- g) Controlador o controlador responsable del procesamiento
El controlador o responsable del tratamiento es la persona física o jurídica, autoridad pública, agencia u otro organismo que, solo o junto con otros, determine los fines y medios del tratamiento de datos personales; cuando los fines y medios de dicho tratamiento estén determinados por la legislación de la Unión o de los Estados miembros, el controlador o los criterios específicos para su nombramiento podrán ser establecidos por la legislación de la Unión o de los Estados miembros.
- h) Procesador
Procesador es una persona física o jurídica, autoridad pública, agencia u otro organismo que trate datos personales por cuenta del controlador.
- i) Destinatario
Destinatario es una persona física o jurídica, autoridad pública, agencia u otro organismo, al que se le comuniquen los datos personales, se trate o no de un tercero. No obstante, las autoridades públicas que puedan recibir datos personales en el marco de una investigación particular de conformidad con la legislación de la Unión o de los Estados miembros no se considerarán destinatarios.
- j) Tercero
Tercero es una persona física o jurídica, autoridad pública, agencia u organismo distinto del interesado, el controlador, el procesador y las personas que, bajo la autoridad directa del controlador o del procesador, estén autorizadas para tratar datos personales.
- k) Consentimiento
El consentimiento del interesado es cualquier manifestación de voluntad libre, específica, informada e inequívoca por la que el interesado, mediante una declaración o una clara acción afirmativa, manifieste su acuerdo con el tratamiento de los datos personales que le conciernen.
2. NOMBRE Y DIRECCIÓN DEL CONTROLADOR
El controlador a efectos del Reglamento General de Protección de Datos, otras leyes de protección de datos aplicables en los Estados miembros de la Unión Europea y otras disposiciones relacionadas con la protección de datos es:
apsa personnel concepts gmbh
Schadekgasse 5/18
1060 Viena
Austria
Teléfono: +43 1 934 66 86
Email: [email protected]
Sitio web: www.apsa.at
3. COOKIES
Las páginas de Internet de apsa utilizan cookies. Las cookies son archivos de texto que se almacenan en un sistema informático a través de un navegador de Internet.
Muchas páginas de Internet y servidores utilizan cookies. Muchas cookies contienen una llamada ID de cookie. Una ID de cookie es un identificador único de la cookie. Consiste en una cadena de caracteres a través de la cual las páginas de Internet y los servidores pueden asignarse al navegador específico de Internet en el que se almacenó la cookie. Esto permite que los sitios de Internet y los servidores visitados diferencien el navegador individual del interesado de otros navegadores de Internet que contienen otras cookies. Un navegador de Internet específico puede reconocerse e identificarse utilizando la ID única de cookie.
A través del uso de cookies, apsa puede proporcionar a los usuarios de este sitio web servicios más amigables que no serían posibles sin la configuración de cookies.
Mediante una cookie, la información y las ofertas en nuestro sitio web pueden optimizarse pensando en el usuario. Las cookies nos permiten, como se mencionó anteriormente, reconocer a los usuarios de nuestro sitio web. El propósito de este reconocimiento es facilitar a los usuarios la utilización de nuestro sitio web. El usuario del sitio web que utiliza cookies, por ejemplo, no tiene que ingresar los datos de acceso cada vez que accede al sitio web, porque esto lo toma el sitio web, y la cookie se almacena en el sistema informático del usuario. Otro ejemplo es la cookie de un carrito de compras en una tienda en línea. La tienda en línea recuerda los artículos que un cliente ha colocado en el carrito de compras virtual a través de una cookie.
El interesado puede, en cualquier momento, impedir la configuración de cookies a través de nuestro sitio web mediante la configuración correspondiente del navegador de Internet utilizado, y puede así denegar permanentemente la configuración de cookies. Además, las cookies ya establecidas pueden eliminarse en cualquier momento a través de un navegador de Internet u otros programas de software. Esto es posible en todos los navegadores de Internet populares. Si el interesado desactiva la configuración de cookies en el navegador de Internet utilizado, no todas las funciones de nuestro sitio web pueden ser completamente utilizables.
4. RECOLECCIÓN DE DATOS E INFORMACIÓN GENERALES
El sitio web de apsa recopila una serie de datos e información generales cuando un interesado o un sistema automatizado llama al sitio web. Estos datos e información generales se almacenan en los archivos de registro del servidor. Pueden recopilarse (1) los tipos y versiones de navegador utilizados, (2) el sistema operativo utilizado por el sistema de acceso, (3) el sitio web desde el cual un sistema de acceso llega a nuestro sitio web (los llamados referidores), (4) los sub-sitios web, (5) la fecha y hora de acceso al sitio de Internet, (6) una dirección de protocolo de Internet (dirección IP), (7) el proveedor de servicios de Internet del sistema de acceso, y (8) cualquier otro dato e información similar que pueda utilizarse en caso de ataques a nuestros sistemas de tecnología de la información.
Al utilizar estos datos e información generales, apsa no saca ninguna conclusión sobre el interesado. Más bien, esta información es necesaria para (1) entregar el contenido de nuestro sitio web correctamente, (2) optimizar el contenido de nuestro sitio web así como su publicidad, (3) asegurar la viabilidad a largo plazo de nuestros sistemas de tecnología de la información y la tecnología del sitio web, y (4) proporcionar a las autoridades encargadas de hacer cumplir la ley la información necesaria para el enjuiciamiento penal en caso de un ciberataque. Por lo tanto, apsa analiza de forma anónima los datos e información recopilados estadísticamente, con el objetivo de aumentar la protección de datos y la seguridad de nuestra empresa, y asegurar un nivel óptimo de protección para los datos personales que procesamos. Los datos anónimos de los archivos de registro del servidor se almacenan por separado de todos los datos personales proporcionados por un interesado.
5. REGISTRO EN NUESTRO SITIO WEB
El interesado tiene la posibilidad de registrarse en el sitio web del controlador con la indicación de datos personales. Los datos personales que se transmiten al controlador están determinados por la máscara de entrada utilizada para el registro. Los datos personales ingresados por el interesado se recopilan y almacenan exclusivamente para uso interno del controlador, y para sus propios fines. El controlador puede solicitar la transferencia a uno o más procesadores (por ejemplo, un servicio de paquetería) que también utilizan datos personales para un propósito interno atribuible al controlador.
Al registrarse en el sitio web del controlador, también se almacenan la dirección IP, asignada por el proveedor de servicios de Internet (ISP) y utilizada por el interesado, la fecha y la hora del registro. El almacenamiento de estos datos tiene lugar con el telón de fondo de que esta es la única manera de prevenir el uso indebido de nuestros servicios y, si es necesario, hacer posible investigar delitos cometidos. Por lo tanto, el almacenamiento de estos datos es necesario para asegurar al controlador. Estos datos no se transmiten a terceros a menos que exista una obligación legal de transmitir los datos, o si la transferencia sirve al objetivo de la persecución penal.
El registro del interesado, con la indicación voluntaria de datos personales, tiene como objetivo permitir al controlador ofrecer al interesado contenidos o servicios que solo pueden ofrecerse a usuarios registrados debido a la naturaleza del asunto en cuestión. Las personas registradas son libres de cambiar los datos personales especificados durante el registro en cualquier momento, o de eliminarlos completamente del almacenamiento de datos del controlador.
El controlador proporcionará, en cualquier momento, información a petición de cada interesado sobre los datos personales que se almacenan sobre el interesado. Además, el controlador corregirá o borrará los datos personales a petición o indicación del interesado, siempre que no existan obligaciones legales de almacenamiento. El oficial de protección de datos y la totalidad de los empleados del controlador están disponibles para el interesado en este sentido como personas de contacto.
6. SUSCRIPCIÓN A NUESTROS BOLETINES
En el sitio web de apsa, se da a los usuarios la oportunidad de suscribirse al boletín de nuestra empresa. La máscara de entrada utilizada para este propósito determina qué datos personales se transmiten, así como cuándo se solicita el boletín del controlador.
apsa informa regularmente a sus clientes y socios comerciales a través de un boletín sobre las ofertas de la empresa. El boletín de la empresa solo puede ser recibido por el interesado si (1) el interesado tiene una dirección de correo electrónico válida y (2) el interesado se registra para el envío del boletín. Se enviará un correo electrónico de confirmación a la dirección de correo electrónico registrada por un interesado por primera vez para el envío del boletín, por razones legales, en el procedimiento de doble opt-in. Este correo electrónico de confirmación se utiliza para probar si el propietario de la dirección de correo electrónico como interesado está autorizado para recibir el boletín.
Durante el registro para el boletín, también almacenamos la dirección IP del sistema informático asignada por el proveedor de servicios de Internet (ISP) y utilizada por el interesado en el momento del registro, así como la fecha y la hora del registro. La recopilación de estos datos es necesaria para comprender el (posible) uso indebido de la dirección de correo electrónico de un interesado en una fecha posterior, y por lo tanto sirve al objetivo de la protección legal del controlador.
Los datos personales recopilados como parte de un registro para el boletín solo se utilizarán para enviar nuestro boletín. Además, los suscriptores al boletín pueden ser informados por correo electrónico, siempre que esto sea necesario para el funcionamiento del servicio de boletín o un registro en cuestión, como podría ser el caso en el evento de modificaciones a la oferta del boletín, o en el caso de un cambio en las circunstancias técnicas. No habrá transferencia de datos personales recopilados por el servicio de boletín a terceros. La suscripción a nuestro boletín puede ser terminada por el interesado en cualquier momento. El consentimiento para el almacenamiento de datos personales, que el interesado ha dado para el envío del boletín, puede ser revocado en cualquier momento. Para el propósito de la revocación del consentimiento, se encuentra un enlace correspondiente en cada boletín. También es posible darse de baja del boletín en cualquier momento directamente en el sitio web del controlador, o comunicar esto al controlador de otra manera.
7. NEWSLETTER-TRACKING
The newsletter of apsa contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such emails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, apsa may see if and when an email was opened by a data subject, and which links in the email were called up by data subjects.
Such personal data collected in the tracking pixels contained in the newsletters are stored and analyzed by the controller in order to optimize the shipping of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. These personal data will not be passed on to third parties. Data subjects are at any time entitled to revoke the respective separate declaration of consent issued by means of the double-opt-in procedure. After a revocation, these personal data will be deleted by the controller. apsa automatically regards a withdrawal from the receipt of the newsletter as a revocation.
8. CONTACT POSSIBILITY VIA THE WEBSITE
The website of apsa contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (email address). If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.
9. COMMENT FUNCTION IN THE BLOG ON THE WEBSITE
apsa offers users the possibility to leave individual comments on individual blog contributions on a blog, which is on the website of the controller. A blog is a web-based, publicly accessible portal, through which one or more people called bloggers or web-bloggers may post articles or write down thoughts in blog posts. Blog posts may usually be commented on by third parties.
If a data subject leaves a comment on the blog published on this website, the comments made by the data subject are also stored and published, as well as information on the date of the commentary and on the user’s pseudonym chosen by the data subject. In addition, the IP address assigned by the Internet service provider (ISP) to the data subject is also logged. This storage of the IP address takes place for security reasons, and in case the data subject violates the rights of third parties, or posts illegal content through a given comment. The storage of these personal data is, therefore, in the own interest of the controller, so that he can exculpate in the event of an infringement. This collected personal data will not be passed to third parties, unless such a transfer is required by law, or serves the aim of the defense of the data controller.
10. SUBSCRIPTION TO COMMENTS IN THE BLOG ON THE WEBSITE
The comments made in the blog of apsa may be subscribed to by third parties. In particular, there is the possibility that a commenter subscribes to the comments following his comments on a particular blog post.
If a data subject decides to subscribe to the option, the controller will send an automatic confirmation email to check the double opt-in procedure to see if the owner of the specified email address decided in favor of this option. The option to subscribe to comments may be terminated at any time.
11. ROUTINE ERASURE AND BLOCKING OF PERSONAL DATA
The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
12. RIGHTS OF THE DATA SUBJECT
12 a) Right of confirmation
Each data subject shall have the right granted by the European legislator to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to avail himself of this right of confirmation, he or she may, at any time, contact our data protection officer or another employee of the controller.
12 b) Right of access
Each data subject shall have the right granted by the European legislator to obtain from the controller free information about his or her personal data stored at any time and a copy of this information. Furthermore, the European directives and regulations grant the data subject access to the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;
- the existence of the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
Furthermore, the data subject shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organisation. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.
If a data subject wishes to avail himself of this right of access, he or she may, at any time, contact our data protection officer or another employee of the controller.
12 c) Right to rectification
Each data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If a data subject wishes to exercise this right to rectification, he or she may, at any time, contact our data protection officer or another employee of the controller.
12 d) Right to erasure (Right to be forgotten)
Each data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- The data subject withdraws consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
- The personal data have been unlawfully processed.
- The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
- The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by apsa, he or she may at any time contact our data protection officer or another employee of the controller. The data protection officer of apsa or another employee shall promptly ensure that the erasure request is complied with immediately.
Where the controller has made personal data public and is obliged pursuant to Article 17(1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. The data protection officer of apsa or another employee will arrange the necessary measures in individual cases.
12 e) Right of restriction of processing
Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies:
The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use instead.
The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by apsa, he or she may at any time contact our data protection officer or another employee of the controller. The data protection officer of apsa or another employee will arrange the restriction of the processing.
12 f) Right to data portability
Each data subject shall have the right granted by the European legislator, to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
In order to assert the right to data portability, the data subject may at any time contact the data protection officer designated by apsa or another employee.
12 g) Right to object
Each data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.
apsa shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
If apsa processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to apsa to the processing for direct marketing purposes, apsa will no longer process the personal data for these purposes.
In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by apsa for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
In order to exercise the right to object, the data subject may contact the data protection officer of apsa or another employee. In addition, the data subject is free in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use his or her right to object by automated means using technical specifications.
12 h) Automated individual decision-making, including profiling
Each data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision (1) is not necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is not authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is not based on the data subject’s explicit consent.
If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject’s explicit consent, apsa shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.
If the data subject wishes to exercise the rights concerning automated individual decision-making, he or she may, at any time, contact our data protection officer or another employee of the controller.
12 i) Right to withdraw data protection consent
Each data subject shall have the right granted by the European legislator to withdraw his or her consent to the processing of his or her personal data at any time.
If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact our data protection officer or another employee of the controller.
13) DATA PROTECTION FOR APPLICATIONS AND THE APPLICATION PROCEDURE
The controller shall collect and process the personal data of applicants for the purpose of processing the application procedure. The processing may also be carried out electronically. This is particularly the case if an applicant submits corresponding application documents by electronic means, for example by email or via a web form on the website, to the controller. If the data controller concludes an employment contract with an applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If the controller does not conclude an employment contract with the applicant, the application documents shall be automatically erased two months after notification of the rejection decision, provided that no other legitimate interests of the controller are opposed to the erasure. Other legitimate interest in this relation is, for example, a burden of proof in a procedure under the General Equal Treatment Act (AGG).
What are social media?
In addition to our website, we are also active on various social media platforms. User data can be processed to target users who are interested in us via social networks. Furthermore, elements of a social media platform can be directly embedded in our website. This is the case, for example, when you click on a so-called social button on our website and are redirected to our social media presence. Websites and apps where registered members can produce content, share content openly or within specific groups, and connect with other members are referred to as social media or social networks.
Why do we use social media?
For years, social media platforms have been the place where people communicate and network online. With our social media presence, we can introduce our products and services to interested people. The social media elements integrated into our website allow you to switch to our social media content quickly and easily.
The data stored and processed through your use of a social media channel primarily serves to carry out web analyses. The aim of these analyses is to develop more precise and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, relevant conclusions about your interests can be drawn, and user profiles can be created. This enables the platforms to present you with tailored advertising. For this purpose, cookies are usually set in your browser, storing data about your usage behavior.
We generally assume that we remain responsible for data protection even when using the services of a social media platform. However, the European Court of Justice has ruled that in certain cases, the operator of the social media platform may be jointly responsible with us under Article 26 GDPR. Should this be the case, we will expressly inform you and make a corresponding agreement. Below you will find the essential contractual conditions for the respective platform.
Please note that when using social media platforms or our embedded elements, your data may be processed outside the European Union, as many social media channels, such as Facebook or X, are American companies. This may make it more challenging for you to assert and enforce your rights regarding your personal data.
What data is processed?
What specific data is stored and processed depends on the respective provider of the social media platform. However, it is generally data such as phone numbers, email addresses, information entered into a contact form, user data such as which buttons you click, whom you like or follow, when you visited certain pages, information about your device, and your IP address. Most of this data is stored in cookies. Particularly if you have a profile on the visited social media channel and are logged in, data can be linked to your profile. All data collected via a social media platform is also stored on the providers’ servers. Therefore, only the providers have access to the data and can provide you with the necessary information or make changes.
If you want to know precisely what data is stored and processed by social media providers and how you can object to data processing, we recommend that you carefully read the data protection regulations of the respective company. If you have any questions about data storage and processing or wish to exercise your rights, we recommend contacting the provider directly.
Duration of data processing
We will inform you about the duration of data processing below, provided we have further information on this. For example, the social media platform Facebook stores data until it is no longer needed for its own purposes. Customer data matched with user data is deleted within two days. In general, we process personal data only as long as it is absolutely necessary for the provision of our services and products. If, for example, it is legally required, as in the case of accounting, this storage period may be exceeded.
Right to object
You also have the right and the opportunity to withdraw your consent to the use of cookies or third-party providers such as embedded social media elements at any time. This can be done either via our cookie management tool or other opt-out functions. For example, you can also prevent data collection through cookies by managing, deactivating, or deleting cookies in your browser. Since social media tools may use cookies, we also recommend reading our general data protection statement on cookies. To know precisely what data is stored and processed about you, you should read the data protection regulations of the respective tools.
Legal basis
If you have consented to the processing and storage of your data through embedded social media elements, this consent serves as the legal basis for data processing (Art. 6(1)(a) GDPR). The storage and processing of your data is also generally based on our legitimate interest (Art. 6(1)(f) GDPR) in quick and effective communication with you and other customers and business partners, provided you have given your consent. Most social media platforms also use cookies in your browser to store data. Therefore, we recommend that you read our data protection provisions on cookies carefully and the data protection declaration or cookie guidelines of the respective service provider.
14) DATA PROTECTION PROVISIONS ABOUT THE APPLICATION AND USE OF GOOGLE ANALYTICS (WITH ANONYMIZATION FUNCTION)
The controller has integrated the component of Google Analytics (with the anonymizer function) on this website. Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects data, inter alia, about the website from which a person has come (the so-called referrer), which subpages were visited, or how often and for what duration a subpage was viewed. Web analytics is mainly used to optimize a website and to carry out a cost-benefit analysis of internet advertising.
The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The controller uses the application “_gat._anonymizeIp” for web analytics through Google Analytics. By means of this application, the IP address of the internet connection of the data subject is abridged by Google and anonymized when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our internet site for us.
Google Analytics places a cookie on the information technology system of the data subject. What cookies are has already been explained. With the setting of the cookie, Google is enabled to analyze the use of our website. With each call-up to one of the individual pages of this website, which is operated by the controller and into which a Google Analytics component was integrated, the internet browser on the information technology system of the data subject will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.
The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits to our website by the data subject. With each visit to our internet site, such personal data, including the IP address of the internet access used by the data subject, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.
The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the internet browser used would also prevent Google Analytics from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.
In addition, the data subject has the possibility of objecting to the collection of data generated by Google Analytics, which is related to the use of this website, as well as the processing of this data by Google and the chance to preclude any such. For this purpose, the data subject must download a browser add-on under the link https://tools.google.com/dlpage/gaoptout and install it. This browser add-on tells Google Analytics through a JavaScript that any data and information about the visits of internet pages may not be transmitted to Google Analytics. The installation of the browser add-ons is considered an objection by Google. If the information technology system of the data subject is later deleted, formatted, or newly installed, then the data subject must reinstall the browser add-ons to disable Google Analytics. If the browser add-on was uninstalled by the data subject or any other person who is attributable to their sphere of competence or is disabled, it is possible to execute the reinstallation or reactivation of the browser add-ons.
Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.de/intl/de/policies/privacy/ and under http://www.google.com/analytics/terms/de.html. Google Analytics is further explained under the following Link https://www.google.com/intl/de_de/analytics/.
15) DATA PROTECTION PROVISIONS ABOUT THE APPLICATION AND USE OF GOOGLE REMARKETING
The controller has integrated Google Remarketing services on this website. Google Remarketing is a feature of Google AdWords, which allows an enterprise to display advertising to internet users who have previously resided on the enterprise’s website. The integration of Google Remarketing allows an enterprise to create user-based advertising and thus show relevant advertisements to interested internet users.
The operating company of the Google Remarketing services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google Remarketing is the insertion of interest-relevant advertising. Google Remarketing allows us to display ads on the Google network or on other websites, which are based on individual needs and interests of internet users.
Google Remarketing sets a cookie on the information technology system of the data subject. What cookies are has already been explained above. With the setting of the cookie, Google enables the recognition of the visitor of our website if he calls up consecutive websites, which are also a member of the Google advertising network. With each call-up to an internet site on which the service has been integrated by Google Remarketing, the web browser of the data subject identifies automatically with Google. During the course of this technical procedure, Google receives personal information, such as the IP address or the browsing behavior of the user, which Google uses, inter alia, to insert interest-relevant advertising.
The cookie is used to store personal information, e.g., the internet pages visited by the data subject. Each time we visit our internet pages, personal data, including the IP address of the internet access used by the data subject, is transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.
The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.
In addition, the data subject has the possibility of objecting to the interest-based advertising by Google. Therefore, the data subject must access the link to www.google.de/settings/ads from each of the internet browsers in use and set the desired settings.
Further information and the actual data protection provisions of Google may be retrieved under https://www.google.de/intl/de/policies/privacy/.
16) DATA PROTECTION PROVISIONS ABOUT THE APPLICATION AND USE OF GOOGLE ADWORDS
The controller has integrated Google AdWords on this website. Google AdWords is an internet advertising service that allows the advertiser to place ads in Google search engine results and the Google advertising network. Google AdWords allows an advertiser to predefine specific keywords with the help of which an ad on Google’s search results will only be then displayed when the user utilizes the search engine to retrieve a keyword-relevant search result. In the Google advertising network, the ads are distributed on relevant internet pages using an automatic algorithm, considering the previously defined keywords.
The operating company of Google AdWords services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is to promote our website by the inclusion of relevant advertising on third-party websites and in the search engine results of the Google search engine and an insertion of third-party advertising on our website.
If a data subject reaches our website via a Google ad, a conversion cookie is filed on the information technology system of the data subject through Google. What cookies are has already been explained above. A conversion cookie loses its validity after 30 days and is not used to identify the data subject. If the cookie has not expired, the conversion cookie is used to check whether certain sub-pages, e.g., the shopping cart from an online shop system, were called up on our website. Through the conversion cookie, both Google and the controller can understand whether a person who reached an AdWords ad on our website generated sales, i.e., executed or canceled a sale of goods.
The data and information collected through the use of the conversion cookie are used by Google to create visit statistics for our website. These visit statistics are used in order to determine the total number of users who have been served through AdWords ads to ascertain the success or failure of each AdWords ad and to optimize our AdWords ads in the future. Neither our company nor other Google AdWords advertisers receive information from Google that could identify the data subject.
The conversion cookie stores personal information, e.g., the internet pages visited by the data subject. Each time we visit our internet pages, personal data, including the IP address of the internet access used by the data subject, is transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.
The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the internet browser used would also prevent Google from setting a conversion cookie on the information technology system of the data subject. In addition, a cookie set by Google AdWords may be deleted at any time via the web browser or other software programs.
In addition, the data subject has the possibility of objecting to the interest-based advertising by Google. Therefore, the data subject must access the link to www.google.de/settings/ads from each of the internet browsers in use and set the desired settings.
Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.de/intl/de/policies/privacy/.
17) DATA PROTECTION PROVISIONS ABOUT THE APPLICATION AND USE OF JETPACK FOR WORDPRESS
The controller has integrated Jetpack on this website. Jetpack is a WordPress plugin, which provides additional features to the operator of a website based on WordPress. Jetpack allows the website operator, inter alia, an overview of the visitors of the site. By displaying related posts and publications or the ability to share content on the page, it is also possible to increase visitor numbers. Furthermore, security features are integrated into Jetpack, so it provides a better protection against brute-force attacks. Jetpack also optimizes and accelerates the loading of images on the website.
The operating company of the Jetpack plugin for WordPress is Automattic Inc., 132 Hawthorne Street, San Francisco, CA 94107, USA. The operating company uses the tracking technology created by Quantcast Inc., 201 Third Street, San Francisco, CA 94103, USA.
Jetpack sets a cookie on the information technology system of the data subject. What cookies are has already been explained above. With each call-up to one of the individual pages of this website, which is operated by the controller and on which a Jetpack component was integrated, the internet browser on the information technology system of the data subject is automatically prompted to submit data for analysis purposes to Automattic through the Jetpack component. During the course of this technical procedure, Automattic is provided with data that serves to create an overview of website visits. The obtained data are used to analyze the behavior of the data subject who accessed the controller’s website and is analyzed with the aim of optimizing the website. The data collected through the Jetpack component will not be used to identify the data subject without first obtaining a separate express consent of the data subject. The data also comes to the knowledge of Quantcast. Quantcast uses the data for the same purposes as Automattic.
The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the internet browser used would also prevent Automattic/Quantcast from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Automattic may be deleted at any time via a web browser or other software programs.
In addition, the data subject has the possibility of objecting to a collection of data generated by the Jetpack cookie, related to the use of this website, as well as the processing of these data by Automattic/Quantcast and the chance to preclude any such. To do this, the data subject must press the opt-out button under the link https://www.quantcast.com/opt-out/ which sets an opt-out cookie. The opt-out cookie set with this purpose is placed on the information technology system used by the data subject. If the cookies are deleted on the system of the data subject after an objection, the data subject must reinstall the opt-out cookie to prevent the collection of data by Automattic/Quantcast. The opt-out cookie is set with the intention of being used to preclude data collection.
However, with the setting of the opt-out cookies, it is possible that the websites of the controller may not be fully usable anymore.
The applicable data protection provisions of Automattic may be accessed under https://automattic.com/privacy/. The applicable data protection provisions of Quantcast may be accessed under https://www.quantcast.com/privacy/.
18) DATA PROTECTION DECLARATION FOR THE USE OF ZAPIER
We use the automation software Zapier for our website. The provider is the American company Zapier Inc., 548 Market Street 6241, San Francisco, CA
Zapier processes your data, including in the United States. Zapier is an active participant in the EU-US Data Privacy Framework, which regulates the proper and secure transfer of personal data from EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
Furthermore, Zapier also uses so-called Standard Contractual Clauses (SCCs) (= Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses are model agreements of the European Commission and are intended to ensure that your data also meets European data protection standards when transferred and stored in third countries (e.g., the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Zapier undertakes to comply with the European data protection level when processing your relevant data, even if the data is stored in the United States. You can find the EU Commission’s implementing decision and the Standard Contractual Clauses at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.
19) Privacy Policy of Calendly
For our website, we use Calendly, a planning and scheduling tool. The provider is the American company Calendly LLC, located at 271 17th St NW, Ste 1000, Atlanta, Georgia, 30363, USA.
Calendly processes data, including in the United States. We would like to inform you that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks regarding the legality and security of data processing. To establish the basis for data processing with recipients in third countries (outside the European Union, Iceland, Liechtenstein, Norway, particularly the USA) or data transfers to such countries, Calendly uses Standard Contractual Clauses (SCCs) approved by the EU Commission (= Art. 46 para. 2 and 3 GDPR). These clauses commit Calendly to comply with EU data protection standards when processing relevant data outside the EU. The EU Commission’s implementing decision and the Standard Contractual Clauses can be found here: More information on the data processed by Calendly can be found in the privacy policy at https://calendly.com/privacy.
For further information on the data processed by Calendly, please refer to the privacy policy at https://calendly.com/privacy.
20) LEGAL BASIS FOR PROCESSING
Article 6(1)(a) GDPR serves as the legal basis for our company’s processing operations where we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations necessary for the supply of goods or the provision of any other service or consideration, the processing is based on Article 6(1)(b) GDPR. The same applies to such processing operations that are necessary for carrying out pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Article 6(1)(c) GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and their name, age, health insurance data, or other vital information had to be passed on to a doctor, hospital, or other third parties. Then the processing would be based on Article 6(1)(d) GDPR. Finally, processing operations could be based on Article 6(1)(f) GDPR. This legal basis is used for processing operations that are not covered by any of the aforementioned legal grounds if the processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).
20.1. LEGITIMATE INTERESTS IN THE PROCESSING THAT ARE PURSUED BY THE CONTROLLER OR A THIRD PARTY
Where the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is to carry out our business in favor of the well-being of all our employees and shareholders.
20.2. DURATION FOR WHICH THE PERSONAL DATA WILL BE STORED
The criterion used to determine the duration of the storage of personal data is the respective statutory retention period. After the expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.
21) LEGAL OR CONTRACTUAL REQUIREMENTS FOR PROVIDING PERSONAL DATA; NECESSITY FOR CONTRACT CONCLUSION; OBLIGATION OF THE DATA SUBJECT TO PROVIDE PERSONAL DATA; POSSIBLE CONSEQUENCES OF FAILURE TO PROVIDE
We inform you that the provision of personal data is partly required by law (e.g., tax regulations) or can also result from contractual provisions (e.g., information about the contractual partner). In some cases, it may be necessary for a data subject to provide us with personal data for the conclusion of a contract, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company enters into a contract with them. The non-provision of personal data would result in the contract with the data subject not being concluded. Before providing personal data by the data subject, the data subject must contact our data protection officer. Our data protection coordinator will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and the consequences of not providing the personal data.
EXISTENCE OF AUTOMATED DECISION-MAKING
As a responsible company, we do not use automated decision-making or profiling.
Status: March 2018 / Revision February 2024
Copyright © 2024 | apsa personnel concepts gmbh | Imprint | Privacy Policy