We strongly value privacy. The collection and use of your personal information is strictly regulated by data regulation laws, especially the General Data Protection Regulation (GDPR).
We use personal information (henceforth mostly referred to as „information“) only when necessary, as well as to provide a functional and user-friendly website, including its contents and the services offered through it.
According to article 4 (2) of (EU) 2016/679, the General Data Protection Regulation (henceforth referred to as „EU GDPR“), processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
With the following privacy statement, we wish to inform you about the methods, the extent, the purpose, the duration and the legal basis of how personal information is processed, and how we, either alone or in cooperation with third parties, decide the purposes and means involved when processing personal information.
Our privacy statement is structured as follows:
1. Name and address of the controller
2. Name and address of the data protection supervisor
3. General purpose of processing information
4. Which data do we use, and why
5. Storage period
6. Your rights as a person affected by information processing
7. Data safety
8. Transfer of data to third parties, no transfer of data into non-EU countries
1. Name and address of the controller
The controller according to article 4 (7), EU GDPR is:
A2 Doku GmbH
If you wish to object to the gathering, processing or use according to the data protection regulations mentioned above, you can directly contact the controller.
This privacy statement can be saved and printed out at any time.
2. Name and address of the data protection supervisor
The data protection supervisor of the controller is:
Betacon Service Plus UG (haftungsbeschränkt)
3. General purpose of processing personal information
We use personal information in order to operate our website.
4. What data do we use, and why
Our hosting services are used to provide the following services: infrastructure and platform services, processing capacity, storage space and database services, security services and technical maintenance services, all of which are used to operate our website.
We, or rather our hosting provider, processes stock data, contact data, content data, usage data, meta and communication data of customers, interested parties and visitors according to article 6 (1) f) of the EU GDPR in conjunction with article 28 of the EU GDPR.
4.2. Access data
We collect personal information about you when you use this website. We automatically gather information about your user behaviour and your interactions with our website, and register information about your personal computer or mobile device. Every time you access our website, we collect, save and use data (so called server logfiles). The data in question includes:
- Name and URL of the accessed file
- Date and time of the access
- Amount of data transfered
- Notification of successful access (HTTP response code)
- Browser type and browser version
- Operating system
- Referrer URL (viz. the website visited prior)
- Websites that are accessed by the user via our website
- Internet service provider of the user
- IP address and the requesting provider
We use this access data without aligning it to your person and do not use it for any form of profiling for statistical purposes. We use it to operate, secure and optimise our website, anonymously determine the number of visits our website receives (traffic), how our website and services are used, for billing purposes and to determine the number of clicks received from our partners.
Based on this information we can offer personalised and location based content and analyse the data traffic, find errors and fix them, and improve our services.
Herein lies our legitimate interest in accordance with article 6 (1) f) of the EU GDPR.
We reserve the right to survey the data retrospectively if there are concrete clues suggesting illegal activities. IP addresses are saved to the log files for a limited amount of time, if it is deemed necessary for safety measures, service provision or the billing of a service, e. g. if you use one of your services. If the process is cancelled or after payment is received, we will delete the IP address unless it is still necessary for security purposes. We also save IP addresses in case of suspected criminal activity related to the use of our website. We also save the date of your last visit as part of your account (e. g. when the account is registered, login, links followed).
4.3. Data to fulfil our contractual duties
We process personal information that is needed to fulfil our contractual duties, such as name, address, e-mail address, ordered services, invoice and payment data. The collection of this data is required for the conclusion of contract.
We will delete the data upon successful contract processing but must observe the retention period set by tax and commercial law.
The legal basis for the processing of this data is article 6 (1) b) of the EU GDPR, as this data is required for us to fulfil our contractual duties to you.
4.4. Contact via e-mail
When you contact us (e. g. via contact form or e-mail), we will process your information in order to process your enquiry or to be able to answer questions.
If data is processed to perform pre-contractual measures that are a result of your enquiry or, if you are already one of our clients in order to perform the contract, the legal basis for this processing is article 6 (1) b) of the EU GDPR.
We process further personal information only when you consent to it, as stated in article 6 (1) a) of the EU GDPR, or if there is legitimate interest to processing your data according to art 6 (1) f) of the EU GDPR. An example of legitimate interest would be answering an e-mail you sent us.
4.5. Online job applications / publishing of job advertisements
We offer you the option to apply for a job via our website. For digital job applications, your personal information and application information will be electronically gathered and processed in order to carry out the application process.
The legal basis for this processing is section 26 (1) of the BDSG ( Bundesdatenschutzgesetz) in conjunction with article 88 (1) of the EU GDPR.
Should the application process result in the conclusion of an employment contract, we will store the data you submitted during the application in your personal file for the usual organisation and administration purposes – obviously while considering any further legal obligations.
The legal basis for this processing is again section 26 (1) of the BDSG ( Bundesdatenschutzgesetz) in conjunction with article 88 (1) of the EU GDPR.
Should we reject an application, we will automatically delete the submitted information two months after the applicant was informed about the rejection. The data will not be deleted if legal regulations, e. g. burden of proof according to GETA, require a prolonged storing of up to four months or until any court procedures are concluded.
The legal basis for this process is article 6 (1) f) of the EU GDPR and section 24 (1) (2) of the BDSG (Bundesdatenschutzgesetz). Our legitimate interest lies in legal defence and law enforcement.
Should you explicitly agree to a prolonged storage of your data, e. g. for an applicant’s database, the data will be processed further, based on your consent. Legal basis is article 6 (1) a) of the EU GDPR. According to art 7 abs 3 GDPR, you may revoke your consent at any given time with effect for the future.
The controller has integrated components from Xing into their website. Xing is an internet-based social network which makes it possible to connect with business partners you already work with or establish new business relationships. Users can create a personal profile on Xing. Companies, for example, can create a company profile or publish job openings on Xing.
Xing’s operating company is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.
By navigating to one of the pages of this website that is operated by the controller and has a Xing component integrated, the respective Xing component will prompt the web browser of the user to download a copy of the respective Xing component from Xing. Additional information regarding Xing plugins can be found online: https://dev.xing.com/plugins. During this technical process, Xing receives information about which specific page of our website was visited by the user.
If the user is logged into Xing while navigating our website, Xing receives information about which specific page of our website is viewed by the user. This data is collected by the Xing-component and Xing will align it with the user’s Xing account. Should the user use one of the Xing buttons integrated into our website, e. g. the „Share“ button, Xing will align this information with the user’s account and save this personal information.
Xing receives information about the user visiting our website when the user is logged into their Xing account while they navigate our website. This happens regardless of whether the user clicks a Xing component or not. If the user does not wish for data to be submitted to Xing this way, they may prevent it by logging out of their Xing account before visiting our website.
Xing’s privacy policies, which can be viewed at https://www.xing.com/privacy, include additional information about collection, processing and use of personal information by Xing. Xing has also published data protection information regarding the XING share button, which can be found at https://www.xing.com/app/share?op=data_protection .
5. Storage period
Unless specified otherwise, we store personal information until it no longer serves its intended purpose. In some cases, legislation requires storage of personal information, e. g. in tax or commercial law. In such cases, we store the data only for legal purposes and will not process it until the statutory storage obligations have expired - then we will delete the data.
6. Your rights as a person affected by data processing
According to applicable law, you have several rights regarding your personal information. If you wish to assert your rights, send an enquiry per mail or e-mail, where you clearly identify yourself, to the address stated in chapter 1.
Below, you find an overview of your rights.
6.1. Right of confirmation and information
You have the right to receive clearly structured information about how your personal information is processed.
1. The purpose of the processing
2. The categories of personal information that are processed
3. The recipient or categories of recipients who received personal information, or will receive personal information – especially recipients in third countries or international organisations
4. Planned duration for how long the data will be stored – if that is not possible, the criteria for how the duration is determined
5. Insistence on the right to correct or delete your personal information, restrict the processing or right of objection against processing.
6. Insistence on the right of appeal at a regulatory authority
7. If the personal information was not gathered from you directly, all details about the source of the information
8 If any automatic decision making, including profiling according to article 22 (1) and (4) of the EU GDPR, is involved. If that is the case, conclusive information about the logic involved as well as the scope and the desired results of such processing and how it affects you personally.
If personal information is transferred to a third country or an international organisation, you have the right to be informed about suitable guarantees regarding the transfer, according to article 46 of the EU GDPR.
6.2. Right of correction
You have the right to demand the correction or possibly completion of your personal information.
You have the right to immediately demand the correction of any incorrect personal information related to you. You have the right to demand the completion of incomplete personal information using a supplementary statement.
6.3. Right of deletion (“right to be forgotten”)
In some instances, we are obliged to delete your personal information.
According to article 17 (1) of the EU GDPR, you have the right to demand immediate deletion of your personal information and we are obliged to immediately delete personal information for one of the following reasons:
1. The personal information has served the purpose for which it was gathered or processed, and is no longer needed.
2. You revoke your consent to process your data according to article 6 (1) a) of the EU GDPR or article 9 (2) a) of the EU GDPR and there is no other legal basis for processing.
3. You appeal to the processing according to article 21 (2) of the EU GDPR and there are no urgent, justified reasons for the processing, or you appeal to the processing according to article 21 (2) of the EU GDPR.
4. The personal information was processed illegally.
5. The deletion of personal information is necessary to comply with EU laws or laws of member states, which we are subject to.
6. The personal information was gathered in relation to services offered by the information society according to article 8 (1) of the EU GDPR.
In case that we have released personal information to the public and are obliged to delete it according to article 17 (1) of the EU GDPR, we will take appropriate measures, with regards to the technology available and the costs of implementation, to inform the parties responsible for the processing of the personal information that you demanded the deletion of all links directing to the personal information, or of all copies or replicas of the personal information.
6.4. Right of restricting the processing
In some cases, you can demand the restriction of the processing of your personal information.
You have the right to demand a restriction of the processing for one of the following reasons:
1. You challenge the correctness of the personal information for an amount of time, that is sufficient for us to check the correctness of the personal information
2. The processing was illegal and instead of demanding deletion of the data, you demanded that use of the personal information is to be restricted,
3. We do no longer need the personal information for processing purposes but you need them to assert, exercise or defend legal claims
4. You appealed the processing according to article 21 (1) of the EU GDPR, and it is not yet determined if our legitimate reasons outweigh yours.
6.5. Right of data transfer
You have the right to receive, transfer or have us transfer your personal information in machine-readable form.
You have the right to receive your personal information that you submitted to us in a structured, common machine-readable format, and to submit this data to another controller without any obstruction by us, if
1. The processing is based on consent according to article 6 (1) a) of the EU GDPR or article 9 (2) a) of the EU GDPR or on a contract according to art 6 (1) b) of the EU GDPR and
2. The processing is done via automated processes
When you exercise your right of data transfer according to (1), you have the right insist that, if technically feasible, we directly transfer the data to a different controller.
6.6. Right of appeal
You have the right to appeal any lawful processing of your personal information if this can be justified by special circumstances that outweigh our interest in processing the data.
At any given time, you may appeal the processing of your personal information according to article 6 (1) e) or f) of the EU GDRP for reasons that arise from personal, special circumstances. We will no longer process the personal information unless we can determine pressing reasons that outweigh your interests, rights and freedoms, or if the processing is used to assert, exercise or defend legal claims.
Should we process personal information for the purpose of direct advertising, you have the right to appeal the processing of your personal information used for this purpose. This is also true for profiling, as long as it is associated with direct advertising.
For reasons that arise from personal, special circumstances, you may appeal the processing of your personal information for scientific or historical research goals or statistical purposes according to art 89 (1) of the EU GDPR, unless the processing is needed to complete a task that is of interest to the general public.
6.7. Automated decisions, including profiling
You have the right to not be subject to fully automated decisions – including profiling – that would have legal effects against you or would severely impact you in a negative way.
No automated decision making is done based on the collected personal information.
6.8. Right to revoke your declaration of consent regarding personal information
At any given time, you have the right to revoke your consent to process personal information.
6.9. Right of complaint to the authorities
You have the right to file a complaint to the authorities, especially inside the member state where you currently reside, your workplace or the place of the alleged violation, if you believe the processing of your personal information to be illegal.
7. Data safety
We take extensive measures to protect your data according to relevant data security laws and within the technical capabilities.
We transfer your personal information in encrypted form. This is true for your orders as well as the customer login. We use the SSL (Secure Socket Layer) protocol, but must point out that data transfer over the internet (e. g. communication via e-mail) may have security flaws. Completely protecting your data from access through third parties is not possible.
We use technical and organisational security measures according to article 32 of the EU GDPR, which are regularly updated in accordance with the current state-of-the-art technology.
We do not guarantee that our services are available at all times – technical problems, disruptions or outages may occur. We regularly ensure the security of the servers we are using.
Transfer of data to third parties, no data transfer into non-EU countries
Generally, your personal information will only be used within our company.
If we need to include third parties (e. g. logistics services) to fulfil the contract, they will receive only the amount of personal information necessary in order to provide the service in question.
Should we outsource parts of the data processing (“order management”), we oblige the processing party to contractually agree to use personal information only according to the requirements set by the data protection laws and to guarantee that the rights of the person in question are protected.
Aside from the case stated in this privacy statement, no data will be transferred to offices or persons outside of the EU, and there are no plans to do so in the future.