We are delighted that you have shown interest in our enterprise. Data Protection is of particular significance to the management of Wietmarscher Ambulanz- und Sonderfahrzeug GmbH. It is generally possible to use the website of Wietmarscher Ambulanz- und Sonderfahrzeug GmbH without disclosing Personal Data. However, where any Data Subject wishes to make use of particular services offered by our enterprise via our website, the processing of Personal Data may become necessary. Where the processing of Personal Data is necessary, and there is otherwise no lawful basis for the processing of such Personal Data, we will generally obtain the consent of the Data Subject.
The processing of Personal Data, such as the name, address, e-mail address or telephone number of a Data Subject always takes place in accordance with the General Data Protection Regulations and the country-specific provisions applicable to Wietmarscher Ambulanz- und Sonderfahrzeug GmbH. Through this Data Protection Notice, our enterprise aims to notify the public of the manner, scope and purpose of the Personal Data that we collect, use, and process. Moreover, Data Subjects will be informed of their rights as a result of this Data Protection Notice.
As a Data Controller, Wietmarscher Ambulanz- und Sonderfahrzeug GmbH has implemented a number of technical and organisational measures for the processing of Personal Data to ensure that the data processed via this website is protected in as comprehensive a manner as possible. Nevertheless, the transmission of data over the internet may suffer from inherent security weaknesses, such that absolute protection cannot be guaranteed. For this reason, every Data Subject has the option of transmitting Personal Data to us via an alternative method, such as a telephone call.
1. Key Definitions
The Data Protection Notice of Wietmarscher Ambulanz- und Sonderfahrzeug GmbH is based on the terminology used in Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (GDPR). Our Data Protection Notice should be highly readable and easily understandable for the general public as well as our customers and business partners, and to ensure this, we would like to clarify the terminology used in the Notice.
In this Data Protection Notice we will non-exclusively use the following terms:
a) Personal Data
Personal Data is all information which relates to an identified or identifiable natural person (hereafter a “Data Subject.”) A natural person is considered to be identifiable when that person can be identified, directly or indirectly, by being linked to identifying information such as a name, reference number, location data, an online identity or multiple specific characteristics that express the physical, physiological, genetic, mental, economic or social identity of such natural person.
b) Data Subject
A Data Subject is any identified or identifiable natural person whose Personal Data is processed by the Data Controller.
Processing is any process, whether undertaken with or without the support of process automation, or any series of processes undertaken in conjunction with Personal Data including the collection, organisation, storage, adaptation or amendment, reading, querying, transmission, distribution or dissemination, matching or linking, restriction, deletion or destruction of such Personal Data.
d) Restriction on processing
Restriction on processing involves marking stored Personal Data with a view to restricting its processing in future.
Profiling is any form of process automation in respect of the processing of Personal Data such that the Personal Data is used to assess specific personal aspects relating to a natural person, including without limitation, to analyse or predict aspects relating to the work performance, economic status, health, personal preferences, interests, reliability, trustworthiness or behaviour, residence or movement of such natural person.
Pseudonymisation is the processing of Personal Data in such a way that the Personal Data can no longer be related to a specific Data Subject without the application of supplementary information, provided that such additional information is stored separately and is subject to technical and organisational measures to ensure that the Personal Data can no longer be related to an identified or identifiable natural person.
g) Data Controller
The Data Controller is the natural or legal person, public authority, or other organisation which, individually or jointly with others is entitled to decide on the purposes and methods of the processing of Personal Data. If the purposes and methods of such processing are prescribed by the laws of the European Union or the national laws of the Member States, the identity of the Data Controller or the specific criteria for the appointment of the Data Controller may be specified under the laws of the European Union or the Member States.
h) Data Processor
A Data Processor is a natural or legal person, public authority, or other organisation which processes the Personal Data on behalf of the Data Controller.
A Recipient is any natural or legal person, public authority or other organisation to which Personal Data is disclosed, irrespective of whether such Recipient is a Third Party. Public authorities that may receive Personal Data as part of a particular duty of inquiry under the laws of the European Union or the Member States shall not, however, be deemed to be Recipients.
j) Third Party
A Third Party is natural or legal person, public authority or other organisation (other than the Data Subject, the Data Controller, the Data Processor and those persons under the direct authority of the of the Data Controller or the Data Processors who are entitled to process the Personal Data.
Consent is any informed and unambiguous statement of intent given in the form of a declaration or other unequivocal, confirmatory act, in respect of each specific case by which a Data Subject indicates that he or she is in agreement with the processing of the relevant Personal Data.
2. Name and address of the Data Controller
The Data Controller, within the meaning of the General Data Protection Regulation and other applicable data protection laws in the Member States of the European Union and other provisions of a character related to data protection laws is:
Wietmarscher Ambulanz- und Sonderfahrzeug GmbH
Lingener Straße 1
Tel.: +49 (0)5925991100
3. Name and address of the Data Protection Officer
The Data Controller’s Data Protection Officer is:
Wietmarscher Ambulanz- und Sonderfahrzeug GmbH
Lingener Straße 1
Tel.: +49 (0)5925991390
Any Data Subject may at any time contact our Data Protection Officer directly in respect of any data protection comments or questions.
5. Collection of general data and information
The website of Wietmarscher Ambulanz- und Sonderfahrzeug GmbH collects a range of data and information each time the webpage is accessed by a Data Subject or an automated system. This general data and information is stored in the server log file. Data that may be collected includes (1) the type and version of the browser used; (2) the operating system in use on the system used to access the webpage; (3) the webpage which referred an accessing system to our webpage (a “Referrer”); (4) the pages from which an accessing system is directed to our website; (5) the date and time when the website was accessed; (6) an Internet Protocol address (IP address; (7) the Internet Service Provider of the accessing system; and (8) miscellaneous, similar data and information which are used to mitigate risks in the event of attacks on our IT systems.
When using this general data and information, Wietmarscher Ambulanz- und Sonderfahrzeug GmbH does not draw any conclusions related to the Data Subject. Rather, this information is required to (1) correctly deliver the content of our website; (2) optimise the content of our website and advertising for the site; (3) ensure the ongoing functionality of our IT systems and the technology supporting our website; and (4) to disclose information required for criminal prosecution in the event of a cyber-attack to the criminal authorities. Accordingly, this anonymously gathered data and information is used by Wietmarscher Ambulanz- und Sonderfahrzeug GmbH firstly for statistical purposes, and secondly with the goal of enhancing the standards of data protection and data security within our enterprise and ultimately to deliver optimal standards of protection for the Personal Data that we process. The anonymous data contained within the server log flies is separated and stored separately from all Personal Data provided by Data Subjects.
6. Contact options via the website
Due to legal requirements, the webpage of Wietmarscher Ambulanz- und Sonderfahrzeug GmbH contains details that enable users to rapidly make contact with our enterprise electronically and to communicate with us directly. These options include electronic mail in the form of an e-mail address. Where a Data Subject makes contact with the Data Controller via e-mail or using a contact form, the Personal Data provided by the Data Subject is stored automatically. Such Personal Data that is voluntarily disclosed by a Data Subject to the Data Controller is used for the purposes of processing or recording the contact made with the data Subject. This Personal Data is not disclosed to Third Parties.
7. Routine deletion and blocking of Personal Data
The Data Controller processes and stores the Data Subject’s Personal Data only for the period that is necessary to fulfil the purpose for which the Personal Data was stored or otherwise to the extent provided in the regulation issued by the European Regulators and Legislators or another legislative body in laws or regulations to which the Data Controller is subject.
Where the purpose of such storage no longer applies or upon expiry of the retention period specified by the European regulator or legislators or other responsible legislative body, the Personal Data is routinely deleted or made in accessible in accordance with the applicable laws and regulations.
8. Rights of the Data Subject
a) Right to be informed
Each Data Subject has the right under the European Regulations to request confirmation from the Data Controller as to whether the Data Controller processes any Personal Data that is relevant to the Data Subject. Data Subjects who wish to exercise this right to be informed may contact an employee of the Data Controller at any time.
b) Right of access
Every Data Subject has a right under the European Regulations to receive, free-of-charge, details of Personal Data held by the Data Controller and to receive a copy of such Personal Data. Moreover, the European Regulations and the Supervisory Authority guarantee that the following information is available to the Data Subject:
Moreover, the Data Subject has the right to be notified whether the Personal Data is to be transmitted to a third country or an international organisation. Where this is the case, the Data Subject shall have the additional right to be notified of the appropriate guarantees undertaken in conjunction with such data transfer.
Data Subjects who wish to exercise this right to be informed may contact an employee of the Data Controller at any time.
c) Right to rectification
Every Data Subject has a right, guaranteed by the European Regulations and the Supervisory Authority, for any inaccurate Personal Data concerning the Data Subject to be rectified without delay. Moreover, the Data Subject has the right, in view of the purposes of the processing, to request the completion of any incomplete Personal Data – including by way of an explanatory declaration.
Data Subjects who wish to exercise this right to rectification, they may contact an employee of the Data Controller at any time.
d) Right to erasure (right to be forgotten)
Under the European Regulations, every Data Subject has a right, guaranteed by the Supervisory Authority, to request that Personal Data concerning that Data Subject be deleted without delay, provided that one of the following reasons applies and to the extent that the processing is not necessary:
Provided that one of the named reasons given above applies, if a Data Subject wishes to effect the deletion of Personal Data held by Wietmarscher Ambulanz- und Sonderfahrzeug GmbH, that Data Subject can approach an employee of the Data Controller at any time. The employee of Wietmarscher Ambulanz- und Sonderfahrzeug GmbH will cause the deletion request to be fulfilled without delay.
If the Personal Data was made public by Wietmarscher Ambulanz- und Sonderfahrzeug GmbH and our business is obliged to delete the Personal Data, as the publisher in accordance with Art. 17 Para.
1 GDPR, Wietmarscher Ambulanz- und Sonderfahrzeug GmbH shall, having regard to the available technology and implementation costs incurred, use reasonable endeavours to take appropriate steps to notify third party Data Processors who process the Personal Data that the Data Subject has requested the deletion of all links to such Personal Data (or copies thereof), provided that such processing is not covered by the lawful ground of necessity. The employee of Wietmarscher Ambulanz- und Sonderfahrzeug GmbH may personally undertake the necessary steps in exceptional cases.
e) Right to restrict processing
Every Data Subject has the right, under the European Regulations and guaranteed by the Supervisory Authority, to request a restriction of processing by the Data Controller, where any of the following requirements is present:
Where any of the requirements set out above is present, and a Data Subject wishes to request the restriction of Personal Data held by Wietmarscher Ambulanz- und Sonderfahrzeug GmbH, the Data Subject may approach an employee of the Data Controller at any time. The employee of Wietmarscher Ambulanz- und Sonderfahrzeug GmbH will effect the restriction of the processing.
f) Right to data portability
All Data Subjects have the right, granted by the European Regulations and guaranteed by the Supervisory Authority to receive a copy of the Personal Data provided by the Data Subject to a Data Controller in a structured, commonplace, machine-readable format. Moreover, they are entitled to transmit such data to another Data Controller without hindrance by the Data Controller to whom the Personal Data was originally provided, subject to the processing being based on the lawful basis of consent in accordance with Art. 6 Para. 1 (a) GDPR or Art. 9 Para. 2 (a) GDPR or contractual grounds under Art. 6 Para. 1 (b) GDPR and the processing is undertaken by the use of automated processing, provided that the Personal Data is not required to perform a task that is in the public interest or undertaken in the exercise of a public authority delegated to the Data Controller.
Moreover, in exercising their rights to data portability, Data Subjects are entitled, under Art. 20 Para. 1 GDPR, to require one Data Controller to transmit the Personal Data directly to another Data Controller, provided that such transmission is technically feasible and provided that this does not affect the rights and freedoms of any other person.
Data Subjects may assert this right to data portability by contacting an employee of Wietmarscher Ambulanz- und Sonderfahrzeug GmbH at any time.
g) Right to object
All Data Subjects are entitled, under the European Regulations, as enforced by the Supervisory Authority, to assert their objection to the processing of their Personal Data on the grounds set out at Art. 6 Para. 1 (e) or (f) at any time for reasons related to their particular personal situation. This also applies to profiling that is based on these provisions.
In the event that the Data Subject objects, Wietmarscher Ambulanz- und Sonderfahrzeug GmbH will cease processing the Personal Data unless we can demonstrate compelling, legitimate grounds for the processing that take precedence over the interests, rights and freedoms of the Data Subject, or where the processing is for the purposes of asserting, exercising or defending legal claims.
Where Wietmarscher Ambulanz- und Sonderfahrzeug GmbH processes Personal Data for the purposes of direct marketing, the Data Subject is entitled to object to the processing of Personal Data for such purposes. This also applies to profiling to the extent that the profiling is undertaken in conjunction with such purposes. Where the Data Subject objects to the processing of Personal Data by Wietmarscher Ambulanz- und Sonderfahrzeug GmbH for the purposes of direct marketing, Wietmarscher Ambulanz- und Sonderfahrzeug GmbH will cease processing the Personal Data for such purposes.
Data Subjects are further entitled to object to the retention of Personal Data arising from their particular circumstances that is held by Wietmarscher Ambulanz- und Sonderfahrzeug GmbH for statistical purposes or for the purposes of scientific or historic research in accordance with Art. 89 Para. 1 GDPR unless such processing is necessary for the fulfilment of a task that is in the public interest.
Data Subjects who wish to exercise their rights to object may contact any employee of Wietmarscher Ambulanz- und Sonderfahrzeug GmbH at any time. Data Subjects are further entitled to exercise their rights of objection by using automated services of the information society and technical means, Regulation 2002/58/EC notwithstanding.
h) Specific rights in relation to automated decision making and profiling
All Data Subjects have a right under the Regulations and guaranteed by the Supervisory Authority to be subject to decisions that are based exclusively on automated processing – including profiling – where such decisions have a legally binding effect on them or otherwise impose substantial restrictions on them, provided that the decision (1) is not required for the formation or fulfilment of a contract between the Data Subject and the Data Controller; or (2) is not permissible under the applicable laws and regulations of the European Union or its Member States to which the Data Controller is subject and such laws and regulations contain appropriate measures to ensure the rights and freedoms as well as the legitimate interests of the Data Subject; or (3) is made with the express consent of the Data Subject.
If the decision is (1) necessary for the formation or fulfilment of a contract between the Data Subject and the Data Controller; or (2) is made with the express consent of the Data Subject, Wietmarscher Ambulanz- und Sonderfahrzeug GmbH will take appropriate steps to ensure the rights and freedoms, as well as the legitimate interests of the Data Subject, including as a minimum the right to require the intervention of a person on behalf of the Data Controller, the right of the Data Subject to assert his or her position on the matter at hand, and the right of the Data Subject to contest the decision.
Any Data Subject wishing to assert his or her rights in respect of automated decision making may do so by contacting an employee of the Data Controller at any time.
i) Right to withdraw consent in relation to data protection
All Data Subjects are entitled, under the European Regulations as enforced by the Supervisory Authority to withdraw their consent to the processing of Personal Data at any time.
Data subjects who wish to exercise their right to withdraw consent may contact an employee of the Data Controller at any time.
9. Data Protection in respect of job applications and in the application process
The Data Controller collects and processes the Personal Data of candidates for the purposes of following the application process. Such processing may take place electronically. This applies in particular when a candidate submits application documents to the Data Controller electronically, for example by e-mail. If the Data Controller enters into an employment contract with the candidate, the data transmitted will be stored and used to establish the employment relationship in accordance with the applicable Regulations. If the Data Controller does not enter into an employment contract with the candidate, the application documents will automatically be deleted three months from the date on which the rejection is notified, provided that such deletion is compatible with the Data Controller’s legitimate interests. A legitimate interest may, in this instance, include an obligation to provide evidence in legal proceedings under the General Equal Treatment Act (AGG).
10. Data protection provisions relating to the use of Facebook
The Data Controller has integrated components provided by Facebook, Inc. in its website. Facebook is a social network.
A social network is a social meeting point, operated via the internet; an online community that generally enables its users to communicate with each other and to interact in virtual space. A social network may be used as a platform to exchange opinions and experiences or make it possible for the online community to share personal or business-related news and information. Facebook enables users of the social network to create personal profiles, upload photos and connect to one another via friend requests.
The operator of the Facebook service is Facebook, Inc., of 1 Hacker Way, Menlo Park, CA 94025, USA. Where a Data Subject lives outside the USA or Canada, the Data Controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Each time an individual page on a website operated by the Data Controller that incorporates Facebook plugins is accessed, the internet browser on the Data Subject’s IT system is automatically caused to download a Facebook component from Facebook by the corresponding Facebook component on the website. An overview of all Facebook plugins can be accessed at developers.facebook.com/docs/plugins/. As part of this technical process, Facebook is notified as to which specific page of our website the user visited.
Each time the website is accessed by the Data Subject, Facebook will recognise which specific page of our website the Data Subject visits at any time, provided that the Data Subject remains logged in to Facebook. This information is collected by the Facebook plugin and reconciled by Facebook with the Data Subject’s specific Facebook account. If the Data Subject clicks on one of the Facebook buttons that are integrated into our website, such as the “Like” button, or if the Data Subject leaves a comment, Facebook will assign this information to the Data Subject’s personal Facebook user account and will store this Personal Data.
Via the Facebook plugin, Facebook will, therefore, always receive information whenever the Data Subject visits our site, provided that the Data Subject is logged in to Facebook while visiting our website; this takes place irrespective of whether the Data Subject clicks on the Facebook plugin. If the Data Subject does not wish to transmit such data to Facebook, this may be prevented by logging out of the Facebook account before accessing our website.
11. Data protection provisions relating to the use of Instagram
The Data Controller has integrated components provided by the Instagram service into this website. Instagram is a service that can be characterised as an audio-visual platform and which enables its users to share photographs and videos and to publish such data to other social networks.
Instagram’s services are provided by Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.
Each time a Data Subject accesses the individual pages of this website, which is operated by the Data Controller and which features integrated Instagram components (“Insta-Buttons”), the internet browser on the Data Subject’s system automatically downloads a version of the applicable Instagram components. During this technical process, Instagram is notified as to the specific page of our website that the Data Subject has visited.
In the event that the Data Subject is simultaneously logged into Instagram, Instagram will identify the Data Subject each time our website is accessed and, throughout the entire duration of the Data Subject’s visit to our website, will be notified which specific pages the Data Subject visits. This information is collected by Instagram components and assigned by Instagram to the Data Subject’s relevant Instagram account. If the Data Subject pushes one of the Instagram buttons that are integrated into our website, the data that is thereby transmitted is assigned to the Data Subject‘s personal Instagram account and is stored and processed.
Instagram therefore always receives notification from the Instagram component when a Data Subject visits our website, provided that the Data Subject is logged in to Instagram at the same time as visiting our website. This will take place whether or not the Data Subject clicks on the Instagram component. If the Data Subject does not wish to transmit this information in this way, the Data Subject may prevent such transfer by logging out of his or her Instagram account before accessing our website.
12. Data protection provisions regarding the use of Matomo (formerly Piwik)
The Data Controller has integrated the Matomo plugin (formerly Piwik) on this website. Matomo is an Open Source software tool for the purposes of web analytics. Web analytics involves the collection, consolidation and analysis of data relating to the behaviour of visitors to web pages. A web analytics tool collects data relating to topics such as the website that led the Data Subject to visit the page being analysed (a “Referrer”), which pages of a website have been accessed, and how frequently and how long a page is viewed. Web analytics are predominantly used to optimise websites and to perform a cost/benefit evaluation of internet advertising.
The software runs on the Data Controller’s server, while Sensitive Personal Information in the form of log files is exclusively stored on this server.
The purpose of the Matomo plugins is to analyse the flow of users to our website. The Data Controller uses the data and information that is generated for purposes that include the analysis of the use of the website and the preparation of online reports that depict activity on our website.
Matomo places a cookie on the Data Subject’s IT system. Cookies, and what they are, are explained above. The placement of cookies allows us to analyse the use of this website. Each time an individual page is analysed, the internet browser on the Data Subject’s IT system is automatically caused to transmit data to our server for the purposes of online analysis. As part of this technical process, we are notified of Personal Data, such as the Data Subject’s IP address, which is used by us for purposes that include identifying the visitor’s origin and the source of clicks on our website.
As already described above, Data Subjects may prevent the placement of cookies by our website at any time by way of an appropriate setting in their internet browser, and thus object to the placement of cookies on a permanent basis. Configuring a browser in this way may also prevent Matomo from placing a cookie on the Data Subject’s IT system. Moreover, a cookie that has previously been placed on a system by Matomo may be deleted by use of an internet browser or another software program.
Data Subjects additionally have the option of objecting to and preventing the recording of data generated by Matomo in conjunction with the use of this website. This requires the Data Subject to set an opt-out cookie. If the Data Subject’s IT system is subsequently formatted, reinstalled, or deleted at a later date, the Data Subject must once again set an opt-out cookie to achieve this effect.
However, the setting of an opt-out cookie may mean that the Data Controller’s website may not be accessible in its entirety by the Data Subject.
More information and the applicable Matomo data protection policy may be accessed at matomo.org/privacy/.
13. Data protection conditions for the use and application of Google Analytics
The party responsible for data processing has integrated the Google Analytics component into this website. Google Analytics is an internet analysis service from Google.
The operating company of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.
Data transmitted within the scope of Google Analytics is not combined with other data from Google. The party responsible for data processing has also activated IP anonymization for Google Analytics on our website. This hides the IP address so that all data is collected and transmitted anonymously.
The purpose of the Google Analytics component is to analyse visitor traffic to our website. The data collected by Google Analytics is also used by Google to evaluate the use of our website in order to create reports about activity on our website.
The person concerned can block cookies on our website at any time by adjusting their internet browser settings. It is also possible to delete cookies that have already been created via the internet browser or another software programme at any time.
Further information and Google's current data protection policy are available at www.google.de/intl/de/policies/privacy/ and www.google.com/analytics/terms/de.html Google Analytics are explained in more detail via this link: www.google.com/intl/de_de/analytics/
14. Data protections regarding the use of YouTube
The Data Controller has integrated YouTube components into this website. YouTube is an online video portal that enables video publishers to upload video clips free of charge, and allows other users the option of viewing, rating, and commenting on these video clips for free. YouTube allows the publication of all kinds of videos, which means that complete films and television broadcasts, as well as music videos, trailers and user-generated video content are accessible via the online portal.
YouTube is operated by YouTube, LLC, of 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Each time an individual page on a website operated by the Data Controller that incorporates a YouTube video is accessed, the relevant YouTube component automatically causes the internet browser on the Data Subject’s IT system to download a preview of the corresponding YouTube video from YouTube. More information about YouTube can be accessed at www.youtube.com/yt/about/de/. As part of this technical process, YouTube and Google are notified of the specific webpage on our website that was visited by the Data Subject.
When a page that contains a YouTube video is accessed, and provided that the Data Subject is simultaneously logged in to YouTube, YouTube will recognise which specific webpage on our website the Data Subject has visited. This information is collected by YouTube and Google and recorded against the relevant YouTube account of the Data Subject.
YouTube and Google will thus always be notified by the YouTube plugins when the Data Subject has visited our website, provided the Data Subject is logged in to YouTube while accessing our site; this takes place irrespective of whether the Data Subject clicks on a YouTube video. If the Data Subject does not wish to transmit such data to YouTube and/or Google, the Data Subject may prevent this by logging out of his or her YouTube account before accessing our website.
The data privacy provisions published by YouTube, which can be accessed at www.google.de/intl/de/policies/privacy/, provide further details relating to the collection, processing and use of Personal Data by YouTube and Google.
The party responsible for data processing has incorporated components of the LinkedIn Corporation on this website. LinkedIn is an internet-based social network that enables users to build connections with existing business contacts and create new business contacts. LinkedIn is currently the largest-scale platform for business contacts and one of the world’s most visited websites.
Whenever our website is visited, the LinkedIn-components with which it is provided cause the browser used by the person in concern to download a corresponding display of the LinkedIn components. Further information on the LinkedIn PlugIns can be found under developer.linkedin.com/plugins. This technical procedure gives LinkedIn knowledge of which specific subpage of our website is visited by the person concerned.
Every time our website is accessed and if the person concerned is logged in to LinkedIn at the same time, LinkedIn recognises which specific subpage is visited by the person in concern. This information is assigned to the person’s LinkedIn account through the components used by LinkedIn. When the LinkedIn buttons on our website are activated, LinkedIn assigns this information to the personal LinkedIn account and subsequently saves these personal data.
Via the Linked-In components, LinkedIn always receives notification that the person concerned has visited our website if this person is logged in to LinkedIn at the same time. This happens regardless of whether the person concerned has clicked on the LinkedIn components or not. Transfer of this information can be hindered as a result of the person concerned logging out of their LinkedIn account before visiting our website.
The data controller has integrated components of XING SE on this website. XING is an online social network, which allows the user to be connected with pre-existing business contacts and to make new contacts. Kununu is also one of these XING components. Kununu is an online portal for evaluating employers.
The operating company is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.
When you access our website, which is equipped with XING components, these components cause the browser used by the data subject to download a corresponding representation of the XING components. You can find more information on XING plugins at dev.xing.com/plugins. Through this technical process, XING gains knowledge of which specific subpage of our website is visited by the data subject.
With each visit of our website, if the data subject is logged in to XING at the same time, XING recognises which specific subpage is visited by the data subject. This information is assigned to the XING account of the data subject via the components used by XING. By pressing the XING button on our website, XING assigns this information to the personal XING account and stores these personal data.
Through XING components, XING receives information each time that the data subject, if logged in to XING at that time, has visited our website. This happens regardless of whether or not the data subject has clicked on the XING components. The transmission of this information can be prevented by the data subject logging out of their XING account before visiting our web pages.
The privacy policies published by XING can be found at www.xing.com/privacy. These provide information on the collection, processing and use of personal data by XING. Data protection information for the XING share button has been published by XING at www.xing.com/app/share;
17. Legal basis of processing
Art. 6 I (a) GDPR is used by our business as the legal basis of our data processing activities where we obtain consent for a specific processing purpose. If the processing is necessary to fulfil a contract where one party is the Data Subject, as is the case for processing operations required for the delivery of goods or the provision of other services or consideration, Art. 6 I (b) GDPR applies. The same applies in respect of processing activities that are necessary for the implementation of pre-contractual measures, for instance in the case of enquiries relating to our products or services. If our business is subject to a legal obligation as a result of which the processing of Personal Data is required, for instance in respect of fiscal obligations, the legal basis is derived from Art. 6 I (c) GDPR. In exceptional cases, the processing of Personal Data may become necessary to protect the vital interests of the Data Subject or another person. This could, for example, be the case if a visitor is injured at our premises, as a result of which we would be required to disclose the visitor’s name, age, health insurance details or other vital information to a doctor, hospital, or other third party. In that instance, the lawful basis of the processing would be derived from Art. 6 I (d) GDPR. Finally, data processing may be based on Art. 6 I (f) GDPR. This forms the lawful basis for the processing of Personal Data which is not collected due to any of the previously mentioned lawful bases, in the event that such processing is necessary to secure a legitimate interest of our enterprise or any third party, and provided that the interests and fundamental rights and freedoms of the Data Subject do not take precedence. Such processing is permitted, without limitation, because it has been specifically mentioned in European legislation. As such, it is consistent with the finding that a legitimate interest is presumed to exist where the Data Subject is a customer of the Data Processor (Recital 47 Para. 2 GDPR).
18. Legitimate interests in the processing that may be pursued by the Data Controller or a third party
Where Personal Data is processed on the basis of Article 6 I (f) GDPR, our legitimate interest is the performance of our business activities to the benefit of our employees and shareholders.
19. Duration for which the Personal Data may be stored
The criterion for the duration of storage of Personal Data is the applicable legally specified storage period. Upon expiry of such period, the relevant data will routinely be deleted, provided that it is not required to fulfil or initiate a contract.
20. Legal or contractual requirements to provide Personal Data; requirement for contract formation; obligation of Data Subject to provide the Personal Data; possible consequences of failure to provide Personal Data
Your attention is drawn to the fact that the provision of Personal Data may, under certain circumstances, be legally mandated (e.g., tax regulations) or may be a contractual requirement (e.g., to establish the identity of a contractual counterparty). Moreover, a Data Subject may be required to provide us with Personal Data, which we may subsequently be required to process, in order to enter into a contract with us. The Data Subject may, for example, be required to provide us with Personal Data when entering into a contract with us. Failure to provide the Personal Data may prevent the contract from being formed. Before providing Personal Data to us, the Data Subject must contact one of our employees, who will clarify for the Data Subject, on the basis of the individual case, whether the provision of the Personal Data is legally or contractually mandated, whether there is any obligation to provide the Personal Data, and what the consequences of failure to provide the Personal Data would be.
21. Existence of an automated decision making process
As a responsible enterprise, we explicitly do not make use of automated decision making processes or profiling.