PRIVACY POLICY

 

Protecting your personal data during your visit to our website is very important to us. We protect your privacy and your private data. We collect, process and use your personal data in accordance with the content of this privacy policy and the applicable data protection regulations, in particular the General Data Protection Regulation, the German Federal Data Protection Act and the German Telecommunications Telemedia Data Protection Act.

This privacy policy governs which personal data about you we collect, process and use. We would therefore ask you to read the following declaration carefully.

1. Name and address of the controller


dataTec AG
Ferdinand-Lassalle-Str. 52
72770 Reutlingen, Germany

Phone: +49 7121 / 51 50 50
Fax: +49 7121 / 51 50 10
E-mail: info@datatec.eu
Website: www.datatec.eu
Imprint: https://www.datatec.eu/imprint

2. Name and address of the data protection officer


Ingenieurbüro Bernd Hölle GmbH
Gerhard-Kindler-Straße 3
72770 Reutlingen, Germany
Tel: +49 (0) 7121 820 17 40
E-mail: datatec@ibh-datenschutz.de

3. General information on data processing


3.1 Scope of processing of personal data
We collect and use the personal data of our users only to the extent necessary to provide a functional website and our content and services. The personal data of our users is generally collected and used only with the consent of the user. An exception applies in cases where prior consent cannot be obtained for de facto reasons and the processing of the data is permitted by law.

3.2 Legal basis for data processing
If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR, insofar as special categories of data are processed in accordance with Art. 9 (1) GDPR.

If you have consented to the storage of cookies or to allow access to information in your end device (e.g. via device fingerprinting), data processing is also carried out on the basis of Section 25 (1) TTDSG. Your consent can be revoked at any time.

If your data is required for the fulfilment of the contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 (1) lit. b GDPR. Furthermore, we process your data if this is necessary to fulfil a legal obligation on the basis of Art. 6 (1) lit. c GDPR.

Data processing may also be carried out on the basis of our legitimate interest in accordance with Art. 6 (1) lit. f GDPR. Information on the relevant legal bases in each individual case is provided in the following paragraphs of this privacy policy.

3.3 Note on data transfer to third countries
As explained in this privacy policy, we use services whose providers are partly based in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. in countries whose level of data protection does not correspond to that of the European Union. Insofar as this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we have taken appropriate precautions in accordance with Art. 44 et seq. GDPR to ensure an adequate level of data protection for any data transfers. These include the standard contractual clauses of the European Union or binding internal data protection regulations.

If a transfer to a third country is planned and there is no adequacy decision or suitable guarantees, there is the possibility and risk that authorities of the respective third country (e.g. intelligence services) may gain access to the transferred data in order to collect and analyse it, and that the exercise of your rights as a data subject is not guaranteed.

3.4 Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. Once given, you can revoke your consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

3.5 Storage duration
Unless a more specific storage period has been specified in this privacy policy, your personal data remain with us until the purpose for data processing no longer applies. If you assert a justified request for erasure or revoke your consent to data processing, your data will be erased unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be erased when these reasons no longer apply.

3.6 SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. An encrypted connection can be recognised by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

3.7 Hosting
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

We use the following hoster:
Microsoft Corporation, One Microsoft Way, 98052-6399 Redmond WA, United States of America (Microsoft Azure).

Further information on the Microsoft Azure Cloud can be found in Microsoft's privacy policy: https://www.microsoft.com/en/trust-center

4. Creation of server log files


4.1 Description and purpose of data processing
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This includes:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with data from other sources.

4.2 Legal basis for data processing
This data is collected on the basis of Art. 6 (1) lit. f GDPR in conjunction with § 25 (2) No. 2 TTDSG. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – the server log files must be recorded for this purpose.

4.3 Duration of storage
The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session ends.

5. Use of cookies


5.1 Description and purpose of data processing
Our Internet pages use so-called "cookies". Cookies are small text files and do not cause any damage to your end device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your device when you visit our website (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies are used to evaluate user behaviour or to display advertising.

5.2 Legal basis for data processing
Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, e.g. for the shopping basket function) or to optimise the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 (1) lit. f GDPR in conjunction with § 25 (2) No. 2 TTDSG, unless another legal basis is specified. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies has been requested, the cookies in question will be stored exclusively on the basis of this consent (Art. 6 (1) lit. a GDPR, § 25 (2) No. 1 TTDSG); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and can allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

5.3 Duration of storage
You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be automated.

For detailed information on the cookies used on this website and the corresponding storage periods, please refer to our cookie consent management tool from the provider, CCM19.

6. Implemented cookies


Insert link here to the consent management tool from Usersentrics for all cookies used. For an example, see the Usercentrics website.

  • ACRIS - IP targeting for sales channel, country or language
  • mollie - Payment service provider
  • Cookie Consent Manager CCM19
  • Shopware 6 (technically necessary)
  • Doofinder
  • Google Analytics 4
  • Google Tag Manager
  • Google Translate
  • Hotjar
  • Microsoft Bing Ads
  • Microsoft Dynamics CRM
  • Google Ads Conversion Tracking
  • Google Ads Remarketing
  • YouTube video
  • 1000°ePaper

7. Contact via contact form, e-mail, telephone or fax


7.1 Description and purpose of data processing
Contact forms are available on our website which can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are:

For contact form and e-mail contact:

  • Salutation
  • Title (optional)
  • First name
  • Surname
  • Company
  • E-mail address
  • Telephone number
  • Address
  • Message

The following data is also stored at the time the message is sent:

  • The IP address of the user
  • Date and time of registration

If you contact us by e-mail, telephone or fax, we will store and process your enquiry, including all resulting personal data, for the purpose of processing your request.

When you contact us, your data is not passed on to third parties. The data is used exclusively for processing the conversation.

7.2 Legal basis for data processing
This data is processed on the basis of Art. 6 (1) lit. b GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 (1) lit. f GDPR).

7.3 Duration of storage
The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, telephone or fax, this is the case at the end of the respective conversation with the user. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process in the contact form and e-mail contact is deleted at the latest after a period of three years after the last login to the customer account.

8. eCommerce and payment providers


8.1 Description and purpose of data processing
Webshop / processing of data (customer and contract data)
If you wish to place an order in our web shop (products or services such as webinars/seminars), it is necessary for the conclusion of the contract that you provide personal data that we need to process your order. Mandatory information required for the processing of contracts is marked separately, other information is provided voluntarily. We process the data you provide to handle your order. For this purpose, we may pass on your payment details to our principal bank.

You can voluntarily create a customer account which enables us to store your data for future purchases. We may also process the data you provide to inform you about other interesting products from our portfolio or to send you e-mails with technical information.

The following data is collected when the customer account is registered in the webshop:

  • Title (optional)
  • First name
  • Surname
  • E-mail address
  • Password
  • Telephone number
  • Company
  • Department details (optional)
  • Sales tax ID (optional)
  • Address
  • Country

Alternatively, you can also place an order without creating a customer account. There is then no need to set a password.

 


8.1.1 Encrypted payment transactions on this website
If there is an obligation to provide us with your payment data (e.g. account number for direct debit authorisation) after the conclusion of a chargeable contract, this data is required for payment processing.

Payment transactions via the usual means of payment (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. An encrypted connection can be recognised by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

8.1.2 Data transmission upon conclusion of a contract for online shops, retailers and dispatch of goods
If you order goods from us, we pass on your personal data to the transport company entrusted with the delivery and to the payment service provider commissioned to process the payment. Only the data required by the respective service provider to fulfil its task is disclosed.

8.1.3 Data transmission upon conclusion of a contract for services and digital content
We only transfer personal data to third parties if this is necessary in the context of contract processing, for example to the credit institution responsible for processing payments.

Further transmission of the data does not take place or takes place only if you have expressly consented to the transmission. Your data is not passed on to third parties without your express consent, for example for advertising purposes.

8.1.4 Credit checks
In the case of a purchase on account or another payment method where we make deliver before payment, we may carry out a credit check (scoring). For this purpose, we transmit the data you enter (e.g. name, address, age or bank details) to a credit agency. The probability of default is determined on the basis of this data. In the event of an excessive risk of non-payment, we may refuse the payment method in question.

8.1.5 Payment services
We integrate third-party payment services into our website. When you make a purchase from us, your payment details (e.g. name, payment amount, account details, credit card number) are processed by the payment service provider for the purpose of payment processing. The respective contractual and data protection provisions of the respective providers apply to these transactions.

PayPal
The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal").

You can find Paypal's data protection information on their processing of your personal data as the controller at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Instant bank transfer ("Sofortüberweisung")
The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter referred to as "Sofort GmbH"). With the help of the "Sofortüberweisung" procedure, we receive a payment confirmation from Sofort GmbH in real time and can immediately begin to fulfil our obligations. If you have decided in favour of the "Sofortüberweisung" payment method, you transmit the PIN and a valid TAN to Sofort GmbH, with which they can log into your online banking account.

After logging in, Sofort GmbH automatically checks your account balance and carries out the transfer to us using the TAN you have transmitted. It then immediately sends us a transaction confirmation. After logging in, your turnover, the credit limit of the overdraft facility and the existence of other accounts and their balances are also automatically checked. In addition to the PIN and the TAN, the payment data you have entered and your personal data is also transmitted to Sofort GmbH. Your personal data includes your first and last name, address, telephone number(s), e-mail address, IP address and any other data required for payment processing. The transmission of this data is necessary to establish your identity beyond doubt and to prevent attempted fraud.

For details on payment with Sofortüberweisung, please refer to the following link: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/

Mollie
The provider of this payment service is Mollie B.V., Keizersgracht 126, 1015CW Amsterdam, The Netherlands (hereinafter referred to as "Mollie"). Mollie helps us to integrate various payment methods into our website. Details can be found in Mollie's privacy policy: https://www.mollie.com/privacy.

Mastercard
The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter referred to as "Mastercard").

Details of Mastercard's data processing can be found here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf

VISA
The provider of this payment service is Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter referred to as "VISA").

Details of VISA's data processing can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung.html

8.2 Legal basis for data processing
The processing of data in the webshop is carried out to fulfil a contract with you on the basis of Art. 6 (1) lit. b GDPR. If you have given your consent in accordance with Art. 6 (1) lit. a GDPR, we pass on your e-mail address to the transport company entrusted with the delivery so that it can inform you by e-mail about the dispatch status of your order; you can revoke your consent at any time.

8.3 Duration of storage
When you create a customer account under ‘My account’, the data you provide is stored revocably. You can delete all other data, including your user account, in the customer area at any time.

We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. Your data is used to comply with legal obligations.

9. Online meeting incl. webinars via "Microsoft Teams"


9.1 Description and purpose of data processing
We use "Microsoft Teams" to hold online meetings. Online meetings can include Job interviews, customer meetings, internal communication, webinars. "Microsoft Teams" is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

If online meetings are recorded, you will be informed of this transparently in advance before the online meeting begins. A note about the current recording is displayed in the online meeting. However, as a rule, online meetings are not recorded.

If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case

Automated decision-making within the meaning of Art. 22 GDPR is not employed.

Various types of data are processed when using "Microsoft Teams". The scope of the personal data also depends on the information you provide before or during participation in an online meeting.

The following types of personal data may be processed:

  • IP address
  • Information from the participant: Display name ("Display Name"), e-mail address if applicable, profile picture (optional), preferred language.
  • Meeting metadata: Topic, date, time, meeting ID and password, telephone number, location, device and hardware information, telemetry and diagnostic data.
  • Text, audio and video data: You may have the option of using the chat function in an online meeting. In this respect, the text entries you make are processed in order to display them in the online meeting. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device is processed accordingly for the duration of the online meeting. You can switch off or mute the camera or microphone yourself at any time via the "Microsoft Teams" applications.

Your personal data is processed by the employees of dataTec AG who are involved in the organisation of the online meeting. Access to personal data is limited to the minimum necessary.

"Microsoft Teams" is a service provided by a provider from the USA. Personal data is therefore also processed by Microsoft in a third country. We have concluded a contract with the provider of "Microsoft Teams" in accordance with the so-called EU standard contractual clauses. In addition, the EU has issued an adequacy decision for the USA in accordance with Art. 45 GDPR. Microsoft is also listed in the U.S.-E.U. Privacy Framework.

As additional protective measures, we have also configured our Microsoft Teams in such a way that only data centres in the EU/EEA are used for online meetings. However, data transfer to a third country cannot be ruled out.

9.2 Legal basis for data processing
The legal basis for the processing of your personal data in the course of conducting online meetings is based on the legitimate interest in the effective implementation and visual contact with applicants, among others (Art. 6 (1) lit.f GDPR). Furthermore, the legal basis can be based on the fulfilment of a contractual relationship with you (Art. 6 (1) lit.b GDPR).

9.3 Duration of storage
We generally delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfil contractual services or to be able to check and grant or defend against warranty and guarantee claims. In the case of statutory retention obligations, deletion will only be considered after expiry of the respective retention obligation.

We have no influence on the storage period of your data that is stored by Microsoft for its own purposes.


10. Handling applicant data


10.1 Description and purpose of data processing
We offer you the opportunity to apply for jobs to us (e.g. by e-mail, post or online application form). Below we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing and use of your data is carried out in accordance with applicable data protection law and all other statutory provisions and that your data is treated in strict confidence.

If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) insofar as this is necessary for the decision on the establishment of an employment relationship. Your personal data is only passed on within our company to persons who are involved in processing your application.

10.2 Legal basis for data processing
The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 (1) lit. b GDPR (general contract initiation) and - if you have given your consent - Art. 6 (1) lit. a GDPR. Your consent can be revoked at any time.

If the application is successful, the data submitted by you is stored in our data processing systems on the basis of § 26 BDSG and Art. 6 (1) lit. b GDPR for the purpose of implementing the employment relationship.

10.3 Duration of storage
If we are unable to make you a job offer, you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application).

The data is then deleted and the physical application documents are destroyed. The storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for further storage no longer applies.

Longer storage may also take place if you have given your consent (Art. 6 (1) lit. a GDPR) or if statutory retention obligations prevent deletion.

If we do not make you a job offer, you may have the opportunity to join our applicant pool. If you are accepted, all documents and details from your application will be transferred to the applicant pool so that you can be contacted in the event of suitable vacancies. Inclusion in the applicant pool is based exclusively on your express consent (Art. 6 (1) lit. a GDPR). The granting of consent is voluntary and is not related to the current application process. The data subject may withdraw their consent at any time. In this case, the data is irrevocably deleted from the applicant pool, provided there are no legal grounds for retention.

The data from the applicant pool is irrevocably deleted no later than two years after consent has been granted.

11. Facebook and Instagram


11.1 Description and purpose of data processing
When you visit our Facebook or Instagram page, which we use to present our company or individual products from our range, certain information about you is processed. The sole controller for this processing of personal data is Meta Platforms Ireland Limited (Ireland/EU - "Meta"). Further information on the processing of personal data by Meta can be found at https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0.

Meta provides us with anonymised statistics and insights for our Facebook and Instagram pages, which help us gain insights into the types of actions people take on our site (so-called "page insights"). These page insights are created on the basis of certain information about people who have visited our site. This processing of personal data is carried out by Meta and us as joint controllers.

We cannot assign the information obtained via Page Insights to individual Facebook profiles that interact with our Facebook page. We have entered into a joint controllership agreement with Meta, which sets out the allocation of data protection obligations between us and Meta. Details on the processing of personal data for the creation of Page Insights and the agreement concluded between us and Meta can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data.

11.2 Legal basis for data processing
The legal basis for data processing by us in this regard is our legitimate interest in effective user information and communication with users in accordance with Art. 6 (1) lit. f) GDPR.

Please note that user data is also processed in the USA or other third countries in accordance with the Meta Privacy Policy. Meta only transfers user data to countries for which an adequacy decision has been issued by the European Commission in accordance with Art. 45 GDPR or on the basis of suitable guarantees in accordance with Art. 46 GDPR.

11.3 Possibility of objection and removal
Meta offers the option of objecting to certain data processing; information and opt-out options in this regard can be found at https://www.facebook.com/settings?tab=ads.

With regard to this data processing, you have the option of asserting your data subject rights (see "Your rights") against Meta. Further information on this can be found in Meta's privacy policy at https://www.facebook.com/privacy/explanation.

12. LinkedIn


12.1 Description and purpose of data processing
In principle, LinkedIn Ireland Unlimited Company (Ireland/EU - "LinkedIn") is solely responsible for the processing of personal data when you visit our LinkedIn page. Further information on the processing of personal data by LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

When you visit our LinkedIn company page, follow this page or engage with the page, LinkedIn processes personal data to provide us with statistics and insights in anonymised form. This provides us with insights into the types of actions that people take on our website (so-called page insights). For this purpose, LinkedIn processes in particular data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, e.g. whether you are a follower of our LinkedIn company page. LinkedIn does not provide us with any personal data about you through Page Insights. We only have access to the summarised page insights. It is also not possible for us to draw conclusions about individual members from the information in the Page Insights. This processing of personal data in the context of Page Insights is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest in analysing the types of actions taken on our LinkedIn company page and improving our company page based on these findings.

We have entered into an agreement with LinkedIn on processing as joint controllers, which sets out the distribution of data protection obligations between us and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum.

LinkedIn and we have agreed that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can access LinkedIn via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=en-US) online or contact LinkedIn using the contact details in the privacy policy. You can contact the Data Protection Officer at LinkedIn Ireland via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You can also contact us using the contact details provided to exercise your rights in connection with the processing of personal data in the context of Page Insights. In such a case, we will forward your enquiry to LinkedIn.

LinkedIn and we have agreed that the Irish Data Protection Commission will be the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or any other supervisory authority.

12.2 Legal basis for data processing
The legal basis for data processing by us in this regard is our legitimate interest in effective user information and communication with users in accordance with Art. 6 (1) lit. f) GDPR.

Please note that in accordance with the LinkedIn Privacy Policy, personal data is also processed by LinkedIn in the USA or other third countries. LinkedIn only transfers personal data to countries for which an adequacy decision has been issued by the European Commission in accordance with Art. 45 GDPR or on the basis of suitable guarantees in accordance with Art. 46 GDPR.

13. XING


13.1 Description and purpose of data processing
We use the social media platform of XING SE, Dammtorstraße 29-32, 20354 Hamburg, Germany. We process your data in connection with our Xing account for the purposes of communication and, if necessary, for the implementation of pre-contractual or contractual measures.

We process personal data when you contact us via our Xing account, e.g. by sending us a direct message. If you contact us via our accounts, we process the content of your message and the other personal data transmitted in the process. Please note that in addition to the data and content actively transmitted by you, we may also have access to further information about your user profile, your posts and, for example, "Like" information. Access to this information depends on the privacy settings you have made in your user account.

The data is used by us strictly for the purpose of communicating with you or processing your request.

We and Xing are jointly responsible for the data agreement. XING collects data from logged-in users and other visitors using cookies, pixels, local storage and other tracking technologies. In addition, user behaviour is determined with the help of e-mails sent by tracking which e-mails are opened when and which links from the e-mail are selected. We do not use any analysis tools on the platforms that provide us with statistical analyses of user interaction. Xing does not currently provide any agreement on joint responsibility within the meaning of Art. 26 (1) sentence 2 GDPR, which specifies which controller fulfils which data protection obligations under the GDPR.

Information about which data is processed by XING and for what purposes it is used can be found in XING's privacy policy: https://privacy.xing.com/en/privacy-policy

Information on the available personalisation and data protection setting options can be found here: https://privacy.xing.com/en/your-privacy.

You also have the option of requesting information via the XING contact: https://www.xing.com/support/contact/security/data_protection

13.2 Legal basis for data processing
The legal basis for processing is Art. 6 (1) (f) GDPR. Our overriding legitimate interest in the context of a balancing of interests lies in communicating with you and responding to your enquiries and other concerns. If we are able to do so and if we have also processed the data outside of Xing (e.g. by sending you an e-mail), we will delete the data you have actively provided when the purpose for the processing no longer applies, i.e. specifically after the contact with you has finally ended. This does not apply to data that is stored by Xing as part of our communication; we have no influence on the deletion of this data. Mandatory statutory retention periods remain unaffected.

Personal data and other information are transmitted by Xing to countries in the EU. According to Xing, data transfers to third countries only take place in compliance with the legally regulated admissibility requirements. (https://privacy.xing.com/en/privacy-policy/who-may-receive-information-about-you).

14. Rights of data subjects


If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

14.1 Right to information
The right to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details.

14.2 Right to rectification
The right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and, where applicable, the completion of incomplete personal data (Art. 16 GDPR).

14.3 Right to restriction
The right to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to have it erased and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR.

14.4 Right to erasure
The right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds listed in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued (right to erasure).

14.5 Right to information
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by the controller.

14.6 Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us to whom the personal data has been provided.

14.7 Right to object
The right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims (Art. 21 GDPR).

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

14.8 Right of revocation
You have the right to revoke your declaration of consent under data protection law at any time. The with-drawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

14.9 Right to lodge a complaint
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

Our competent supervisory authority is: The State Commissioner for Data Protection and Freedom of Information, Königstrasse 10 a, 70173 Stuttgart.

Product added to compare
Product Compare added Product Compare