Privacy policy

1. Privacy Policy

Welcome to our websites. Please find below our policy on how we collect and store your data in line with Art. 13 General Data Protection Regulation (GDPR).

Responsible person

Responsible for data collection and processing is the person/company listed in our legal notice.

Storing your IP Address

Basis for the data processing is article 6 paragraph 1 letter f of the DSGVO, which permits the processing of data in legitimate interest. In this case the legitimate interest occurs in a safe and consistent operation of the web server.
To guarantee this, the administration has to identify and understand attacks or malfunctions in the system with the help of the server’s log files. For further identification of patterns in the attacks these log files have to be saved for a certain amount of time (in this case a maximum of 80 days). When the data is no longer needed, it will be deleted.

Collecting personal data

When visiting our websites we temporarily store “usage data” for statistical purposes in a file log to improve the quality of our websites. This file log consists of:

  • the site requesting the file,
  • name of the file
  • date and time of the request
  • transmitted amount of data,
  • access status  (file transmitted, file not found),
  • details web Browser,
  • P address of the requesting device, abridged to the extent that identification of the owner is not possible.


All the above file data will be stored anonymized.

2. Data Security

To protect your data from unauthorized access we have taken technical and organizational precautions. On our websites we use encryption software. Your data will be transmitted from your device to our server via the internet using TLS-encryption. You can recognize this at the closed padlock symbol in your browser’s status bar and that the address begins with https://


3. Data transmission to third parties

Data transmission to third parties

We transmit data as processor according to Art. 28 GDPR to service providers supporting us in running our websites (e.g. web analytics) and associated processes. Our service providers are strictly bound by a contract and are subject to our directions.

Data transmission to third countries

We might transmit personal data to third countries outside the EU (in this case: USA). We have taken precautions for a high level of data protection:
In the case of Google Analytics (USA) this level of protection is guaranteed by participating in the Privacy-Shield-Agreement (Art. 45 (1) GDPR).
We do not transmit any other data to third countries.
 

4. Cookies

Our websites uses cookies. Cookies are small text files, stored and accessible on your device. There are two types: session cookies, which are deleted once you close your browser and permanent cookies, stored beyond the session. Cookies may contain data to identify your device. Some only contain information on certain settings, which are not related to any person.
We use permanent cookies via Google Analytics. The data is processed on the basis of 
Art. 6 (1) letter f GDPR for the purpose of optimizing users’ experience and adapting the display of our website.
You can set your browser to inform you of any cookies placed to make cookies transparent for you. Additionally, you can always delete cookies and prevent new cookies form being placed. Please be aware that this might affect our websites’ display and that some functions may not be available to you.


5. Trackingtools

Google Analytics

For adequate configuration of our website we use pseudonym user profiles utilizing Google Analytics. Google Analytics uses cookies that are stored on your device and that can be accessed by us. This helps us to recognize and count repeat visits. Data processing is based on Art. 6 (1) letter f GDPR and § 15 (3) TMG (German Telemedia Act) and for the purpose of analyzing the frequency of visits from different users.
The details of your visit on our website collected by the cookie is normally transmitted to and stored on a Google server in the USA. Since we activated IP-anonymizing on our websites, your IP-address will be abridged within the EU before transmission. Only in some exceptional circumstances the IP-address is fully transmitted and abridged afterwards; in this case an acceptable data protection level is guaranteed by Google’s participation in Privacy Shield. In addition, we signed a contract with Google Inc. (USA) to process data according to Art. 28 GDPR. Google can use information only for certain purposes to analyze our websites’ usage and report website activities.

You can always object to this processing by using one the following methods:

1. You can prevent cookies by changing the settings in your browser software; please be aware that some functions of our website may then not be available to you.

2. Additionally, you can prevent transmission and processing by Google by downloading and installing the following Browser-Plugin.

3. Another option to prevent Google Analytics data processing by clicking on the following link (this will place an “opt-out” cookie preventing future data collection when visiting this website): click here to object to Google Analytics data collection.


6. Rights of the user

Your rights as user

When processing personal data, the GDPR grants you certain rights as website user:

1. Right of Access (Art. 15 GDPR):
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, should that be the case, have access to the personal data and the information detailed in Art. 15 GDPR.

2. Right to rectification and erasure (Art. 16 and 17 GDPR):
You have the right to obtain without undue delay the rectification of inaccurate personal data and the right to have incomplete data completed.
In addition you have the right to erasure of all personal data without undue delay when one of the conditions set out in Art. 17 GDPR applies e.g. when data is not needed anymore for the stated purposes.

3. Right to restriction of processing (Art. 18 GDPR):
You have the right to obtain restriction of processing if one of the conditions set out in 
Art. 18 GDPR applies, e.g. you have objected to the processing, pending verification.

4. Right to data portability (Art. 20 GDPR):
In some cases, detailed in Art. 20 GDPR, you have the right to obtain details on your personal data in a structured, commonly used and machine-readable format, or have those details transmitted to a third party.

5. Right to Object (Art. 21 GDPR):
Should data be collected on the basis of Art 6 (1) letter f (Data processing for legitimate interests), you have the right to object to the processing of your data at any time, for reasons that may arise under certain circumstances. We will discontinue processing the data, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or the date processing is to enforce, execute or defend legal claims.

6. Right to lodge a complaint with a supervisory authority:
According to Art. 77 GDPR you have the right to lodge a complaint with a supervisory authority if you consider processing of your personal data constitutes a violation of data protection laws. This right to complain may be exercises in the member state of your place of residence, your place of work or the place of the alleged violation.


7. Contact details data protection officer

Contact details data protection officer


Our data protection officer is there to help you with any questions you may have or if you want to comment:

Dr. Uwe Schläger

datenschutz nord GmbH

Web: www.datenschutz-nord-guppe.de

E-Mail: office@datenschutz-nord.de
Phone: +49 (0)421 69 66 32 0


8. Right to lodge a complaint with a supervisory authority

Authority responsible for Lower Saxony:

Die Landesbeauftragte für den Datenschutz Niedersachsen

Barbara Thiel

Postfach 2 21
30002 Hannover
Germany

oder:

Prinzenstraße
5
30159 Hannover
Germany

Telefon: +49(0)5 11/120-45 00

Telefax: +49(0)5 11/120-45 99


E-Mail:
poststelle@lfd.niedersachsen.de

Webpage:

https://www.lfd.niedersachsen.de


9. Online job applications

We process personal date in accordance with the current data protection regulation on the basis of § 26 BDSG (German Federal Data Protection Law). We only process data you have provided as part of your online application and only for the purposes of applicant evaluation. Further to that, data will not be processed.

You decide which data you provide as part of your application. Online applications will be transmitted to our HR department and processed as soon as possible. The transmission utilizes data encryption. Normally, these applications will be forwarded to the respective departments. Other than that, the data will not be forwarded or transmitted. You data will be handled with strict confidence. Should you application not be successful, your data will be deleted after 6 months.

If you want your application to be available for future consideration, please inform us accordingly with your application. We will then process your data on the basis of Art. 6 (1) letter a GDPR.