Website Privacy Policy
In the following we inform you of our processing of your personal data and of the claims and rights to which you are entitled under the pertinent data protection regulations.
This Privacy Policy explains the nature, scope and purpose of the processing of personal data on our website (hereinafter referred to collectively as “website”). The Privacy Policy applies irrespective of the domains, systems and devices used (e.g. desktop, mobile, etc.).
Personal data means all data that refer to you personally, e.g. name, address, email addresses, user behaviour. Which data are specifically processed and the way in which they are used depends largely on the services used.
1. Who is responsible for data processing and whom can I contact?
Data controller:
ifp Privates Institut für Produktqualität GmbH
Wagner-Régeny-Str. 8
12489 Berlin
030 / 74 73 33 - 0
030 / 74 73 33 - 4999
info@produktqualitaet.com
You can contact our company’s Data Protection Officer here:
mip Consult GmbH
Rechtsanwalt Asmus Eggert
Wilhelm-Kabus-Str. 9
10829 Berlin
030 / 74 73 33 - 0
datenschutz@produktqualitaet.com
www.sofortdatenschutz.de
2. What sources and data do we use?
We process personal data that we receive as part of your use of our website and as part of any business relationship we may have with you.
If you use the website for information purposes only, i.e. if you do not sign up or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you visit our website, we collect the following access data, which are technically necessary for us to display our website to you and to guarantee stability and security. The access data include the IP address, date and time of the request, time zone difference from Greenwich Mean Time (GMT) content of the request (i.e. name of the specifically retrieved webpage), access status/HTTP status code, the amount of data transmitted in each case, referrer URL (previously visited page), browser type and version, operating system and its interface, language and version of the browser software, message regarding successful retrieval. We anonymise the IP address in the web server logfile by replacing the last three numbers of the IP address with random values.
We also receive your personal data if you contact us using the contact form or by email. Personal data in this case include name and email, and any additional data that you provide us with in the text of your contact request or in the signature of your email (hereinafter referred to as “contact data”).
3. What do we process your data for (purpose of processing) and on what legal basis?
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), for the following purposes and on the following legal bases:
| Purposes | Legal basis |
| If you have given us your consent to process personal data for different purposes, in particular for the purpose of establishing contact (e.g. via our contact form or by email for processing and handling the request, mailing newsletters, advertising by telephone, email, SMS, etc.), the legitimacy of such processing derives from your consent. You may revoke your consent at any time. Please note that such revocation only has future effect. Processing that took place before the revocation is not affected by this. | Consent, Art. 6 (1a) GDPR |
| When contacting us (via contact form or by email), in addition to any consent granted to the processing and handling of the contact request, your details are also processed on the basis of actions taken prefatory to conclusion of contract, Art. 6 (1b) GDPR. | Performance of pre-contractual measures at the request of the person, Art. 6 (1b) GDPR |
|
We process your access data (see paragraph 2 above) in order to safeguard our own legitimate interests or those of third parties. In so doing we pursue the following legitimate interests in particular:
|
In the context of balancing interests, for safeguarding legitimate interests, Art. 6 (1f) GDPR |
| When you contact us by email in connection with your application, we will process your data to assess your suitability for the position (or any other vacant position in our companies, where relevant) and for the recruitment process. Your application data are reviewed by the HR department after receipt of your job application. Suitable applications are then transmitted in-house to the departmental heads responsible for the respective vacant positions. They will decide about the further procedure. In our company, in principle only persons who require your data for the proper conduct of the recruitment process have access to your data. | Establishment of an employment relationship, section 26 of the German Data Protection Act (BDSG) and after completion of the recruitment process, should an application not be successful, for safeguarding legitimate interests, Article 6(1f) GDPR (defence against claims), provided consent has been granted, Article 6(1a) GDPR |
4. Who will receive my data?
Within the company, the departments that need access to your data in order to fulfil our contractual and legal obligations are granted access to it.
The processors that we use (Art. 28 GDPR) may also receive data for the above purposes. These include companies involved in IT services, logistics, payment services, printing services, telecommunications, debt collection, advisory services and consulting, as well as sales and marketing. If we use processors in order to provide our services, we take appropriate legal precautions as well as appropriate technical and organisational measures in order to ensure that the personal data are protected in accordance with the applicable legal provisions.
We will only pass on data to third parties within the scope of legal requirements. We will only pass on user data to third parties if so doing is required for contractual purposes e.g. on the basis of Art. 6 (1) (b) GDPR or on the basis of legitimate interests pursuant to Art. 6 (1) (f) GDPR in the commercial and effective operation of our business, or if you have consented to the data transmission. If the website is used for informational purposes only, we do not pass on data to third parties as a general rule.
5. How long will my data be stored?
Log file information is stored for a maximum of four weeks for security reasons (e.g. to investigate instances of misuse or fraud) and then deleted (see paragraph 2 above). Data whose further retention is required for evidentiary purposes are exempted from deletion until the relevant incident has been clarified with final effect.
If necessary, we process and store your personal data for the duration of our business relationship, which also includes, for instance, the initiation and processing of a contract via the contact form or by email.
If an application is not successful, the applicant’s data are deleted after six months. If you have consented to the further storage of your personal data, we will include your data in our pool of applications. The data in this pool will be deleted as soon as you withdraw your consent, but after five years at the latest. If we decide to appoint you to the vacant position, your data will be saved in our HR management system.
In addition, we are subject to various retention and documentation obligations that derive from the German Commercial Code (HGB) and the German Tax Code (AO), among other sources. The period for retention/documentation specified therein can range from two to ten years.
Finally, the retention period is also assessed on the basis of statutory limitation periods, which are generally three years according to §§ 195 et seqq. of the German Civil Code (BGB), yet in certain cases range up to thirty years; the regular limitation period is three years.
6. Are data transmitted to a third country or an international organisation?
The data provided are processed within the European Union and in the United States. Please note that for recipients of your data in countries lacking an adequacy decision by the Commission according to Article 45 of the GDPR, as is the case for the United States, we either ensure that they are certified according to the EU-US Privacy Shield (as is the case for e.g. Google), or have entered into EU standard data protection clauses with these recipients. This is done in order to protect your data and to achieve an adequate level of protection for your personal data. You have the opportunity to obtain or view a copy of the EU standard data protection clauses. If necessary, please contact us using the contact details provided in paragraph 1 above.
7. What data protection rights do I have?
Every data subject has
- the right to information according to Art. 15 GDPR,
- the right to correction according to Art. 16 GDPR,
- the right to deletion according to Art. 17 GDPR,
- the right to restrict processing according to Art. 18 GDPR and
- the right to data portability according to Art. 20 GDPR.
You may also revoke consents given, in principle with future effect.
In addition, there is a right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).
We would also like to point out your right to object according to Art. 21 GDPR:
___________________________________________________
Information about your right to object according to Art. 21 GDPR
You have the right to lodge an objection to the processing of personal data concerning you at any time for reasons arising from your particular situation where such processing occurs on the basis of Article 6 (1) (e) of the GDPR (data processing in the public interest) and Article 6 (1) (f) of the GDPR (data processing based on a balancing of interests); the foregoing also applies to any profiling based on this provision within the meaning of Article 4 (4) GDPR that we use for purposes of questionnaire evaluation or advertising purposes.
If you lodge an objection, we will no longer process your personal data unless we are able to demonstrate compelling grounds worthy of protection for such processing that override your interests, rights and freedoms, or where the processing serves the assertion, exercise or defence of legal claims.
In individual cases, we process your personal data in order to engage in direct marketing. You have the right to lodge an objection at any time against the processing of personal data concerning you for purposes of such advertising; the foregoing also applies to profiling insofar as it is related to such direct marketing. If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection need not observe any formalities and no costs are incurred other than the transmission costs based on standard rates.
If possible, the objection should be addressed to:
ifp Privates Institut für Produktqualität GmbH
Data Protection Officer
Wagner-Régeny-Str. 8 12489 Berlin
or by email to:
datenschutz@produktqualitaet.com
8. To what extent is there automated decision-making, including profiling, in individual cases?
When accessing our website or as part of establishing contact via a form or email, we generally do not utilise any fully automated decision-making pursuant to Article 22 of the GDPR. Should we utilise these procedures in individual cases, we will inform you separately, insofar as doing so is required by law. We do not engage in automated processing of your data with the objective of evaluating certain personal aspects (profiling).
9. Is there an obligation for me to provide data?
As part of our website, you must provide the personal data necessary for the use of our website for technical or IT security reasons. Unless you provide the aforementioned data, you cannot use our website.
When establishing contact using a form or by email, you need only provide the personal data required in order to process your request. Without these data, we are unable to process your request.
10. Cookie
We only set technically necessary cookies on our website. The functionality of our website cannot be guaranteed without these cookies.
It is a so-called session cookie (PHPSESSID), in order to be able to recognize the user while visiting various sub-pages of our website within a session. The cookie will expire at the end of the website visit.