engineering-people.de

Data Protection

 
 

Privacy Statement

Name and contact details of the controller in accordance with Article 4 Section 7 GDPR
Company:    engineering people GmbH
Address:      Söflinger Str. 70, 89077 Ulm, Germany
Phone:        +49 (0) 731 / 20790-0
Fax:            +49 (0) 731 / 20790-120
E-mail:        info@ep-group.de


Contact to the data protection officer

E-mail:        datenschutz@ep-group.de

Safety and protection of your personal data

We consider it our prime task to treat the personal data which you supply as confidential and to protect it against unauthorised access. For this reason, we exercise extreme care and apply state-of-the-art safety standards to ensure maximum protection of your personal data.


As a private-law company, we are governed by the provisions of the European General Data Protection Regulation (GDPR) and the regulations of the Federal Data Protection Act (FDPA). We have taken technical and organisational measures which ensure that the data protection regulations are observed both by us and by our external service providers.

Definitions

The legislator requires that personal data are processed lawfully, in good faith and in a form which is comprehensible for the data subject (“lawfulness, processing in good faith, transparency”). To ensure this, we inform you of the individual statutory definitions which are also used in this privacy statement:

1.    Personal data
“Personal data” is all information which refers to an identified or identifiable natural person (hereinafter “data subject”); a natural person is regarded as identifiable if he/she can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location details, online identification data or one or more special characteristics which express the physical, physiological, genetic, mental, economic, cultural or social identity of this person.

2.    Processing
“Processing” is any process carried out with or without the aid of automated procedures or any such series of processes in connection with personal data, such as the collection, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

3.    Blocking of processing
“Blocking of processing” is the marking of stored personal data with the aim of blocking future processing thereof.

4.    Profiling
“Profiling” is any form of automated processing of personal data which consists of use of these personal data to evaluate particular personal aspects relating to a natural person, in particular to analyse or predict aspects relating to performance, economic situation, health, personal preferences, interests, reliability, conduct, place of residence or change of location of this natural person.

5.    Pseudonymisation
“Pseudonymisation” is processing of personal data in such a way that the personal data cannot be assigned to a specific data subject without the need for additional information insofar as this additional information is stored separately and is subject to technical and organisational measures which ensure that the personal data cannot be assigned to an identified or identifiable natural person.

6.    File system
A “file system” is any structured collection of personal data which are accessible according to particular criteria, independently of whether this collection is managed centrally or decentralised or is organised according to functional or geographic aspects.

7.    Controller
A “controller” is a natural or legal person, public authority, agency or any other body which decides on the purposes and means of processing personal data. If the purposes and means of this processing are stipulated by European Union law or the law of member states, the controller or the particular criteria of his or her nomination may be designated in accordance with the law of the European Union or the law of the member states.

8.    Order processor
The “order processor” is a natural or legal person, authority, agency or any other body which processes personal data on behalf of the controller.

9.    Recipient
The “recipient” is a natural or legal person, authority, agency or any other body to which personal data are disclosed, regardless of whether this is a third party or not. However, authorities which may receive personal data in the course of a particular inquiry in accordance with European Union law or the law of member states are not regarded as recipients. Processing of this data by the specified authorities is carried out pursuant to the valid data protection regulations according to the purposes of processing.

10.    Third party
A “third party” is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the personal data.

11.    Consent
“Consent” of the data subject is any freely given specific and informed indication of his or her wishes by which the data subject signifies his or her agreement to personal data relating to him or her being processed.
 
Lawfulness of processing

Processing of personal data is only lawful if there is a legal basis for processing. A legal basis for processing pursuant to Article 6 Clause 1 Letter a – f GDPR may be, in particular:

a.    the data subject has given his or her consent to processing of the personal data relating to him or her for one or more particular purposes;
b.    processing is necessary to fulfil the contract of which the contractual party is the data subject or to implement pre-contractual measures carried out at the request of the data subject;
c.    processing is necessary for compliance with a legal obligation to which the controller is subject;
d.    processing is necessary to protect vital interests of the data subject or another natural person;
e.    processing is necessary for the performance of a task which is in the public interest or is carried out in the exercise of official authority which was transferred to the controller;
f.    processing is necessary to protect the legitimate interests of the controller or of a third party insofar as the interests or basic rights and basic freedoms of the data subject which require the protection of personal data do not prevail, in particular if the data subject is a child.
Information on the collection of personal data
(1) In the following, we provide information on the collection of personal data when using our website. Personal data are, for example, name, address, e-mail addresses, user behaviour.
 
(2) When contacting us by e-mail and / or via a contact form, the data provided by you (your e-mail address, where appropriate your name and telephone number) are stored by us in order to answer your questions. We delete the data collected in this context when storage is no longer necessary or processing is restricted if statutory storage obligations exist.
 
Collection of personal data when visiting our website

When only using the website for information purposes, i.e. if you do not sign up or otherwise provide us with information, we only collect the data which your browser sends to our server. If you wish to view our website, we collect the following data, which is necessary to display our website and to ensure stability and security (the legal basis is Art. 6 Section 1 p. 1 Letter f GDPR):
 
–    IP address
–    Date and time of the enquiry
–    Time zone difference to Greenwich Mean Time (GMT)
–    Content of the request (specific page)
–    Access status / HTTP status code
–    Data quantity transferred in each case
–    Website from which the request comes
–    Browser
–    Operating system and its interface
–    Language and version of the browser software

Use of cookies
(1) In addition to the above-mentioned data, cookies are stored on your computer when you use our website. Cookies are small text files which are stored on your hard drive assigned to the browser which you use and through which certain information flows to the place which sets the cookie. Cookies cannot run programs nor transmit viruses to your computer. They serve to make the website more user-friendly and more effective in general.

(2) This website uses the following types of cookies, the scope and function of which are described in the following:

–    Transient cookies (see a.)
–    Persistent cookies (see b.).

a.    Transient cookies are automatically deleted when you close the browser. In particular, these include session cookies. These store a so-called session ID with which various requests of your browser can be allocated to a joint session. Your computer can thus be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.

b.    Persistent cookies are automatically deleted after a pre-set time, which may vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser. Automatic deletion is carried out after 60 days at the latest.

c.    You can configure your browser setting according to your requirements and refuse to accept third-party cookies, for example, or all cookies. So-called “third-party cookies” are cookies set by a third party and therefore not by the actual website which you are on. We point out that you may not be able to use all functions of this website if you disable cookies.

d.    We use cookies to identify you for subsequent visits if you have an account with us. Otherwise you would have to log in again for each visit.

Further functions and features of our website
(1) In addition to use of our website for information purposes only, we offer various services which you may use if interested. For this, you must generally give further personal data which we use to provide the individual service and for which the above-mentioned general data processing principles apply.


(2) We sometimes use external service providers to process your data. These are carefully selected by us, are bound by our instructions and are regularly checked.

(3) We can also forward your personal data to third parties if promotions, prize draws, conclusions of contracts or similar services are offered by us together with partners. You will receive further information on these when you provide your personal data or below in the description of the service.

(4) If our service providers or partners have their headquarters in a country outside of the European Economic Area (EEA), we inform you of the consequences of this situation in the description of the service.

Children
Our services are aimed principally at adults. Persons under the age of 18 should not send us personal data without the permission of their parents or legal guardians.

Rights of the data subject

(1) Revocation of consent
If processing of the personal data is based on granted consent, you have the right to revoke the consent at any time. By revoking the consent, the lawfulness of processing carried out on the basis of the consent up to the revocation is not affected.

You can contact us at any time with regard to the right of revocation.

(2) Right to obtain confirmation
    You have the right to request confirmation from the controller as to whether we are processing your personal data. You can request confirmation at any time using the above-mentioned contact details.

(3) Right of information
    If personal data are processed, you can request information on these personal data and the following details at any time:

a.    the purposes of processing;
b.    the categories of personal data processed;
c.    the recipients or categories of recipients to which the personal data are disclosed or will be disclosed, in particular in the case of recipients in third-party countries or international organisations;
d.    if possible, the planned duration for which the personal data will be stored or, if not possible, the criteria for definition of this duration;
e.    the existence of a right to rectify or delete the personal data relating to you or to restrict processing by the controller or a right to object to this processing;
f.    the existence of a right to complain to a supervisory body;
g.    if the personal data are not collected from the person concerned, all available information on the origin of the data;
h.    the existence of automatic decision-making including profiling in accordance with Article 22 Sections 1 and 4 GDPR and - at least in these cases - clear information on the logic involved as well as the scope and the intended effects of such processing for the data subject.

If personal data are disclosed to a third-party country or international organisation, you have the right to be informed of the suitable guarantees in accordance with Article 46 GDPR in connection with the disclosure. We provide a copy of the personal data which are subject to processing. For all further copies for which you apply, we may request an appropriate payment based on administration costs. If you submit the application electronically, the information is to be provided in a conventional electronic format unless otherwise stated. The right to receive a copy pursuant to paragraph 3 must not prejudice the rights and freedoms of other persons.

(4) Right of rectification  
    You have the right to demand that we correct erroneous personal data on you without delay. Taking into account the purposes of processing, you have the right to request that incomplete personal data be completed - also by means of an additional statement.

(5) Right to deletion (“Right to be forgotten”)
    You have the right to demand that the controller delete your personal data without delay and we are obliged to delete personal data immediately if one of the following reasons applies:

a.    the personal data is no longer required for the purposes for which it was collected or otherwise processed;
b.    the data subject revokes consent on which processing was based pursuant to Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a GDPR and there is no other legal basis for processing;
c.    the data subject raises an objection against processing pursuant to Article 21 Paragraph 1 GDPR and there are no overriding justified reasons for processing, or the data subject raises an objection to processing pursuant to Article 21 Paragraph 2 GDPR;
d.    the personal data was processed unlawfully;
e.    deletion of the personal data is necessary to comply with the legal obligation in accordance with European Union law or the law of the member states to which the controller is subject;
f.    the personal data were collected in relation to services offered by the information society pursuant to Article 8 Paragraph 1 GDPR.

If the controller has disclosed the personal data and if he or she is obliged to delete them pursuant to Paragraph 1, he or she takes appropriate measures, also of a technical nature, taking into account the available technology and the implementation costs, in order to inform the persons responsible for processing the personal data that a data subject has requested that they delete all links to these personal data or copies or reproductions of these personal data.

The right to deletion (“Right to be forgotten”) does not exist insofar as processing is necessary:

–    to exercise the right to freedom of expression and information;
–    to fulfil a legal obligation which requires processing pursuant to the law of the European Union or of member states to which the controller is subject, or to perform a task which is in the public interest or is carried out in the exercise of official authority which was transferred to the controller;
–    for reasons of the public interest in the public health sector pursuant to Article 9 Paragraph 2 Letters h and i as well as Article 9 Paragraph 3 GDPR;
–    for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 Paragraph 1 GDPR, in so far as the right specified in Paragraph 1 is expected to make achievement of the objectives of this processing impossible or seriously impair it, or
–    to assert, exercise or defend legal claims.

 

(6) Right to limitation of processing
    You have the right to request that we limit processing of your personal data if one of the following conditions applies:

a.    the correctness of the personal data is disputed by the data subject, for a period which allows the controller to verify the correctness of the personal data;
b.    processing is unlawful and the data subject objects to deletion of personal data and instead requests restriction of use of the personal data;
c.    the controller no longer requires the personal data for the purpose of processing but the data subject requires it to assert, exercise or defend legal claims, or
d.    the data subject raises an objection to processing pursuant to Article 21 Paragraph 1 GDPR as long as it is not determined whether the justified reasons of the controller outweigh those of the data subject.

If processing was restricted according to one of the above-mentioned conditions, this personal data may only be processed – apart from storage – with the permission of the data subject or in order to apply, exercise or defend legal claims or to protect the rights of another natural person or legal entity or due to reasons of important public interest of the European Union or of a member state. 

To assert the right to restriction of processing, the data subject can apply to us at any time under the above-mentioned contact details.

(7) Right to data portability
You have the right to receive the personal data which you have made available to us in a structured, conventional and machine-readable format and you have the right to convey these data to another controller without hindrance by the controller to whom the personal data were provided insofar as:

a.    processing is based on consent pursuant to Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a or on a contract pursuant to Article 6 Paragraph 1 Letter b GDPR and

b.    processing is carried out with the aid of an automated process.

When asserting the right to data portability pursuant to Paragraph 1, you have the right to effect that the personal data be transferred directly from one controller to another controller insofar as technically feasible. Exercising the right to data portability does not affect the right to deletion (“Right to be forgotten”). This right does not apply to processing which is necessary for the performance of a task which is in the public interest or is carried out in the exercise of official authority which was transferred to the controller.

(8) Right of objection
You have the right for reasons resulting from a particular situation to raise an objection at any time to the processing of your personal data which is carried out on the basis of Article 6 Paragraph 1 Letters e or f GDPR; this also applies to profiling based on one of these provisions. The controller no longer processes the personal data unless he or she can furnish proof of compelling legitimate grounds for processing which outweigh the interests, rights and freedoms of the data subject or unless processing serves the establishment, exercise or defence of legal claims.

If personal data are processed in order to carry out direct marketing, you have the right to raise an objection at any time to processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is linked to such direct marketing. If you object to processing for purposes of direct marketing, the personal data are no longer processed for these purposes.

In connection with the use of services of the information society, you can exercise your right to object by means of automated processes in which technical specifications were used, irrespective of the Directive 2002/58/EC.

You have the right, for reasons resulting from your particular situation, to object to the processing of your personal data which is carried out for the purposes of scientific or historical research or for statistical purposes pursuant to Article 89 Paragraph 1, unless processing is necessary to fulfil a task in the public interest.

You can exercise this right to object at any time by applying to the relevant controller.

(9) Automated decisions in individual cases including profiling
You have the right not to be subject to a decision based exclusively on automated processing - including profiling - which has a legal effect on you or considerably affects you in a similar way. This does not apply if the decision:

a.    is necessary for the conclusion or fulfilment of a contract between the data subject and the controller;

b.    is permitted on grounds of legal regulations of the European Union or of the member states to which the controller is subject and these legal regulations contain appropriate measures to protect the rights and freedoms as well as the justified interests of the data subject or

c.    is taken with the express consent of the data subject.

The controller takes appropriate measures to protect the rights and freedoms as well as the justified interests of the data subject, which at least includes the right to effect intervention of a person on the part of the controller, to state his or her point of view and to contest the decision.

The data subject can exercise this right at any time by applying to the relevant controller.

(10) Right to complain to a supervisory authority
Irrespective of any other administrative or legal remedy, you have the right to complain to a supervisory authority, in particular in the member state of your place of residence, place of work or in the place of the alleged infringement if the data subject is of the opinion that processing of his or her personal data contravenes this regulation.

(11) Right to effective legal remedy
Irrespective of an available administrative or extra-judicial remedy including the right to complain to a supervisory authority pursuant to Article 77 GDPR, you have the right to effective legal remedy if it is of the opinion that the rights to which it is entitled on the basis of this regulation were infringed as a result of processing of its personal data which is not in accordance with this regulation.


Electronic application

If you apply via the website of engineering people GmbH, this is only possible if you give your informed consent. In this regard, please read the Declarations of Consent and tick the relevant checkbox. The data which you upload to our server are transmitted in encrypted form. Please use this option rather than transferring the data via e-mail.

Use of Matomo (formerly Piwik)
(1) This website uses the web analysis service Matomo in order to analyse use of our website and make regular improvements. The statistics which we obtain enable us to improve our site and make it more interesting for you as a user. The legal basis for use of Matomo is Art. 6 Para. 1 p. 1 Letter f GDPR.

(2) Cookies are stored on your computer for this analysis. The information thus collected is stored exclusively by the controller on his or her server in [Germany]. You can adjust the analysis by deleting existing cookies and preventing storage of cookies. If you prevent storage of cookies, we point out that you may not be able to use the full scope of this website. It is possible to prevent storage of cookies via your browser settings. It is possible to prevent use of Matomo by removing the following tick and thus activate the opt-out plug-in: [Matomo iFrame].

(3) This website uses Matomo with the extension “AnonymizeIP”. IP addresses are then further processed in shortened form so that direct assignment to a person is excluded. The IP address sent by your browser via Matomo is not compiled with other data collected by us.

(4) The Matomo program is an open source project. Information of the third-party provider on data protection is available at matomo.org/privacy-policy/.

Integration of Google Maps
(1) We use the services of Google Maps on this website. We can thus display interactive maps directly to you on the website and enable convenient use of the map function.

(2) When visiting the website, Google receives information that you have opened the corresponding subpage of our website. In addition, the data specified under § 3 of this declaration are transferred. This occurs irrespective of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in with Google, your data are directly assigned to your account. If you do not want assignment to your profile with Google, you must log out before activating the button. Google stores your data as a usage profile and uses it for the purposes of advertising, market research and / or design of its website according to requirements. Such analysis is carried out in particular (even for users who are not logged in) to display requirement-based advertising and to inform other users of the social network of your activities on our website. You have the right to object to the formation of these user profiles but to exercise this right you must object to Google.

(3) Further information on the purpose and scope of data collection and processing thereof by the plug-in provider is given in the data protection declarations of the provider. There you can also receive further information on your rights and setting options to protect your privacy: google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has signed up to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.


Order processor
We use external service providers (order processors), e.g. for shipment of goods, newsletters or payment processing. Separate order data processing was agreed with the service provider in order to ensure protection of your personal data.

We co-operate with the following service providers:

mediaconcept GmbH
Hohnerstr. 6, 89079 Ulm, Germany

Mittwald CM Service GmbH & Co. KG
Königsberger Str. 4-6, 32339 Espelkamp, Germany

IT Consulting Kühnl
Söflinger Str. 70, 89077 Ulm, Germany