Data protection declaration for ScutiX website users
Section 1 Information regarding the collection of personal data
(1) General information
Thank you for your interest in our website. ScutiX company management places great value on ensuring that your personal data is well-protected when you visit our homepage. The following information provides an overview of how we process your personal data and what data protection-related rights you have. Personal data means any data which can be used to identify you, such as your name, address, email address or user behaviour.
Should a so-called “data subject” (an identifiable natural person) want to take advantage of specific services offered by our company via our Internet page, such as our contact form, then this may require the processing of their personal data. Should the processing of personal data be required and should there be no legal basis for such processing, then we will, as a matter of principle, obtain the data subject’s consent. Processing is always carried out in compliance with the EU General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations which apply for ScutiX.
As the “controller” of processing (a natural or legal person who determines the purposes and means of processing), ScutiX has implemented technical and organisational measures to ensure the most comprehensive protection possible of your personal data processed via this Internet page against loss, destruction, access, alteration or dissemination by unauthorised persons. These measures include the encrypted transmission of your personal data. When doing so, we use the TSL (Transport Layer Security) coding system.
Nevertheless, due to fundamental gaps in the security of Internet-based data transmission, it is not possible to ensure complete protection of data.
(2) Data processing controller
The controller as defined by Art. 4 Para. 7 of the EU General Data Protection Regulation (GDPR) and current country-specific data protection regulations is:
Tel.: +49 (7254) 92187 – 0
Fax: +49 (7254) 92187 – 99
Email: [email protected]
Our Data Protection Officer, Mr Sven Bartsch, can be contacted by post at the above-mentioned address accompanied with the addition ‘For the attention of the Data Protection Officer’ or by email to:
(3) General information regarding data processing
We only collect and use our users’ personal data insofar as this is required to provide a functioning website; to present our content and to carry out our services. The collection and use of our users’ personal data generally takes place following the user’s consent. Exceptions only apply in cases where prior consent cannot be obtained for factual reasons and where processing of the data is permitted by law.
The following legal bases can apply to the processing of your personal data:
* Processing based on your consent (Article 6 Para. 1 lit. a GDPR)
* Processing which is necessary for the performance of a contract to which the data subject is party. This also applies to processing procedures which are necessary to take steps prior to entering into a contract (Article 6 Para. 1 lit. b GDPR)
* Processing which is necessary for compliance with a legal obligation to which our company is subject (Article 6 Para. 1 lit. c GDPR)
* Processing which is necessary in order to protect the vital interests of the data subject or another natural person (Article 6 Para. 1 lit. d GDPR)
* Processing which is necessary for the purposes of the legitimate interests pursued by our company or by a third party except where such interests are overridden by the data subject’s interests or fundamental rights and freedoms (Article 6 Para. 1 lit. f GDPR). Legitimate interests may, in particular, be:
o Correct presentation of our Internet site’s content;
o Statistical evaluation to examine and optimise the website;
o In the event of a cyber-attack, to provide the information required for criminal prosecution to the law enforcement authorities;
o Responding to enquiries and providing services and/or information intended for your use;
o Processing and transmission of personal data for internal and/or administrative purposes;
o Avoidance and identification of cases of fraud and criminal acts;
o To ensure the lasting functionality of our IT systems and Internet site technology for the purpose of increasing data protection and data security within our company.
Section 2 Your rights
(1) My rights as a data subject
You can request information about what personal data concerning you has been stored by contacting the above-mentioned address (Art. 15 GDPR). Over and above this, you can request rectification if we have stored inaccurate data concerning you (Art. 16 GDPR). You can, depending on the circumstances, also request erasure of your personal data (Art. 17 GDPR) or assert your right to object (Art. 21 GDPR). You also have the right to restriction of processing of your personal data (Art. 18 GDPR) as well as the right to have the data which you have provided handed over to you (Art. 20 GDPR). Under the provisions of Art. 34 and 35 German Federal Data Protection Act (BDSG) your rights to information and to erasure are subject to some limitations. Furthermore, you have the right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR in conjunction with Art. 19 BDSG).
(2) Objection or withdrawal of consent to processing of your data
Should you have given your consent to processing of your data, you can also withdraw it at any time. Withdrawing your consent will mean that we are then no longer allowed to process your personal data.
Insofar as processing of your personal data is based on balancing of interests, you can also object to it being processed. This is the case in particular if processing is not required to perform a contract with you, which is noted accordingly in the relevant description of the functions provided below. Should you decide to make use of your right to object, then we would appreciate your providing us with an explanation why we should no longer continue to process your personal data as we have done in the past. Should your objection be justified, then we will examine the facts of the matter and either stop or modify processing of your data or will notify you of the compelling reasons worthy of protection which allow us to continue processing it.
(3) Who will get my data?
Insofar as the detailed descriptions of our services do not state anything different, then our in-house departments which require access to your data in order to perform our contractual and legal obligations will be allowed to access it. We will only pass on information about you if we are required to do so by law (reporting obligations); you have consented and/or there is another legitimate legal basis for passing it on.
Should we make use of service providers to carry out specific functions within the scope of our services, then they will be carefully selected and commissioned; must follow our instructions and be regularly inspected.
Should we wish to use your data for advertising purposes, then we will inform you below in detail regarding the corresponding procedures.
(4) How long will my data be stored?
Insofar as the detailed descriptions of our services do not state anything different, then we will process and store your personal data for as long as this is required to perform our contractual and legal obligations.
Your personal data will be regularly erased or blocked in the following cases: when it is no longer required to perform contractual or legal obligations; you have exercised your right to erasure; all mutual claims have been fulfilled; and there are no other legal storage obligations or legal justifications for storing it.
Section 3 Collection of personal data when visiting our website
(1) Use of server logfiles
Whenever a data subject or automated system accesses the website, a range of general data and information will be collected in logfiles. These include the following: an Internet protocol address (IP address); the browser type and version; the website from which a system accessing our website gained access (the so-called “referrer”); the sub-websites which were the accessing system’s destination; the date and time of accessing the website; and any other similar data and information which serves to avert danger in the event of attacks on our IT systems.
The legal basis for temporary storage of data and logfiles is legitimate interests as defined by Art. 6 Para.1lit. f GDPR.
Temporary storage of the IP address by the system is required to ensure that the website is delivered to the user’s computer. To do so, the user’s IP address must be stored for the duration of the session.
Logfile storage takes place to ensure the website’s functionality. In addition to this, the data helps us to optimise the website and ensure the security of our IT systems. The legal basis for this is, once again, legitimate interests as defined by Art. 6 Para.1 lit. f GDPR. The data is erased as soon as it is no longer required for the purpose for which it was collected. Should data have been collected in order to provide the website, then this will be the case when the corresponding session ends. Collection of the data in order to provide the website and storage of the data in the logfiles is required to facilitate operation of the Internet page. In addition to this, the logfiles can also be checked if there are concrete indications that there is a legitimate suspicion of unlawful use or if a concrete attack on our website is carried out. Our legitimate interest in processing is, in the case, to facilitate the clarification and criminal prosecution of such attacks and unlawful use.
In addition to the above-mentioned data, cookies will be stored on your computer when you use our website. Cookies are small text files which are stored on your hard drive and assigned to the browser you use. They provide certain information to the organisation which installs the cookies (in this case, us). Cookies cannot execute programs or infect your computer with viruses. They are used to make the overall online experience more user-friendly and effective.
This website uses the following types of cookies, whose extent and method of functioning are described below:
Transient cookies: Are automatically deleted when you close your browser. They include, in particular, session cookies, which store a so-called “session ID”, used to assign various requests made by your browser to the joint session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close the browser.
Persistent cookies: Are automatically deleted after a predefined period of time, which can vary from cookie to cookie. You can use your browser settings to delete these cookies at any time.
Section 4 Further functions and services on our website
In addition to purely information-based use of our website, we also offer a range of services which you can use if interested. To do so, you must generally provide more personal data, which we will use to perform the relevant service, and which are subject to the above-mentioned fundamental data processing principles.
(1) Use of contact options
Our website offers a contact form which can be used to make an electronic contact with us. When doing so, the data entered by the user is transmitted to and stored by us. This data includes your email address and message as mandatory fields; all other information is voluntary and goes beyond what is required. Within the scope of submitting the form we will obtain your consent to process your data and inform you about this data protection declaration. The legal basis for data processing when using the contact form is thus Art. 6 Para.1 lit. a GDPR.
Alternatively, you can contact us using the email address provided. Should you choose to do so, then the personal data which you provide when sending the email will be stored by us. The data will be used solely to communicate with you and will not be forwarded to third parties. In accordance with Art.6 Para.1 lit. f GDPR, we have a legitimate interest for processing the data which is transmitted within the scope of sending an email.
Should the purpose of the contact be to conclude a contract, then, as defined by Art. 6 Para.1 lit. b GDPR, there is an additional legal basis for processing the data in order to perform the steps required to enter into a contract and, where applicable, to carry out subsequent processing in order to perform the contract.
Any personal data which we process within the scope of a general contact enquiry or email will only be stored until the relevant correspondence has ended. The conversation ends when evidence indicates that the relevant matter has been subsequently clarified.
Any consent which you give to processing of your personal data can be withdrawn at any time. Should you contact us by email, you can, of course, also object to storage of your personal data at any time. In such cases we will no longer be able to communicate with you.
(2) Collection and use of personal data within the scope of job applications
We place great value on ensuring that your personal data is well-protected during the scope of any job application. To this end, we use technical and organisational measures to protect all personal data which we gather and process during an application against unauthorised access and manipulation.
We will process applicants’ data such as name, contact details, CV, nationality, work permit, etc. to facilitate the selection and/or employment procedure within the scope of the application process, with the aim of filling vacancies at our company.
The legal basis for the processing of your personal data is as follows: the establishment, performance and termination of a contractual relationship as per Art. 6 Para. 1 lit. b; the performance of a legal obligation as per Art. 6 Para. 1 lit. c and your consent by voluntarily providing us with data which is not absolutely required for the purpose (e.g. information on your CV about hobbies and interests).
Over and above this, data is processed on the basis of legitimate interests as per Art. 6 Para. 1 lit. f:
* To optimise our job application processes,
* To ensure compliance with regulations, industry standards and contractual obligations,
* To assert, exercise or defend legal claims, and
* To avoid damages to and/or liability of our company by means of corresponding measures.
Your data will be erased when the corresponding purpose has been carried out; however prior to this it will be stored for as long as required to defend ourselves against any legal claims and/or any claims of discrimination. This period is generally 6 months. Particularly interesting candidates whom we cannot currently offer a position will be asked to consent to a longer storage period (generally one year). Insofar as accounting-relevant processing is carried out, such as reimbursement of travel expenses, then the relevant required data will be deleted after the corresponding legal storage period has expired – generally 6 or 10 years.
Should the job application be successful, and we are able to welcome you to our company after signing a contractual agreement, then we will include the data provided to us within the scope of the application process in your personnel file.
Section 5 Web analysis
(1) Use of Google Analytics
This website uses Google Analytics, a Google Inc. (“Google”) web analysis service. Google Analytics uses so-called “cookies”, text files which are stored on your computer and allow your use of the website to be analysed. The information generated by the cookie concerning your use of this website is usually transmitted to a Google server in the USA, where it is stored. Activation of the IP anonymisation function on this website means that Google will, however, truncate your IP address within European Union member states or other states party to the Agreement on the European Economic Area before transferring the data. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information to evaluate your use of the website; to compile reports on website activities for the website operator and to provide other services relating to the website and Internet use.
Google will not link the IP address transmitted by your browser within the scope of Google Analytics to any other data.
You can prevent the installation of cookies by selecting the corresponding settings in your browser software; please however be aware that should you do so, you may not be able to use all the functions offered by this website to their full extent. Over and above this, you can block the collection of data generated by the cookie and relating to your use of the website (incl. your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
This website uses Google Analytics with the “_anonymizeIp()” code to ensure that IP addresses are truncated before further processing and thus prevent user identifiability. Insofar as the data collected about you includes personal content, then this will be immediately excluded and the personal data thus deleted without delay.
We use Google Analytics to analyse use of our website and continuously improve it. The statistics gathered allow us to improve our service and make the website more interesting for you as a user. Exceptional cases in which personal data is transmitted to the USA are subject to the EU-US Privacy Shield which Google participates in – https://www.privacyshield.gov/EU-US-Framework. The legal basis for use of Google Analytics is Art. 6 Para. 1 S. 1 lit. f GDPR.
Third-party provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms and Conditions of Use: http://www.google.com/analytics/terms/de.html; data protection overview: http://www.google.com/intl/de/analytics/learn/privacy.html, and Data Protection Declaration: http://www.google.de/intl/de/policies/privacy.
In addition to this, this website uses Google Analytics for cross-device analysis of visitor flows, carried out via user IDs. You can deactivate cross-device analysis of your usage in the “Personal Data” section of the “My Data” area of your customer account.
Section 6 Use of social media plugins
We have no influence over what data is gathered or the data processing procedures and have no knowledge of the full extent of the data which is gathered; the purposes behind its processing or the storage times. Furthermore, we have no information regarding erasure of the data gathered by the plugin provider.
The plugin provider stores the data collected about you as a usage profile and uses this profile for advertising purposes, market research and/or the needs-based design of its website. Such evaluation is carried out in particular (also for users who are not logged in) to present needs-based advertising and to inform other social network users about your activities on our website. You can object to the creation of these user profiles, whereby you must contact the relevant plugin provider to do so. The plugins allow us to offer you the opportunity to interact with the social networks and other users, thus allowing us to improve our service and make it more interesting for you as a user. The legal basis for plugin use is Art. 6 Para. 1 S. 1 lit. f GDPR.
Data forwarding takes places regardless of whether you have an account with the plugin provider and are logged on to it or not. When you are logged on with the plugin provider the data gathered on our website will be directly assigned to your account with the plugin provider. Should you click the activated button and, for example, link the site, then the plugin provider will also save this information in your user account and share it publicly with your contacts. We recommend that you regularly log off after using a social network, in particular, however, before activating the button since this allows you to avoid identification of your profile with the plugin provider.
Visit the following links to see the providers’ data protection declarations, including more information on the purpose and extent of data collection and its processing by the plugin provider as well as your corresponding rights and settings options to protect your personal privacy.
Plugin providers’ addresses and URL for their data protection information:
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook participates in the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
b) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter participates in the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework