PRIVICY POLICY
We would like to inform you as a visitor of our website (also called “user” in the following) about the processing of personal data in the context of the use of our websites.
“Personal data” means all information relating to an identified or identifiable natural person (also “data subject” in the following); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
I. Name and Address of the Controller
II. Name and Address of the Data Protection Officer
III. General Remarks on Data Processing
IV. Provision of the Website and Logfiles
V. Use of Cookies
VI. Newsletter
VII. Contact Form, Call Back Service and E-Mail Contact
VIII. Website Analytics
IX. Google Web Fonts
X. Applicant Data
XI. Rights of the Data Subject
I. Name and Address of the Controller
The controller for these websites in terms of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection regulations is:
Sefiro QS KG
Süderweg 2
25887 Winnert
Phone: +49 4845 – 79 169 0
kontakt@sefiro.de
https://sefiro.de
II. Name und Anschrift des Datenschutz-
beauftragten
The data protection officer of the controller is:
Thomas Holst
Datensicherheit Nord UG (haftungsbeschränkt)
Siemensstr. 28
25813 Husum
Phone: +49 4841/8968-20
+49 4841/8968-50
e-mail: info@datensicherheit-nord.de
III. General Remarks on Data Processing
1. Scope of the Processing of Personal Data
In principle, we only process the personal data of our users to the extent that is necessary for providing a functioning website as well as our contents and services. Primarily, personal data are those data that allow for identifying you personally.
2. Principal Legal Basis for Processing Personal Data
For the processing of personal data that is necessary for the performance of a contract to which the data subject is party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary in order to take steps prior to entering into a contract.
To the extent that the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.
Should the processing be necessary for the purposes of the legitimate interests of our company or a third party and should the former not be overridden by the interests, fundamental rights and fundamental freedoms of the data subject, Article 6(1)(f) GDPR serves as the legal basis for the processing.
To the extent that we obtain the consent of the data subject for processing operations, Article 6(1)(a) GDPR serves as the legal basis.
3. Principal Data Erasure and Principal Duration of Storage
As soon as the purpose of storage ceases to apply, the personal data of the data subject are erased or blocked. Beyond this, storage is permitted and possible when this was provided by the European or the national legislator in European Union regulations, laws or other provisions that the controller is subject to. A blocking or erasure of data also occurs when a period of storage as stipulated by said standards expires, unless there is a necessity for further data storage for entering into or for the performance of a contract.
4. Encryption
To protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller), this website uses SSL or TLS encryption. An encrypted connection can be recognized by the sequence “https://” and, depending on the browser, the padlock symbol in your address bar.
IV. Provision of the Website and Logfiles
1. Description and Scope of Data Processing
For any access to our website, even if you do not transmit any other information, data and information on the computer system of the accessing computer are logged automatically.
The following data will be collected or processed (necessary for technical operations):
- the operating system used on the accessing computer/device
- information on the browser version of the accessing computer/device
- the internet service provider of the user
- amount of data transmitted
- time and date of the moment of access
- websites from which the user arrives on our website (URL)
- websites that the user’s system accesses via our website
- the sub-websites that are navigated to on our website via an accessing system
- the type of the device and browser used, e.g. “iPhone 8 & Safari”
- the IP address of the accessing computer/device
The data are stored in logfiles in our system. No storage of these data together with other personal data of the user takes place.
2. Legal Basis for Data Processing
The legal basis for the temporary storage of data and of logfiles is Article 6(1)(f) GDPR.
3. Purpose of Data Processing
The temporary storage of the IP address by the system is necessary to deliver the website to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.
The storage in logfiles takes place to ensure the functionality of the website. Moreover, the data serve us to optimize our website and to ensure the safety of our information technology systems. No evaluation of data for marketing purposes takes place in this context.
It is on these purposes that our legitimate interest in data processing is founded pursuant to Article 6(1)(f) GDPR. Further interests are the stable and functional operation of this website as well as the attainment of the goals for the protection of the confidentiality, integrity and availability of the data.
4. Period of Storage
The data are deleted as soon as they are no longer necessary for attaining the goal of their collection. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended.
In case of the storage of data in logfiles, this is the case after seven days at the latest. A storage exceeding this is possible. In this case, the IP addresses of the users are deleted or alienated so that an association with the accessing client is no longer possible.
5. Possibility of Objection and Removal
The collection of data for providing the website and the storage of data in logfiles is essential for the operation of the website. Thus, there is no possibility of objection by the user.
V. Use of Cookies
1. Description and Scope of Data Processing
Our website uses cookies. Cookies are small text files that are also stored on the user’s computer system (terminal device) via his or her browser. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic sequence (cookie ID) through which websites and servers can be related to the specific internet browser in which the cookie was stored. This allows the accessed websites and servers to distinguish the individual browser of the data subject from other web browsers that contain other cookies. Thus, the cookie allows for a conclusive identification of the browser at a (repeated) visit of the website.
We use cookies to design our website in a more user-friendly way and to enable certain functions.
On the one hand, we use so-called “session cookies” that are automatically deleted by your browser immediately after the ending of your visit of the websites.
In the area of web analytics on the other hand, we also use persistent cookies that allow us to recognize your browser at your next visit, for instance so that entries you made during your last visit are remembered for your later visit of our website.
Data that are stored and transmitted in the cookies include:
location data, login information, IP addresses, website settings.
Standortdaten, Log-in-Informationen, IP-Adressen, Webseiteneinstellungen.
To the extent that we use cookies that allow an analysis of the browsing habits of users, the following data may be transmitted as well: entered search terms, frequency of site views, utilization of website functions.
2. Legal Basis for Data Processing
In case of the processing of personal data via cookies implemented by us, pursuant to Article 6(1)(b) GDPR processing takes place either for the performance of the contract or, pursuant to Article 6(1)(f) GDPR, for safeguarding our legitimate interests in the best possible functionality of our website as well as a customer-friendly and effective designing of the site visit.
3. Purpose of Data Processing
The purpose of the use of technically necessary cookies is to simplify the use of websites for the users. Some functions of our website cannot be offered without the use of cookies since these require that the browser is recognized even after a site change.
The user data collected via technically necessary cookies are not utilized to create user profiles.
The use of analysis cookies takes place for the purpose of improving the quality of our website and its contents. Through analysis cookies, we learn how the website is used, thus enabling us to continually optimize our offers.
It is also in these purposes that our legitimate interest in the processing of personal data according to Article 6(1)(f) GDPR is founded.
4. Period of Storage, Possibility of Objection and Removal
Since cookies are saved on the user’s computer and transmitted from there to our site, you as the user have full control over the use of cookies. You can deactivate or limit the transmission of cookies by changing the settings in your web browser.
Depending on the browser used, the possibilities to administrate cookie settings differ. A description can usually be found in the help menu of every browser, detailing how you can change your cookie settings. Here you will find a collection of links to individual browsers:
Internet Explorer:
http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Firefox:
https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome:
http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Safari:
https://support.apple.com/kb/ph21411?locale=de
Opera:
http://help.opera.com/Windows/10.20/de/cookies.html
Cookies that have already been stored can be deleted at any time as well. This can also take place automatically. When cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.
The transmission of any “flash cookies” cannot be inhibited by the browser settings but by changing the settings of the flash player.
5. Consent
When you visit our website for the first time, we will show you a pop-up with an explanation about cookies. As soon as you click on "Eigene Auswahl & Einstellungen speichern", you consent to us using the categories of cookies and plug-ins you selected in the pop-up, as described in this Cookie Policy.
You can manage your consent settings. Use the link to have al look at the consent options.
VI. Newsletter
1. Description and Scope of Data Processing
Our website offers the possibility to subscribe to a free newsletter.
The subscription takes place via the so-called double opt-in process. This means that we will only deliver an e-mail newsletter to you if you have previously confirmed specifically that you agree to the sending of the newsletter. For this, we will send you a confirmation e-mail after your registration, with which you are asked to confirm that you wish to receive newsletters in the future by clicking on a corresponding link in the e-mail.
During the subscription to the newsletter, only your e-mail address is requested. The statement of possible further data such as first and last name is voluntary and takes place to be able to address you personally.
Furthermore, the following data are collected during subscription:
- IP address of the accessing computer
- time and date of the registration
In connection with the data processing for the sending of newsletters, there is no transfer of data to third parties. The data are only used for sending the newsletter.
2. Legal Basis for Data Processin
The legal basis for the processing of data after the subscription to the newsletter by the user is Article 6(1)(a) GDPR when the consent of the user is present.
The legal basis for the sending of the newsletter following the use of services by you is Section 7(3) of the German Act Against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb, UWG). To this extent, data processing only takes place on the basis of our legitimate interest in personalized direct marketing pursuant to Article 6(1)(f) GDPR.
3. Purpose of Data Processing
The collection of the e-mail address of the user serves to delivering the newsletter.
The collection of any other personal data in the course of the subscription process serves to prevent a misuse of the services or the e-mail address used.
4. Period of Storage
The data are deleted as soon as they are no longer necessary for the attainment of the goal of their collection. Thus, the e-mail address of the user is stored as long as the newsletter subscription is active.
Any other personal data collected in the course of the subscription process will generally be deleted within a period of seven days.
5. Possibility of Objection and Removal
The subscription to the newsletter can be terminated by the data subject at any time with effect to the future. For this purpose, a corresponding link can be found within every newsletter, alternatively you may also send a message to the controller named above. For this, only the transmission cost in accordance with the basic tariffs apply for you.
Through this, a withdrawal of the consent in the storage of the personal data collected during the subscription process is enabled as well.
After successful unsubscription, your e-mail address is deleted from our newsletter mailing list without undue delay, unless you specifically agreed to further use of your data or if we reserve a right to further use of data which is permitted by law and about which we inform you in this declaration. In the latter case, your e-mail will be blocked for the newsletter.
VII. Contact Form, Call Back Service and E-Mail Contact
1. Description and Scope of Data Processing
On our website, you can use a contact form to make contact with us electronically. When a user takes this opportunity, the data entered in the input mask are transmitted to us and stored.
Which data are collected in the case of a contact form is apparent from the input mask of the respective contact form.
To the extent that you use our call back service, your name and your telephone number are transmitted to us and stored.
Alternatively, making contact is possible via the e-mail address provided. In this case, the personal data of the user transmitted via e-mail are stored.
In this context, no transfer of data to third parties occurs. The data are only used for the processing of the conversation.
2. Legal Basis for Data Processing
The legal basis for the processing of data that are transmitted during the sending of an e-mail is Article 6(1)(f) GDPR. If the aim of the e-mail contact is to enter into a contract, the additional legal basis for processing is Article 6(1)(b) GDPR.
3. Purpose of Data Processing
The processing of personal data from the input mask only serves us to handle the contact request. In the case of a contact request via e-mail, this also constitutes the required legitimate interest in data processing.
The other personal data processed during the sending process serve to prevent a misuse of the contact form and to ensure the safety of our information technology systems.
4. Period of Storage
The data are deleted as soon as they are no longer necessary for the attainment of the goal of their collection. For the personal data from the input mask of the contact form and those that were sent via e-mail, this is the case when the respective contact with the user has terminated unless barred by legal duties to preserve records. The contact has terminated when it can be inferred from the circumstances that the respective issue has been conclusively resolved.
Any other personal data collected in the course of the sending process will be deleted within a period of seven days.
5. Possibility of Objection and Removal
If you contact us via e-mail, you can object to the storage of your personal data at any time. In this case, the communication with you cannot be continued. All personal data stored in the process of making contact will be deleted in this case.
VIII. Website Analytics
We refrain from using website analytics. Tools such as Google Analytics or Matomo are not employed.
IX. Google Web Fonts
This site uses so-called web fonts to render the fonts. These are provided by Google (http://www.google.com/webfonts/). To use these, your browser loads the required web font into your browser’s cache when accessing our site. This is necessary so that your browser too can render an optically improved version of our texts. If your browser does not support this function, a standard font of your computer is used to render texts.
You can find further information on Google web fonts at https://developers.google.com/fonts/faq?hl=de-E&csw=1.
You can find general information on the topic of data protection concerning Google at http://www.google.com/intl/de-DE/policies/privacy/.
X. Applicant Data
Please send your application documents exclusively to the following e-mail address: bewerbung@sefiro.de. This is the only way of guaranteeing that your data will be properly deleted in line with the GDPR.
To the extent that you react to job postings on our website or send us an application for other reasons, we process the data that you send us in the context of your application in order to consider your suitability for the position (or comparable positions currently open in our companies) and to conduct the application procedure. After receiving your application, your application data are reviewed by the staff members responsible in the personnel division. Suitable applications will be forwarded internally to the heads of the department responsible for the respective open position. Within the company, principally only those persons have access to your data who require such access for the proper execution of the application procedure.
The legal basis for the processing of your personal data within this application procedure is primarily Section 26 of the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) in the version in force since May 25, 2018. Pursuant to this regulation, data processing is permitted when it is necessary in connection with the decision on the creation of an employment relationship. After termination of the application procedure, data processing may take place when the requirements of Article 6 GDPR are met, especially to exercise legitimate interests pursuant to Article 6(1)(f) GDPR. Our interest may exist e.g. in case of prosecution according to the German General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz, AGG) in the enforcement of or defence against claims.
In case of rejection, the data of applicants are deleted within 4 months after the termination of the application procedure.
In case that you explicitly consented to further storage of your personal data, we will transfer your data into our pool of applicants. Here, the data will be deleted within two years.
Should your application be successful, and should you be awarded a contract for a position within the application procedure, we will transfer your data from the applicant data system into our personnel information system.
The data will exclusively be processed in datacentres of the Federal Republic of Germany.
XI. Rights of the Data Subject
Data subjects whose personal data are processed have the following rights with regard to the personal data concerning themselves vis-à-vis the controller named above:
1. Right of Access
At your request, the controller will confirm whether personal data concerning you are processed by us. If we perform such processing, you can demand access from the controller concerning the following information:
(1) the categories of personal data that are processed;
(2) the purposes for which the personal data are processed;
(3) the recipient/the categories of recipient to whom the personal data have been or will be disclosed;
(4) the envisaged period of storage of the personal data concerning you or at least, if specific information cannot be given, the criteria used to determine the storage period;
(5) the existence of the right to rectification or erasure of personal data, the right to restriction of processing by the controller or the right to object to this processing;
(6) all available information as to the source of the data where the personal data are not collected from the data subject;
(7) the existence of a right to lodge a complaint with a supervisory authority;
(8) the existence of automated decision-making, including profiling (Articles 22(1) and (4) GDPR) and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You also have the right to receive information on the extent to which personal data concerning you are transferred to a third country (or to an international organization). In this context, you can demand to be informed of appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
2. Right to Rectification
You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you are inaccurate or incomplete. The rectification is to be undertaken without undue delay.
3. Right to Restriction of Processing
You can demand a restriction of the processing of personal data concerning you if
(1) you contest the accuracy of the personal data concerning you, for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data instead;
(3) the controller no longer requires the personal data for the purposes of the processing, but you require these for the establishment, exercise or defence of legal claims, or
(4) you objected against the processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.
Where the processing of the personal data concerning you has been restricted, these data may – with the exception of their storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing was obtained pursuant to the requirements stated above, you will be informed by the controller before the restriction is lifted.
4. Right to Erasure
a) Erasure Obligation
You can demand from the controller that the personal data concerning you is erased without undue delay, and the controller is obliged to erase this data without undue delay where one of the following grounds applies:
(1) The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2) You withdraw your consent on which the processing pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR was based, and there is no other legal ground for the processing.
(3) You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
(4) The personal data concerning you have been unlawfully processed.
(5) The personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State to which the controller is subject
(6) The personal data concerning you have been collected in relation to the offer of information society services pursuant to Article 8(1) GDPR.
b) Information to Third Parties
Where the controller has made the personal data concerning you public and is obliged to erase the data pursuant to Article 17(1) GDPR, the controller, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
c) Exceptions
The right to erasure does not exist to the extent as processing is necessary
(1) for exercising the right to freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) as well as Article 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) GDPR to the extent that the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
5. Right of Information
If you have established the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obligated to communicate this rectification or erasure of the data or the restriction of processing to all receivers to whom the personal data concerning you were disclosed unless this proves to be impossible or to involve disproportionate effort.
You have the right vis-à-vis the controller to be informed about these receivers.
Ihnen steht gegenüber dem Verantwortlichen das Recht zu, über diese Empfänger unterrichtet zu werden.
6. Right to Data Portability
Sie haben das Recht, die Sie betreffenden personenbezogenen Daten, die Sie dem Verantwortlichen bereitgestellt haben, in einem strukturierten, gängigen und maschinenlesbaren Format zu erhalten. Außerdem haben Sie das Recht diese Daten einem anderen Verantwortlichen ohne Behinderung durch den Verantwortlichen, dem die personenbezogenen Daten bereitgestellt wurden, zu übermitteln, sofern
You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format. Moreover, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(1) the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and
(2) the processing is carried out by automated means
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others shall not be adversely affected through this.
The right to data portability does not apply to personal data processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data you which is based on Article 6(1)(e) or (f), including profiling based on those provisions.
The controller no longer processes the personal data concerning you unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data you which is based on Article 6(1)(e) or (f), including profiling based on those provisions.
The controller no longer processes the personal data concerning you unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, your personal data are no longer processed for such purposes.
In the context of the use of information society services – notwithstanding Directive 2002/58/EC – you have the possibility to exercise your right to object by automated means using technical specifications.
Sie haben die Möglichkeit, im Zusammenhang mit der Nutzung von Diensten der Informationsgesellschaft – ungeachtet der Richtlinie 2002/58/EG – Ihr Widerspruchsrecht mittels automatisierter Verfahren auszuüben, bei denen technische Spezifikationen verwendet werden.
8. Right to Withdrawal of Consent in Terms of Data Protection Law
You have the right to withdraw your consent in terms of data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated Individual Decision-Making Including Profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision is
(1) necessary for entering into, or performance of, a contract between you and the controller;
(2) authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) based on your explicit consent.
However, these decisions may not be based on special categories of personal data referred to in Article 9(1) GDPR, unless Article 9(2)(a) or (g) GDPR applies and suitable measures to your rights and freedoms and legitimate interests are in place.
In the cases referred to in points (1) and (3), the data controller will implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
10. Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.
