Data Protection Declaration

 


1. Scope of application


This Data Protection Declaration provides users with information concerning the type, scope and purpose of the collection, utilisation and processing of personal data by the responsible provider BdZS e. V., Borsigstr. 18, 47169 Duisburg, Germany, telephone: 0203 54472699, E-mail: info@bdzs.de. We therefore request that you read the following information thoroughly.


The legal basis for data protection can be found in the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG).

 


2. Clarification of the terms used:


Personal data is any information relating to an identified or identifiable natural person. This includes, for example, your name, your address and communication data and your E-mail address.

Processing means any operation or set of operations which is performed upon personal data, with or without the aid of automated procedures, such as the collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure through transmission, dissemination or other forms of provision, the comparison or linking, restriction, erasure or destruction.

Data subject means any identified or identifiable natural person whose personal data are processed by the data controller.

Controller or "data controller" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

Users includes all categories of data subjects. They include our business partners and other visitors to our website.

For the terms used, we also refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR). The terms utilised, such as "user", are to be understood as gender-neutral.

 


3. Names and addresses of the responsible persons


Helmar Rapprich

Gilsastraße 19
34119 Kassel

Telephon: +49 (0) 561 - 316 0 315
Telefax: +49 (0) 561 - 316 5 015
Marco Hildebrand

Rat-Deycks-Str. 22
51379 Leverkusen

Telephon: +49 (0) 2171 5067850
Telefax: +49 (0) 2171 5067851


E-Mail: info@bdzs.de

 


4. Data Protection Officer


Our Data Protection Officer can be contacted via the E-mail address info@bdzs.de or via our postal address with the addition of the supplement "The Data Protection Officer".

 


5. Minors


Persons under the age of 18 are not permitted to use our websites or to transmit personal data to us without the consent of their parents or legal guardians. We therefore do not knowingly collect personal data from minors. In the event of our becoming aware that minors are entering personal data via our websites without consent or that personal data is being entered for minors, we shall delete this data immediately.

 


6. Processing of personal data

6.1. Visiting our website

6.1.1. Scope of the data processing

When you visit our website, your browser transmits certain data to our web server for technical reasons. These consist of the following data (so-called server log files):



  • IP-adress
  • Date and time of the request
  • Time-zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Operating system and its access status / HTTP status code
  • Amount of data transferred
  • Website from which the request came ("referrer URL")
  • Browser, language and version of the browser software
 


6.1.2. Purpose of the data processing


The storage of these data in log files is necessary in order to ensure the functionality of the website. They serve us in the optimisation of the website and in ensuring the security of our information technology systems.

 


6.1.3. Legal basis for the processing


We collect these data on the basis of our legitimate interest within the meaning of Art. 6 (1) f) GDPR in order to be able to display our website and to ensure its security

 


6.1.4. Duration of storage


Information in the log files is stored for security reasons (e.g. to clarify acts of abuse or fraud) for a maximum of seven days and then deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident has been conclusively clarified.

 


6.1.5. Possibility of objection and deletion


For technical reasons, the collection of data for the provision of the website and its storage in log files is absolutely necessary. Consequently, there is no possibility of objection on the part of the user.

 


6.2. Contact form and E-mail contact

6.2.1. Scope of the data processing


When you use the contact form on our website, the following data is transmitted to us: name*, telephone number, E-mail address*, subject*, enquiry, request for call-back, your message to us. The fields marked with * are mandatory.

Alternatively, it is possible to contact us via E-mail addresses which we provide dependent on your request. In these cases, the sender's personal data transmitted with the E-mail will be processed.

In this context, the data will not be passed on to third parties. The data will be used exclusively for the processing of the conversation and for handling the request.

 


6.2.2. Purpose of the data processing


The processing of the personal data from the input mask serves us in the processing of the contact. In the case of contact via E-mail, this also constitutes the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process (e.g. IP address, date, time) serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

 


6.2.3. Legal basis for the processing


When contacting us (via contact form or E-mail), the user's details are processed for the purpose of handling the contact request and its processing pursuant to Art. 6 para. 1 lit. b) GDPR.

 


6.2.4. Duration of storage


We delete personal data when it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by E-mail, this is then the case when the respective conversation with the user has ended. The conversation is deemed to have ended when the circumstances indicate that the matter in question or the request for information has been conclusively clarified.

 


6.2.5. Possibility of objection and deletion


You have the possibility to revoke your consent to the processing of personal data at any time.

If you contact us via E-mail, you can object to the storage of your personal data at any time. In this case, our conversation can, of course, no longer be continued. Please send such a revocation to info@bdzs.de. All personal data stored in the course of contacting you will then be deleted.

 


6.3. Contractual performance for orders/assignments/services

6.3.1. Scope of the data processing


We process the data of our contractual partners and interested parties as well as other contracting parties, customers, clients or further contractual partners in accordance with Art. 6 Para. 1 lit. b. GDPR in order to provide them with our contractual or pre-contractual services. The data processed within this context, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship.

The data processed include the master data of our contractual partners (e.g. names and addresses) and contact data (e.g. E-mail addresses and telephone numbers) as well as contractual data (e.g. services utilised, contents of the contract, contractual communication, names of contact persons) and payment data (e.g. bank details, payment history). As a general rule, we do not process special categories of personal data, unless these are components of a commissioned or contractual processing. In principle, these data are not passed on to third parties unless it is necessary for the pursuit of our claims in accordance with Art. 6 Para. 1 lit. f. GDPR or there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c. GDPR.

Furthermore, we store information on suppliers, organisers and other business partners on the basis of our business interests, e.g. for the purpose of contacting them at a later date. These data, most of which are company-related, are stored permanently.

 


6.3.2. Purpose of the data processing


We process data that are required for the justification and fulfilment of contractual services and draw attention to the necessity of their disclosure. Disclosure to external persons or companies only takes place if it is necessary within the framework of a contract. When processing the data provided to us within the scope of an order, we act in accordance with the instructions of the client as well as the legal requirements.

 


6.3.3. Legal basis for the processing


We process these data for the execution of a contract. The legal basis for this is Art. 6 para. 1 lit. b. GDPR.

 


6.3.4. Duration of storage


The data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations. Retention obligations arise for reasons of commercial and tax law. According to German legal requirements, records are to be kept for 6 years in accordance with § 257 para. 1 HGB (commercial letters, accounting documents) and for 10 years in accordance with § 147 para. 1 AO (e.g. accounting documents, commercial and business letters, documents relevant for taxation). The necessity of retention of the data is reviewed every three years.

 


6.3.5. Possibility of objection and deletion


The data processed in connection with an order are subject to retention obligations under commercial and tax law. Consequently, the user has no possibility of objection.

 


6.4. Applications

6.4.1. Scope of the data processing


If you are interested in working for our company, you can submit an online application. Vacancies are advertised under the menu item "Career" when they become available. You may also submit an unsolicited application. If you apply to us via E-mail, we will process the data you have sent us in order to carry out the application process.

 


6.4.2. Purpose of the data processing


We process the data that you have sent us in connection with your application in order to assess your suitability for the position (or, if applicable, other open positions in our company) and to carry out the application procedure.

 


6.4.3. Legal basis for the processing


The legal basis is § 26 para. 1 BDSG-neu. According to this, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible. Should the data be required for legal prosecution after completion of the application procedure, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR. Our interest then entails the assertion of or defence against claims.

 


6.4.4. Recipients of the data processing


Your applicant data will be viewed by the HR department following receipt of your application. Suitable applications are then forwarded internally to the department responsible for the respective open position. The further procedure is then coordinated. Only those persons in the company who require access to your data for the proper conduct of our application process will actually have access to such data.

 


6.4.5. Duration of storage


If the application leads to an employment relationship, we process these data for the implementation of an employment relationship. The data will then be entered into our HR management system.

If the application does not lead to an employment relationship, these data will be deleted 3 months after the end of the application procedure, taking into account the time limit for action under the AGG, unless the applicant has given consent in accordance with Art. 6 Para. 1 lit a) GDPR and Art. 7 GDPR for the longer-term storage of his/her personal data in order to be considered for new job offers, if applicable.

 


6.4.6. Possibility of objection and deletion


The information you have provided to us can be renewed or deleted at any time upon request. In order to do so, please send an E-mail to us at info@bdzs.de. This does not apply if you have applied for a specific position with us in an ongoing application process. In this case, we will store the information you have provided for this position until the expiry of the statutory time limits for taking legal action (in particular § 15 AGG).

 


6.5. Cookies

6.5.1. Scope of the data processing


Our website uses cookies. Cookies are small text files which are stored on your computer when you visit our website. Cookies do not cause any damage to your computer and do not contain any malware such as viruses. Cookies contain a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. Some elements of our website require that the calling browser can be identified even after a page change.

This is not done by assigning this to you personally, but by assigning an identification number to the cookie ("cookie ID"). The cookie ID is not associated with your name, your IP address or similar data that would enable the cookie to be assigned to you.



This website uses transient and persistent cookies.

  • Transient cookies are automatically deleted when you close the browser. These include, in particular, so-called session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. When you return to our website, your computer can be recognised. Session cookies are deleted when you log out or close the browser.
  • Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
 


6.5.2. Purpose of the data processing


We use cookies to make our website attractive and user-friendly, to improve it and to speed up requests.

Some elements of our website require that the calling browser can be identified even after a page change. For these, it is necessary that the browser is also recognised after a page change.

 


6.5.3. Legal basis for the processing


The legal basis for the processing of personal data using the technically necessary cookies is Art. 6 para. 1 lit. f GDPR.

 


6.5.4. Duration of storage


  • Session cookies are deleted as soon as the browser is closed.
  • Persistent cookies are automatically deleted after a predefined period of time.

 


6.5.5. Possibility of objection and deletion


As a user, you have full control over the use of cookies. By changing the settings in your Internet browser, you can set it so that cookies are not stored at all or are automatically deleted at the end of your Internet session. To do this, select "Do not accept cookies" in the settings of your browser. In Microsoft Internet Explorer, select "Tools > Internet Options > Privacy > Settings"; in Firefox, select "Tools > Settings > Privacy > Cookies". If you use a different Internet browser, please refer to the browser's help function for instructions on preventing and deleting cookies.

Please note, however, that in this case you may not be able to use all the functions of our website./p>

 


6.6. Web analysis

6.6.1. Scope of the data processing


We use Google Analytics on our website, a web-analysis service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google").

Google analyses, on our behalf, your use of our website. We use cookies, amongst other things, for this purpose. We have described what cookies are and how they can be deleted in the "Cookies" section above.

The information collected by Google regarding your use of this website (e.g. the pages visited on our website) is transferred to a Google server in the USA, stored there, analysed and the result made available to us in anonymised form.

On our website, we use the IP anonymisation offered by Google. In this case, your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.

Google is certified in the EU-US Privacy Shield www.privacyshield.gov/participant?id=a2zt000000001L5AAI, which guarantees an appropriate level of data protection for data at Google in the USA.

 


6.6.2. Purpose of the data processing


On our behalf, Google uses this information in order to evaluate the use of our website and to compile reports on the activities within our website. This enables us to improve your online experience and increase the user-friendliness of our website.

 


6.6.3. Legal basis for the processing


Our legitimate interest in the processing of data by Google Analytics lies in the aforementioned purposes. The legal basis is Art. 6 para. 1 lit. f GDPR.

 


6.6.4. Duration of storage


Sessions and campaigns are terminated after a certain period of time. As standard, sessions are terminated after 30 minutes without activity and campaigns are terminated after six months. The time limit for campaigns may not exceed two years.

 


6.6.5. Possibility of objection and deletion


The IP address transmitted by your browser will not be merged with other Google data. You can prevent cookies from being stored by setting your browser software accordingly, as described above in the "Cookies" section. In addition, you can prevent the collection of the data generated by the cookie and related to your use of our website by Google, as well as the processing of this data by Google, by downloading and installing the available browser plugin from Google:
https://tools.google.com/dlpage/gaoptout?hl=de.

If you wish to prevent the future collection of your data by Google Analytics when visiting our website via different devices (especially mobile devices such as smartphones or tablets), you must carry out the opt-out on all systems used. If you click here , this opt-out cookie will be set.

Please note that this opt-out cookie only prevents web analysis as long as you have not deleted it. For more information on Google Analytics, please see the Google Analytics Terms of Use :
https://www.google.de/analytics/terms/de.html, in the Google Analytics security and privacy policy
https://support.google.com/analytics/answer/6004245?hl=de and the Google privacy policy
https://www.google.de/intl/de/policies/privacy/.

 


7. Data security


We undertake technical, contractual and organisational measures to ensure the security of data processing in accordance with the latest technology. In this way, we ensure that the provisions of the data-protection laws, in particular the General Data Protection Regulation, are complied with and that the data processed by us are protected against destruction, loss, modification and unauthorised access. These security measures also include the encrypted transmission of data between your browser and our servers. Please note that SSL encryption is only activated for transmissions carried out via the Internet if the key symbol appears in the lower menu bar of your browser window and the address begins with https://. SSL (Secure Socket Layer) encryption technology protects data transmission from illegal access by third parties. If this option is not available, you can choose not to send certain data via the Internet.

All information that you transmit to us will be stored and processed on our servers in the Federal Republic of Germany.

 


8. Disclosure of data to third parties and third-party providers


Data is disclosed to third parties solely within the framework of legal requirements. We disclose user data to third parties only in the case that this is necessary, for example, on the basis of Art. 6 para. 1 lit. b) GDPR for contractual purposes, or we are legally obliged to do so (Art. 6 para. 1 lit. c) GDPR, or on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR in the economic and effective provision of our services.

We use subcontractors for the provision of our services, in particular for the operation, maintenance and hosting of the website, within the framework of commissioned processing pursuant to Art. 28 GDPR. We have taken appropriate legal precautions as well as corresponding technical and organisational measures to ensure the protection of personal data in accordance with the relevant statutory provisions.

 


9. External services and content on our website


We include external services or content on our website. This is performed on the basis of our legitimate interests in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f) GDPR.



When using such a service or displaying third-party content, communication data such as date, time and IP address are exchanged between you and the respective provider for technical reasons. This is in particular your IP address, which is required for the display of content in your browser. For further information on the purpose and scope of the collection and processing of your data, please refer to the data-protection notices of the respective providers of the services or content we integrate who are responsible under data-protection law. The following list provides an overview of third-party providers and their content and links to their data-protection declarations, which contain further information on the processing of data and objection options.



 


10. Social Plugins


We currently utilise the following social-media plug-ins: Facebook, Twitter, Instagram, XING, Linkedin, Pinterest, tumblr and Google+.



When you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognise the provider of the plug-in by the mark on the box above its initial letter or logo. We open up the possibility for you to communicate directly with the provider of the plug-in via the button. Only if you click on the marked box and thereby activate it will the plug-in provider receive the information that you have accessed the corresponding website of our online offer.

By activating the plug-in, your personal data is transmitted to the respective plug-in provider and stored there (in the case of US providers, in the USA). Since the plug-in provider collects the data in particular via cookies, we recommend that you delete all cookies via your browser's security settings before clicking on the greyed-out box.

We have no influence on the data collected or the data-processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing, or the storage periods. We also have no information on the deletion of the collected data by the plug-in provider.

The plug-in provider stores the data collected about you as a usage profile and uses this for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this right, you must contact the respective plug-in provider. Via the plug-ins, we offer you the opportunity to interact with the social networks and other users so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 lit. f) GDPR.

The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected from us will be directly assigned to your account with the plug-in provider. If you click the activated button and, for example, create a link to the page, the plug-in provider will also store this information in your user account and share it publicly with your contacts. We recommend that you log out regularly after using a social network, but in particular before activating the button, as this will help you to avoid an assignment to your profile with the plug-in provider.

For further information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the data-protection declarations of these providers, which are provided below. There you will also receive further information on your rights in this regard and setting options for protecting your privacy.

Addresses for the respective plug-in providers and URLs with their data-protection notices:

 


11. Your rights


If we process personal data concerning your person, you are then a data subject within the meaning of the General Data Protection Regulation (GDPR) and you have the following rights with regard to the personal data concerning your person:


  • Right to information (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR),
  • Right to data portability (Art. 20 GDPR)
  • Right to objection against processing (Art. 21 GDPR)
  • Right to complain to a data-protection supervisory authority (Art. 77 GDPR)
 


12. Amendments to the Data Protection Declaration


We reserve the right to amend the Data Protection Declaration in order to adapt it to altered legal situations or in the event of modifications to the service and/or data processing. This only applies, however, with regard to declarations on data processing. Insofar as user consent is required or components of the Data Protection Declaration contain provisions of the contractual relationship with the users, the amendments will only be made with the consent of the users.

Please regularly obtain up-to-date information on the content of the Data Protection Declaration.