Data protection
1. Privacy at a glance
General information
With the following information we would like to give you as a visitor to our website, as a candidate, customer or prospective customer of our services, as a supplier or other person concerned, an overview of the processing of your personal data by us and your rights under data protection law. Which data is processed in detail and how it is used depends largely on the desired or agreed services. Therefore, not all parts of this information will apply to you.
Data collection on this website
EMSIG Experts e.Kfr., hereinafter "EMSIG", is responsible for data processing within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations. The person responsible is not obliged to appoint a data protection officer.
EMSIG Experts e.Kfr.Inh. Gesa DöringAn der Aue 3131848 Bad Münder
05042 - 604 997 0info@emsig-hr.dewww.emsig-hr.de
Scope of processing of personal data We collect and use personal data of our candidates, customers, users of the website or other data subjects only insofar as this is necessary in the respective processing context.
Legal basis for the processing of personal data Insofar as we obtain the consent of the person concerned for the processing of personal data, Article 6 Paragraph 1 lit of the contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 Paragraph 1 lit. c GDPR serves as the legal basis In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 Paragraph 1 lit. d GDPR serves as the legal basis. Processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the first-mentioned interest, Article 6 (1) lit. f GDPR serves as the legal basis for the processing.
Data deletion and storage period The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. Data processing is also restricted or data is deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
2. Processing of personal data of business partners
Description and scope of data processing In the context of cooperation with business partners, we process personal data from candidates and contact persons at customers, suppliers, interested parties, sales partners and cooperation partners (hereinafter "business partners"). In particular, the following personal data are processed:
- Contact information, such as first and last name, business address, business telephone number, business mobile phone number, business fax number and business e-mail address, payment data, such as information required to process payment transactions or to prevent fraud, including credit card information and card security numbers, other information , the processing of which is necessary as part of a project or the execution of a contractual relationship with our company and which is provided voluntarily by business partners, e.g. in the context of orders made, inquiries or details of projects, personal data that comes from publicly available sources, information databases or from Credit bureaus are collected and insofar as legally required as part of compliance screenings: date of birth, ID card and ID card numbers, information on relevant court proceedings or other legal disputes in which business partners are involved.
EMSIG processes the personal data for the following purposes:
- Communication with business partners on services and projects, e.g. to process inquiries from the business partner, planning, implementation and management of the contractual business relationship between EMSIG and the business partner, e.g. to process the order for products and services, collect payments, for accounting and billing purposes. Conducting customer surveys, marketing campaigns, market analyses, sweepstakes, competitions or similar promotions and events, conducting customer satisfaction surveys and direct marketing, maintaining and protecting the security of our services and our websites, preventing and detecting security risks, fraudulent activities or other criminal or malicious activities actions taken, compliance with (i) legal requirements (e.g. tax and commercial law storage obligations, see also Section IV No. 3), (ii) existing obligations to carry out compliance screenings (to prevent white-collar crime or money laundering) and (iii) Company policies and industry standards and resolving disputes, enforcing existing contracts, and establishing, exercising and defending legal claims.
Purposes of data processing and legal bases The processing of personal data is necessary to achieve the aforementioned purposes. Unless expressly stated otherwise when collecting personal data, the legal basis for data processing is:
- the execution and fulfillment of a contract with you according to Article 6 Paragraph 1 lit. b GDPR, the fulfillment of legal obligations to which EMSIG is subject according to Article 6 Paragraph 1 lit. c GDPR, or the protection of legitimate interests of EMSIG according to Art. 6 Para. 1 lit. f GDPR. EMSIG's legitimate interest lies in the initiation, implementation and processing of the business relationship.
If you have expressly given your consent to the processing of your personal data in an individual case, this consent is the legal basis for processing in accordance with Article 6 (1) (a) GDPR.
Duration of storage We process and store your personal data for as long as this is necessary to fulfill our contractual and legal obligations.
If the data is no longer required for the fulfillment of contractual or legal obligations, they are regularly deleted, unless their - temporary - further processing is necessary for the following purposes:
- Fulfillment of statutory retention requirements (e.g. commercial and tax retention requirements in accordance with the German Commercial Code (HGB) and the Fiscal Code (AO)). The statutory periods for storage and documentation are generally two to ten years. Preservation of evidence within the framework of the statutory statute of limitations. According to §§ 195 ff of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is 3 years.
3. Provision of the website and creation of log files
Description and scope of data processing Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. In particular, the following data is processed:
(1) Information about the browser type and version used (2) The user's operating system (3) The user's Internet service provider (4) The user's IP address (5) Date and time of access (6) Websites , from which the user's system reaches our website (7) Websites that are accessed by the user's system via our website
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
Legal basis for data processing The legal basis for the temporary storage of data and log files is Article 6 Paragraph 1 Letter f of the GDPR.
Purpose of data processingThe data mentioned is stored in order to enable the website to be displayed in your browser, to ensure the functionality of the website and to optimize the website. An evaluation of the data for marketing purposes does not take place in this context.
Our legitimate interest in data processing in accordance with Article 6 (1) (f) GDPR also lies in the above-mentioned purposes.
Duration of storage The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after 14 days. Storage beyond this is possible. In this case, the IP addresses of the users are anonymized so that it is no longer possible to assign the calling client.
Possibility of objection and elimination The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
4. Use of Cookies
Our online offer uses cookies. Cookies are small text files that are stored on your computer when you visit our websites. We use cookies for the purpose of ensuring the use of our online offer, for marketing, for individual website optimization and to ensure IT security. Depending on their function, the cookies store data such as language settings, search terms entered or the frequency of page views.
When you visit our website, we display a so-called "cookie banner" in which you can declare your consent to the use of cookies on this website by pressing a button and make a selection of the cookies used on the website. Your selection will also be saved for future visits.
If you no longer wish to use cookies at a later date, you can change your choice of using cookies at any time by adjusting the cookie management settings in your Internet browser. In particular, you can have cookies that have already been set deleted or prevent them from being set in the future. Please note that the settings vary depending on the browser used and cannot be explained here in general terms.
Depending on their function and purpose, the use of certain cookies requires the user's consent.
Cookies, which are absolutely necessary to use our online offer, to design the website or to guarantee IT security, do not require consent. The setting of these cookies and the related processing activities are permitted by Art. 6 Para. 1 lit. f GDPR.
In contrast, cookies for all other purposes, such as for marketing or for carrying out statistical evaluations of your activities on the website, require your consent. The legal basis for data processing in this case is Article 6 (1) (a) GDPR.
The use of our range of social media and map services can result in data transmission and subsequent processing of usage data for the respective services in the USA. The basis for any processing activities is your explicitly declared declaration of consent, which you have given via the cookie banner. Your declaration of consent justifies such data processing as an exception and on a case-by-case basis in accordance with Article 49 (1) (a) GDPR. Please note that there is no comparable level of data protection in the USA as in the EU and the EEA. In particular, it is possible for government agencies to access your personal data on the basis of legal authorizations without us or you finding out about it. There are no comparable options for enforcing one's own rights in the USA, so this does not appear promising.
Any data transmissions are only automated in connection with the use of our social media offering and Google's map services and with the help of the use of cookies. Further details can be found in this data protection declaration in section “XI. Use of social media plugin".
You can completely reject the use of cookies and other technologies or make individual settings. You can also revoke your consent at any time with effect for the future. Processing previously carried out remains unaffected by a revocation. Please contact us at info@emsig-experts.de.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted after your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted.
Cookies that are required to carry out the electronic communication process or to provide certain functions you want (e.g. shopping cart function) are stored on the basis of Article 6 Paragraph 1 Letter f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. If a corresponding consent was requested (e.g. consent to the storage of cookies), the processing takes place exclusively on the basis of Article 6 Paragraph 1 lit. the consent can be revoked at any time.
Insofar as other cookies (e.g. cookies for analyzing your surfing behavior) are stored, these are treated separately in this data protection declaration.
5. Links to social networks (LinkedIn, Xing, Facebook, Instagram)
We use references ("links") to the social networks LinkedIn, Xing, Facebook and Instagram on our website to draw attention to the services of EMSIG and to communicate with you as a visitor and user of these social media pages and our website to get in touch. We have no influence on the processing of your personal data by the respective providers when you visit the social media pages.
Rather, the providers of the social networks have control over the data processing as part of the use of the respective service. This includes, for example, the storage and use of cookies on user devices and the analysis of your behavior on the social network.
You can recognize the links by the logo of the respective social network. By clicking on the logo, a direct connection is established between your browser and the server of the respective service and you are forwarded to the website of the service provider.
The legal basis for the use of links to third-party providers is Article 6 Paragraph 1 Letter f of the GDPR.
For more information about data processing on the social media sites, please refer to the privacy policy of the relevant social network.
6. Contact form and contacting by email
Description and scope of data processing There are contact forms on our website which can be used for electronic contact. If a user makes use of these options, the data entered in the input mask will be transmitted to us and saved. These dates are:
(1) Salutation, surname and first name (mandatory field) (2) Contact option, e.g. B. E-mail address, postal address or telephone number (required field depending on contact request) (3) Subject (required field) (4) The IP address of the user (5) Date and time of registration
In this context, the data will not be passed on to third parties outside of EMSIG. The data will only be used to process correspondence.
Legal basis for data processing If the user has given his consent, the legal basis for processing the data is Article 6 Paragraph 1 lit 6 Paragraph 1 lit. f GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR.
Purpose of data processingThe processing of personal data from the input mask serves us solely to process the contact. If contact is made by e-mail, this is also the necessary legitimate interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
Duration of storage The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective correspondence with the user has ended and the relevant facts have been finally clarified.
Possibility of objection and revocation The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the correspondence cannot be continued. Please send us your deletion request via email to info@emsig-experts.de
All personal data that was saved in the course of making contact will be deleted in this case.
7. Use of Social Media Plugins
On our website we use so-called social plugins from companies that operate social networks. The plugins represent independent extensions of the providers of social networks. We use plugins so that visitors to our website can share content from our online offer on the individual networks and to expand the reach of our online offer.
If you do not want the providers of social networks to receive data via this online offer and possibly save or use it, you should not use the respective plugins. A transfer of personal data to the operator of a social network only takes place when using the social plugin.
Below you will find information on the individual plugins used on our website.
a) Scope of processing of personal data Components of the social network "LinkedIn" are integrated on our website. These functions are offered by LinkedIn Ireland Limited, 77 Sir John Rogerson's Quay, Dublin 2, Ireland. By using the "InShare" button, the websites you visit are linked to your LinkedIn account and made known to other users. Data is also transmitted to LinkedIn.
Information on the further processing and use of the data by LinkedIn as well as your rights in this regard and setting options for the protection of your privacy can be found in LinkedIn's data protection declaration available at https://www.linkedin.com/legal/privacy-policy?src=li-other&veh =www.linkedin.com|li-other.
b) Legal basis for the processing of personal data The legal basis for the forwarding of personal data to LinkedIn is Article 6 (1) (a) GDPR.
Further information on data processing on LinkedIn can be found in LinkedIn's data protection declaration at https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com|li-other.
a) Scope of processing of personal data Our website includes components of the "XING" service, which is operated by XING AG, Gänsemarkt 43, 20354 Hamburg. By using the XING button, the websites and content you visit are linked to your XING account and made known to other users. Data is also transmitted to XING in the process.
Information on the further processing and use of the data by Xing as well as your rights in this regard and setting options for protecting your privacy can be found in Xing's data protection declaration, which is available at https://privacy.xing.com/de/datenschutzerklaerung.
b) Legal basis for the processing of personal data The legal basis for the transfer of personal data to XING is Article 6 (1) (a) GDPR.
Further information on data processing on XING can be found in Xing's data protection declaration at https://privacy.xing.com/de/datenschutzerklaerung.
a) Scope of processing of personal data
This online offer also links to the services of the company "Facebook Ireland Ltd." (hereinafter "Facebook").
When you visit our Facebook fan page, Facebook records in particular your IP address and, if applicable, other information that is available on your PC in the form of cookies. This information is used to provide us, as the owner of the Facebook fan page, with statistical information about the use of the Facebook page.
The data collected about you in this context will be processed by Facebook and may be transferred to countries outside the European Union. We would like to point out that Facebook is responsible under data protection law for the corresponding transmission and subsequent processing operations. What specific data Facebook receives and how it is used is described in general terms in Facebook's privacy policy. You can find more information on this in Facebook's privacy policy: http://de-de.facebook.com/about/privacy
b) Legal basis for the processing of personal data The legal basis for the transfer of personal data to Facebook is Article 6 (1) (b) GDPR if you use the services as intended. In addition, Art. 6 Para. 1 lit. f GDPR applies.
a) Scope of processing of personal data Our website includes components of the "Instagram" service, which is a technical platform and service provided by Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland.
Basically, when you access an Instagram page, the IP address assigned to your device is transmitted to Facebook/Instagram. Facebook/Instagram state that they only process this IP address anonymously and delete it after 90 days. Additional information about the end devices of users is only stored within the scope of the use of intended functions such as the registration notification.
Information on the further processing and use of the data by Instagram as well as your rights in this regard and setting options for protecting your privacy can be found in Instagram's data protection declaration, which is available at https://help.instagram.com/519522125107875?helpref=page_content.
b) Legal basis for the processing of personal data The legal basis for the transfer of personal data to Instagram is Article 6(1)(b) GDPR if you use the services as intended. In addition, Art. 6 Para. 1 lit. f GDPR applies.
8. Rights of the data subject
If your personal data is processed, you are the data subject within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:
Right to information, correction, deletion, restriction of data processing, revocation of consent, data transferability Every affected person has the right to information according to Art. 15 DS-GVO, the right to correction according to Art. 16 DS-GVO, the right to deletion according to Art 17 DS-GVO, the right to restriction of processing under Article 18 DS-GVO and the right to data portability under Article 20 DS-GVO.
The restrictions under §§ 34 and 35 BDSG apply to the right to information and the right to erasure. In addition, there is a right of appeal to a competent data protection supervisory authority (Art. 77 DS-GVO in conjunction with Section 19 BDSG).
You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were given to us before the GDPR came into force, i.e. before May 25, 2018. Please note that the revocation only applies to the future. Processing that took place before the revocation is not affected. You also have the right, according to Art. 22 DS-GVO, not to be subject to fully automated decision-making. In principle, we do not use fully automated decision-making to establish, implement and terminate the business relationship. Should we use these procedures in individual cases (e.g. to improve our services), we will inform you separately about this and your rights in this regard, insofar as this is required by law.
Right to object
You also have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data relating to you, which is based on Art. 6 (1) lit. e GDPR (data processing in the public interest) and Art. 6 Paragraph 1 lit. f GDPR (data processing on the basis of a balance of interests) to file an objection; this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 DS-GVO. If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms. This includes in particular if the processing is necessary to assert, exercise or defend legal claims.
Obligation to provide data
As part of our business relationship, you must provide the personal contract data that is required for the establishment, implementation and termination of a business relationship and for the fulfillment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will generally not be able to enter into, perform and terminate a contract with you.
The same applies to visiting our online offer and collecting usage data. Without the collection of the usage data, we and our service providers are not able to make our online offer available to you.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data is contrary to violates the GDPR. The supervisory authority to which the complaint was lodged will inform the complainant about the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
For more information and explanations regarding the above rights, please visit the European Commission's Rights for Citizens website.