Privacy Policy
Name and address of the data controller
The responsible body within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:
Pawlik Consultants GmbH
Astraturm · Zirkusweg 2
20359 Hamburg
Germany
Telefon: +49 40 53 28 50 0 E-Mail: info@pawlik.de
Represented by the managing directors Joachim Pawlik, Tobias M. Andresen, Layla Dolfen
Name and address of the data protection officer
The data protection officer of the data controller is:
Jörg Hermann
jmh datenschutzberatung
Freibadstr. 30
81543 München
E-Mail: datenschutz@pawlik.de
General information on data processing
Legal basis for processing personal data
In accordance with Article 13 GDPR, we will inform you of the legal basis for our data processing. If the legal basis is not specified in the privacy notice, the following applies: the legal basis for obtaining consent is Articel 6(1)(a) in conjunction with Article 7 GDPR. The legal basis for processing in order to provide our services and fulfil contractual measures, as well as answering inquiries, is Article 6(1)
(b) GDPR. The legal basis for processing in order to fulfil our legal obligations is Article 6(1)(c) GDPR. If the processing of your data is necessary to safeguard the legitimate interests of our company or a third party and if your interests, fundamental rights and fundamental freedoms as the data subject do not outweigh the first interest, Article 6(1)(f) GDPR serves as the legal basis for the processing. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.
Data deletion and storage period
We adhere to the principles of data minimisation in accordance with Article 5(1)(c) GDPR and storage limitation according to Article 5(1)(e) GDPR. We only store your personal data for as long as is necessary to achieve the purposes stated here, or as stipulated by the retention periods provided for by law. After the respective purpose no longer applies or after these retention periods have expired, the corresponding data will be deleted as quickly as possible.
External links
This website may contain links to third-party websites or to other websites under our responsibility. If you follow a link to any of the websites outside our control, please note that these websites have their own privacy notices. We do not assume any responsibility or liability for these external websites and their privacy notices. Before using these websites, please check whether you agree with their privacy policies.
You can recognise external links either by the fact that they are displayed in a colour which is slightly different from the rest of the text or that they are underlined. Your cursor will show you external links when you move it over such a link. Only when you click on an external link will your personal data be transferred to the destination of the link. The operator of the other website will then receive your IP address, the time at which you clicked on the link, the website you were on when you clicked on the link, and other information that you can find in the respective provider’s privacy notice.
Please also note that individual links may result in data transfer outside the European Economic Area. This could give foreign authorities access to your data. You may not be entitled to any legal recourse against such data access. If you do not want your personal data to be transferred to the link destination or potentially even accessed by foreign authorities against your will, please do not click on any links.
Rights of data subjects
As a data subject within the meaning of the GDPR, you have the option to assert various rights. The data subject rights arising from the GDPR are the right to information (Article 15), the right to rectification (Article 16), the right to deletion (Article 17), the right to restriction of processing (Article 18), the right to object (Article 21), the right to lodge a complaint with a supervisory authority and the right to data portability (Article 20).
Right of revocation:
Some data processing can only take place with your express consent.You have the option to revoke your consent at any time. However, the lawfulness of the data processing up to the point of revocation is not affected by this.
Right of objection:
If the processing is based on Article 6(1)(e) or (f) GDPR, you as the data subject can object to the processing of your personal data at any time for reasons arising from your particular situation. You are also entitled to this right in the case of profiling based on these provisions within the meaning of Article 4(4) GDPR. Unless we can prove a legitimate interest for the processing which overrides your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims, we will refrain from processing your data after the objection has been made.
If the processing of personal data serves the purpose of direct marketing, you also have the right to object at any time. The same applies to profiling associated with direct marketing. Here, too, we will no longer process personal data as soon as you raise an objection.
Right to lodge a complaint with a supervisory authority:
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, without prejudice to any other administrative or judicial remedy, your place of work or the location of the alleged violation.
Right to data portability:
If your data is processed automatically based on consent or fulfilment of a contract, you have the right to receive this data in a structured, common and machine-readable format. You also have the right to request that the data be transferred and made available to another data controller, insofar as this is technically feasible.
Right of access, rectification and erasure:
You have the right to obtain information about the processing of your personal data with regard to the purpose, categories and recipients of the data processing, as well as the duration of storage. If you have any questions on this topic or on other topics regarding personal data, you can of course contact us using the contact options provided in the legal notice.
Right to restriction of processing:
You may assert your right to the restriction of processing of your personal data at any time. To do this, you must meet one of the following requirements:
- You contest the accuracy of the personal data. While the accuracy of the data is being verified, you have the right to demand that its processing is restricted.
- If processing is unlawful, you can request the restriction of the use of the data as an alternative to deletion.
- If we no longer need your personal data for the purposes of processing, but you need the data to assert, exercise or defend legal claims, you can request the restriction of processing as an alternative to deletion.
- If you object to the processing in accordance with Article 21(1) GDPR, we will weigh up your interests against ours. Until this weighing up is completed, you have the right to request the restriction of processing.
The effect of restricting processing is that, apart from storage, the personal data may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a member state.
Provision of the website (web host)
Our website is hosted by:
Hetzner Online GmbH
Industriestr. 25, 91710 Gunzenhausen Germany
When you access our website, we automatically collect and store information in so-called server log files. Your browser automatically transmits this information to our server or our hosting company’s server.
These are:
- IP address of the website visitor’s end device device used
- host name of the accessing computer visitor’s operating system
- browser type and version name of the retrieved file time of server request
- amount of data
- information on whether the retrieval of the data was successful
This data is not merged with other data sources.
Instead of operating this website on our own server, we may also commission an external service provider (hosting company) to operate it on their own server, which we have named above in this case. The personal data collected by this website will be stored on the hosting company’s servers. In addition to the data mentioned above, the web host also stores for us, for example, contact requests, contact details, names, website access data, meta and communication data, contract data and other data generated via a website.
The legal basis for processing this data is Article 6(1)(f) GDPR . Our legitimate interest is the technically error-free presentation and optimisation of this website. If the website is called up in order to enter into contract negotiations with us or to conclude a contract, this serves as a further legal basis (Article 6(1)(b) GDPR). In the event that we have commissioned a hosting company, a order processing contract will have been agreed with this service provider.
Contact form
You have the option to contact us via a form on the website. In order to contact to be established via this form, we need your contact details in particular.
The legal basis for data processing here is to fulfil a contract or pre-contractual measures in accordance with Article 6(1)(b) GDPR . There may also be a legitimate interest in maintaining business relationships or answering your request for other reasons.
In this case, the legal basis for the processing of your data would be Article 6(1)(f) GDPR.
The data will be deleted when we have resolved your request and no other retention obligations apply.
Bookings
We use the Microsoft Booking service of Microsoft Ireland Operations Ltd from Ireland as a plug-in to simplify the appointment process with our website users.
A direct connection is established between your browser and the Microsoft server via the plug-in and data is exchanged with the Microsoft servers. Information about your use of this website (including your IP address) is forwarded.
Microsoft Bookings is part of our Office365, Microsoft acts as our processor, the forwarding to the servers takes place within the framework of order processing.
The basis for data processing by us is Art. 6 para. 1 sentence 1 lit. f GDPR, which permits the processing of data to safeguard the legitimate interests of the controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail. We have an interest in improving the organisation of appointments.
Newsletter
If you wish to register for our newsletter, we require your first name and surname, an e-mail address and information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. For this purpose, we will send a confirmation e-mail to the e-mail address provided, containing a link (double opt-in); only after clicking on this link is the registration complete.
The purpose of this procedure is to be able to verify your registration and, if necessary, to clarify any possible misuse of your personal data. In addition, we store your IP address and the times of registration and confirmation. The purpose of this procedure is to be able to verify your registration and, if necessary, to clarify any possible misuse of your personal data. We do not collect any other data in this context. We use this data exclusively for sending the requested newsletter.
We use the Brevo tool from Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, to send our newsletter. We have concluded a data processing agreement with the service provider in accordance with Art. 28 GDPR.
We evaluate our newsletter campaigns. When you open an e-mail from the newsletter, a file contained in the e-mail (a so-called web beacon) connects to our service provider’s servers. This allows us to determine whether a newsletter message has been opened and which links you click on. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for statistical analysis of newsletter campaigns.
The data you provide us with for the purpose of receiving the newsletter will be stored by us in the newsletter distribution list until you unsubscribe and will be deleted from our servers as well as from the servers of our newsletter service provider after you unsubscribe from the newsletter. Data that we have stored for other purposes (e.g. e-mail addresses for contractual communication) remain unaffected by this.
Data processing is carried out on the basis of your consent in accordance with Article 6 (1) (1) (a) GDPR. You can revoke your consent to receive the newsletter and unsubscribe at any time. You can declare your revocation by clicking on the link provided in each email. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
Use of Local Storage Items, Session Storage Items and Cookies
Our website uses local storage items, session storage items and/or cookies. Local storage is a mechanism that enables data to be stored within the browser on your end device. This data usually includes user preferences, such as the “day” or “night” mode of a website, and is retained until you manually delete the data. Session storage is very similar to Local storage, whereas the storage duration only lasts during the current session, so until the current tab is closed. The session storage objects are then deleted from your end device. Cookies are information that a web server (server that provides web content) stores on your end device in order to be able to identify this end device. They are either temporarily deleted for the duration of a session (session cookies) and after your visit to a website or permanently (permanent cookies) on your end device until you delete them yourself or they are automatically deleted by your web browser.
These objects can also be stored on your end device by third-party companies when you visit our site (third-party requests). This allows us, as the operator, and you, as a visitor to this website, to make use of certain third-party services installed on this website. Examples are the processing payment services or displaying videos on a website.
These mechanisms have a variety of uses. They can improve the functionality of a website, control shopping cart functions, increase the security and comfort of website use and carry out analyses regarding visitor flows and behaviour. Depending on their individual functions, they must be classified in terms of data protection legislation. Are they necessary for the operation of the website and intended to provide certain features (shopping cart feature) or serve to optimize the website (e.g. cookies to measure visitor behaviour), then their use is based on Article 6(1)(f) GDPR. As a website operator, we have a legitimate interest in storing local storage items, session storage items and cookies in order to ensure the technically error-free and optimized provision of our services. In all other cases, local storage items, session storage items and cookies are only stored with your express consent (Article 6(1)(a) GDPR).
If local storage items, session storage items and cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this privacy notice. When required, your consent will be requested and can be revoked at any time.
Use of external services
We use external services on our website. External services are services provided by third parties that are used on our website. This can be done for a variety of reasons, such as embedding videos or website security. When using these services, personal data is also passed on to the respective providers of these external services. If we have no legitimate interest in using these services, we will obtain your revocable consent as a visitor to our website before using them (Article 6(1)(a) GDPR).
Analytics
We process website visitors’ personal data in order to analyse user behaviour. Evaluation of this data enables us to compile information on how visitors use individual components of our website. This allows us to increase the user-friendliness of our website. The analysis tools may be used, for example, to create user profiles for the display of targeted or interest-based advertising messages, to recognise our website visitors the next time they visit our website, to measure their click/scroll behaviour and downloads, to create heat maps, to recognise page views, to measure the length of visits to the website or bounce rates, as well as to trace the origin of website visitors (city, country, the website visitors have come from). The analysis tools help us to improve our market research and marketing activities.
Processing only occurs if you expressly give consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent Art. 6(1)(a) GDPR. Without your consent, data processing in the manner described above will not take place. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.
Google Analytics
Our website uses the service Google Analytics. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The use of this service may result in data transfer to a third country (USA). The provider of this service is certified according to the EU-
U.S. Data Privacy Framework and therefore provides an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://policies.google.com/privacy.
SalesViewer
Our website uses the service SalesViewer. The provider of this service is SalesViewer GmbH, Huestraße 30, 44787 Bochum, Germany.
Further information can be found in the provider’s privacy policy at the following URL: https://www.salesviewer.com/en/privacy-policy.
WP Statistics
Our website uses the service WP Statistics. The provider of this service is VeronaLabs OÜ, Tatari 64, 10134 Tallinn, Estonia. As this service is hosted locally on the web server, no data is transferred to third parties.
Content delivery network (CDN)
We use a content delivery network (CDN) to optimise the performance and availability of our website. For this purpose, the service provider who makes this network available will process your IP address and information about when you visited our website. All further information on data processing by this service provider can be found in the company’s privacy notice.
This processing is based on our legitimate interest (Article 6(1)(f) GDPR).
Our legitimate interest in using a content delivery network is to be able to display our website as quickly, securely and reliably as possible.
Google APIs CDN
Our website uses the service Google APIs CDN. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The use of this service may result in data transfer to a third country (USA). The provider of this service is certified according to the EU-
U.S. Data Privacy Framework and therefore provides an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://policies.google.com/privacy.
Content management system
A content management system enables the creation, editing, organisation and presentation of digital content. We use a content management system to create content for our website. This enables us to design a more attractive website.
This processing is based on our legitimate interest (Article 6(1)(f) GDPR).
Our legitimate interest is in the technically error-free display and optimisation of the website.
Elementor
Our website uses the service Elementor. The provider of this service is Elementor Ltd., Tuval st. 40, Ramat Gan, 5126112, Israel. As this service is hosted locally on the web server, no data is transferred to third parties.
Presentation optimisation
We use tools that serve to optimise the presentation of our website. Among other things, these tools help display the website in other languages or to make it more accessible.
Processing only occurs if you expressly give consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent Art. 6(1)(a) GDPR. Without your consent, data processing in the manner described above will not take place. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.
WPML
Our website uses the service WPML. The provider of this service is OnTheGoSystems Ltd., 22/F 3 Lockhart Road, Wanchai, Hong Kong, China.
As this service is hosted locally on the web server, no data is transferred to third parties. This processing is based on our legitimate interest (Article 6(1)(f) GDPR).
This application is required to ensure the unrestricted functionality of the website. This is a language tool which is considered essential.
Web fonts
This site uses so-called web fonts for the uniform display of fonts, which are provided by an external provider and loaded by the browser when the website is accessed. When web fonts are loaded, the web font provider becomes aware that our website has been accessed from your IP address, as your browser establishes a direct connection to the web font provider.
Processing only occurs if you expressly give consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent Art. 6(1)(a) GDPR. Without your consent, data processing in the manner described above will not take place. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.
Google Fonts
Our website uses the service Google Fonts. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The use of this service may result in data transfer to a third country (USA). The provider of this service is certified according to the EU-
U.S. Data Privacy Framework and therefore provides an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://policies.google.com/privacy.
Presence on social media
Social networks process personal data of their users on a large scale. Visiting our profiles on such networks leads to the processing of your IP address and other information about the used devices, among other things, which enables the IP addresses to be reassigned to individual users. We cannot influence this data processing. Therefore we have to point out that visiting our profiles on the social networks and using their functions is at your own risk. Details on data processing can be found in the operator’s data protection declaration.
The purpose of our profiles on social media platforms is to increase our Internet presence and the associated greater notoriety. Therefore, legitimate interest in accordance with Article 6 (1)(f) GDPR is to be used as the legal basis. Furthermore, with regard to the processing activities by the social networks, we refer to their own legal bases (e.g. consent in accordance with Article 6 (1)(a) GDPR), which can be found in the respective data protection declaration.
Together with the social media platform, we are responsible for the data processing operations triggered when you visit our profile. You can therefore assert your rights as a data subject in accordance with the GDPR against the social media platform and against us.
However, we would like to point out that we cannot influence the processing of data by the social media platform.
Presence on LinkedIn
We have a profile on LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
Detailed information about the handling of personal data can be found in the following data protection declaration of LinkedIn: https://www.linkedin.com/legal/privacy-policy.
Presence on XING
We have a profile on XING. The provider of this service is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
Detailed information about the handling of personal data can be found in the following data protection declaration of XING: https://privacy.xing.com/de/datenschutzerklaerung.
Presence on YouTube
We have a profile on YouTube. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Detailed information about the handling of personal data can be found in the following data protection declaration of YouTube: https://policies.google.com/privacy?hl=de.
DATA PROTECTION INFORMATION FOR CUSTOMERS AND CONTRACTUAL PARTNERS
Data protection information on our processing of personal data in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)
Dear customer, dear contractual partner,
In accordance with the provisions of Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR), we are hereby informing you about the processing of your personal data and your rights under data protection law in this regard. Which data is processed in detail and how it is used depends largely on the requested or agreed services. Please read the following information to ensure that you are fully informed about how your personal data is processed in the context of the performance of a contract or in order to take steps prior to entering into a contract.
1. PURPOSES AND LEGAL BASIS OF PROCESSING
We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) in the currently valid version:
Fulfilment of (pre-)contractual obligations (Art. 6 (1) (b) GDPR)
Your data is processed for the purpose of concluding a contract online or in one of our branches, for the purpose of concluding a contract for your employment in our company. In particular, the data is processed when business is initiated and when contracts with you are executed.
Fulfilment of legal obligations (Art. 6 (1) (c) GDPR)
Processing of your data is necessary for the purpose of fulfilling various legal obligations, e.g. from the German Commercial Code or the German Fiscal Code.
For the protection of legitimate interests (Art. 6 para. 1 lit. f GDPR)
On the basis of a balancing of interests, data processing may be carried out beyond the actual fulfilment of the contract in order to protect the legitimate interests of us or third parties. Data processing for the protection of legitimate interests takes place, for example, in the following cases:
- Advertising or marketing: Under the statutory conditions of Section 7 (3) of the German Unfair Competition Act (UWG), we are entitled to use the email address that you provided when concluding the contract for direct advertising for our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter. You can object to the use of your personal data for advertising purposes at any time, either in general or for individual measures.
- Measures for business management and further development of services and products
- As part of legal proceedings
As part of your consent (Art. 6 para. 1 lit. a GDPR)
If you have given us consent to process your data, e.g. to send you our newsletter, etc.
Data processing when establishing contact for job applications (Art. 6 para. 1 lit.f DSGVO)
We establish initial contacts between potential candidates and our clients for job positions. In this context, we approach suitable candidates in social networks (of course within the framework of the terms of use there) and ask whether they are interested in being put in touch with our clients.
If we do not receive your express consent for the processing of your data in this context, we store your name and the date of our approach to you in order to document our approach to you, to avoid writing to you more than once during a search, and to take into account any objections.
The basis for the data processing is Art. 6 (1) 1 lit. f GDPR, which permits the processing of data for the purposes of the legitimate interests pursued by the controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Our interest lies in addressing potential applicants efficiently and avoiding addressing people who do not want to be addressed by us twice or at all.
If you send us application documents without being asked to do so after we have approached you, or if you provide us with data in subsequent discussions or in any other way in this context and do not give us your express consent to process this data and/or to forward it to the employer/provider of a job, we will process the data in preparation for a possible forwarding/placement with the employer/provider of a job until we have received your consent or the customer’s order has been completed. The basis for this data processing is Art. 6 (1) sentence 1 point (f) GDPR, which permits the processing of data for the purposes of the legitimate interests pursued by the controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Our interest lies in preparing the transfer of the data to an employer in the event that the corresponding consent, which we regularly ask for, is given. In this case, we do not have to request all the data again.
2. CATEGORIES OF PERSONAL DATA
We only process data that is related to the establishment of the contract or the pre-contractual measures.
For customers, this includes, for example, first and last name, address, contact details (email address, telephone number), bank details, image recordings.
For business partners, this includes, for example, the name of their legal representatives, company, commercial register number, VAT ID number, company number, address, contact details (email address, telephone number, fax), bank details.
3. DATA SOURCES
We process personal data that we receive from you in the context of establishing contact or entering into a contractual relationship or in the context of pre-contractual measures.
4.TRANSMISSION OF YOUR PERSONAL INFORMATION
We only share your personal data within our company with the departments and persons who need this data to fulfil contractual and legal obligations or to pursue our legitimate interests.
Your personal data is processed on our behalf on the basis of data processing agreements in accordance with Article 28 of the GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR. The categories of recipients in this case are providers of internet services and providers of customer management systems and software. We use the CRM system Salesforce from Salesforce, Inc. As Salesforce, Inc. is part of the EU-US Data Privacy Framework Programme, an EU adequacy decision applies to the data transfer.
Otherwise, data will only be passed on to recipients outside the company if this is permitted or required by law, if the transfer is necessary for the processing and thus for the fulfilment of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent or if we are authorised to provide information.
5. TRANSFER TO A THIRD COUNTRY
A transfer to a third country is not intended.
6.DURATION OF DATA STORAGE
If necessary, we process and store your personal data for the duration of our business relationship or to fulfil contractual purposes.This includes, among other things, the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations arising from the German Commercial Code (HGB) and the German Fiscal Code (AO), among other things. The periods for storage and documentation prescribed there are between two and ten years.
Finally, the storage period is also based on the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.
7. YOUR RIGHTS
Every data subject has the right of access under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR, the right to notification under Article 19 of the GDPR and the right to data portability under Article 20 of the GDPR.
Furthermore, you have the right to lodge a complaint with a data protection supervisory authority in accordance with Art. 77 GDPR if you believe that the processing of your personal data is unlawful. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.
If data is processed on the basis of your consent, you have the right to withdraw your consent to the use of your personal data at any time in accordance with Art. 7 GDPR. Please note that the withdrawal of consent is only effective for the future. It does not affect processing that occurred prior to the withdrawal. Please also note that we may need to store certain data for a certain period of time to fulfil legal requirements.
Right to object
If your personal data is processed in order to protect legitimate interests in accordance with Article 6(1)(f) of the GDPR, you have the right to object to the processing of this data at any time for reasons arising from your particular situation, in accordance with Article 21 of the GDPR. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing. These must outweigh your interests, rights and freedoms, or the processing must serve to assert, exercise or defend legal claims.
In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to processing for the purpose of such advertising. This also applies to profiling insofar as it is associated with this direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
To protect your rights, you can contact us using the contact details provided above.
8. REQUIREMENT TO PROVIDE PERSONAL DATA
The provision of personal data for the decision to conclude a contract, to fulfil a contract or to carry out pre-contractual measures is voluntary. However, we can only make a decision within the framework of contractual measures if you provide the personal data that is necessary for the conclusion of the contract, the fulfilment of the contract or pre-contractual measures.
Name and address of the data controller
The responsible body within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:
Pawlik Recruiters GmbH
Englische Straße 21
10587 Berlin
Germany
Phone: +49 40 53 28 50 0
E-Mail: info@pawlik-recruiters.com
Represented by managing director Arne Adrian
Name and address of the data protection officer
The data protection officer of the data controller is:
Jörg Hermann
jmh datenschutzberatung
Freibadstr. 30
81543 München
E-Mail: datenschutz@pawlik.de
General information on data processing
Legal basis for processing personal data
In accordance with Article 13 GDPR, we will inform you of the legal basis for our data processing. If the legal basis is not specified in the privacy notice, the following applies: the legal basis for obtaining consent is Articel 6(1)(a) in conjunction with Article 7 GDPR. The legal basis for processing in order to provide our services and fulfil contractual measures, as well as answering inquiries, is Article 6(1)
(b) GDPR. The legal basis for processing in order to fulfil our legal obligations is Article 6(1)(c) GDPR. If the processing of your data is necessary to safeguard the legitimate interests of our company or a third party and if your interests, fundamental rights and fundamental freedoms as the data subject do not outweigh the first interest, Article 6(1)(f) GDPR serves as the legal basis for the processing. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.
Data deletion and storage period
We adhere to the principles of data minimisation in accordance with Article 5(1)(c) GDPR and storage limitation according to Article 5(1)(e) GDPR. We only store your personal data for as long as is necessary to achieve the purposes stated here, or as stipulated by the retention periods provided for by law. After the respective purpose no longer applies or after these retention periods have expired, the corresponding data will be deleted as quickly as possible.
External links
This website may contain links to third-party websites or to other websites under our responsibility. If you follow a link to any of the websites outside our control, please note that these websites have their own privacy notices. We do not assume any responsibility or liability for these external websites and their privacy notices. Before using these websites, please check whether you agree with their privacy policies.
You can recognise external links either by the fact that they are displayed in a colour which is slightly different from the rest of the text or that they are underlined. Your cursor will show you external links when you move it over such a link. Only when you click on an external link will your personal data be transferred to the destination of the link. The operator of the other website will then receive your IP address, the time at which you clicked on the link, the website you were on when you clicked on the link, and other information that you can find in the respective provider’s privacy notice.
Please also note that individual links may result in data transfer outside the European Economic Area. This could give foreign authorities access to your data. You may not be entitled to any legal recourse against such data access. If you do not want your personal data to be transferred to the link destination or potentially even accessed by foreign authorities against your will, please do not click on any links.
Rights of data subjects
As a data subject within the meaning of the GDPR, you have the option to assert various rights. The data subject rights arising from the GDPR are the right to information (Article 15), the right to rectification (Article 16), the right to deletion (Article 17), the right to restriction of processing (Article 18), the right to object (Article 21), the right to lodge a complaint with a supervisory authority and the right to data portability (Article 20).
Right of revocation:
Some data processing can only take place with your express consent.You have the option to revoke your consent at any time. However, the lawfulness of the data processing up to the point of revocation is not affected by this.
Right of objection:
If the processing is based on Article 6(1)(e) or (f) GDPR, you as the data subject can object to the processing of your personal data at any time for reasons arising from your particular situation. You are also entitled to this right in the case of profiling based on these provisions within the meaning of Article 4(4) GDPR. Unless we can prove a legitimate interest for the processing which overrides your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims, we will refrain from processing your data after the objection has been made.
If the processing of personal data serves the purpose of direct marketing, you also have the right to object at any time. The same applies to profiling associated with direct marketing. Here, too, we will no longer process personal data as soon as you raise an objection.
Right to lodge a complaint with a supervisory authority:
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, without prejudice to any other administrative or judicial remedy, your place of work or the location of the alleged violation.
Right to data portability:
If your data is processed automatically based on consent or fulfilment of a contract, you have the right to receive this data in a structured, common and machine-readable format. You also have the right to request that the data be transferred and made available to another data controller, insofar as this is technically feasible.
Right of access, rectification and erasure:
You have the right to obtain information about the processing of your personal data with regard to the purpose, categories and recipients of the data processing, as well as the duration of storage. If you have any questions on this topic or on other topics regarding personal data, you can of course contact us using the contact options provided in the legal notice.
Right to restriction of processing:
You may assert your right to the restriction of processing of your personal data at any time. To do this, you must meet one of the following requirements:
- You contest the accuracy of the personal data. While the accuracy of the data is being verified, you have the right to demand that its processing is restricted.
- If processing is unlawful, you can request the restriction of the use of the data as an alternative to deletion.
- If we no longer need your personal data for the purposes of processing, but you need the data to assert, exercise or defend legal claims, you can request the restriction of processing as an alternative to deletion.
- If you object to the processing in accordance with Article 21(1) GDPR, we will weigh up your interests against ours. Until this weighing up is completed, you have the right to request the restriction of processing.
The effect of restricting processing is that, apart from storage, the personal data may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a member state.
Provision of the website (web host)
Our website is hosted by:
Hetzner Online GmbH
Industriestr. 25, 91710 Gunzenhausen Germany
When you access our website, we automatically collect and store information in so-called server log files. Your browser automatically transmits this information to our server or our hosting company’s server.
These are:
- IP address of the website visitor’s end device device used
- host name of the accessing computer visitor’s operating system
- browser type and version name of the retrieved file time of server request
- amount of data
- information on whether the retrieval of the data was successful
This data is not merged with other data sources.
Instead of operating this website on our own server, we may also commission an external service provider (hosting company) to operate it on their own server, which we have named above in this case. The personal data collected by this website will be stored on the hosting company’s servers. In addition to the data mentioned above, the web host also stores for us, for example, contact requests, contact details, names, website access data, meta and communication data, contract data and other data generated via a website.
The legal basis for processing this data is Article 6(1)(f) GDPR . Our legitimate interest is the technically error-free presentation and optimisation of this website. If the website is called up in order to enter into contract negotiations with us or to conclude a contract, this serves as a further legal basis (Article 6(1)(b) GDPR). In the event that we have commissioned a hosting company, a order processing contract will have been agreed with this service provider.
Contact form
You have the option to contact us via a form on the website. In order to contact to be established via this form, we need your contact details in particular.
The legal basis for data processing here is to fulfil a contract or pre-contractual measures in accordance with Article 6(1)(b) GDPR . There may also be a legitimate interest in maintaining business relationships or answering your request for other reasons.
In this case, the legal basis for the processing of your data would be Article 6(1)(f) GDPR.
The data will be deleted when we have resolved your request and no other retention obligations apply.
Bookings
We use the Microsoft Booking service of Microsoft Ireland Operations Ltd from Ireland as a plug-in to simplify the appointment process with our website users.
A direct connection is established between your browser and the Microsoft server via the plug-in and data is exchanged with the Microsoft servers. Information about your use of this website (including your IP address) is forwarded.
Microsoft Bookings is part of our Office365, Microsoft acts as our processor, the forwarding to the servers takes place within the framework of order processing.
The basis for data processing by us is Art. 6 para. 1 sentence 1 lit. f GDPR, which permits the processing of data to safeguard the legitimate interests of the controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail. We have an interest in improving the organisation of appointments.
Newsletter
If you wish to register for our newsletter, we require your first name and surname, an e-mail address and information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. For this purpose, we will send a confirmation e-mail to the e-mail address provided, containing a link (double opt-in); only after clicking on this link is the registration complete.
The purpose of this procedure is to be able to verify your registration and, if necessary, to clarify any possible misuse of your personal data. In addition, we store your IP address and the times of registration and confirmation. The purpose of this procedure is to be able to verify your registration and, if necessary, to clarify any possible misuse of your personal data. We do not collect any other data in this context. We use this data exclusively for sending the requested newsletter.
We use the Brevo tool from Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, to send our newsletter. We have concluded a data processing agreement with the service provider in accordance with Art. 28 GDPR.
We evaluate our newsletter campaigns. When you open an e-mail from the newsletter, a file contained in the e-mail (a so-called web beacon) connects to our service provider’s servers. This allows us to determine whether a newsletter message has been opened and which links you click on. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for statistical analysis of newsletter campaigns.
The data you provide us with for the purpose of receiving the newsletter will be stored by us in the newsletter distribution list until you unsubscribe and will be deleted from our servers as well as from the servers of our newsletter service provider after you unsubscribe from the newsletter. Data that we have stored for other purposes (e.g. e-mail addresses for contractual communication) remain unaffected by this.
Data processing is carried out on the basis of your consent in accordance with Article 6 (1) (1) (a) GDPR. You can revoke your consent to receive the newsletter and unsubscribe at any time. You can declare your revocation by clicking on the link provided in each email. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
Use of Local Storage Items, Session Storage Items and Cookies
Our website uses local storage items, session storage items and/or cookies. Local storage is a mechanism that enables data to be stored within the browser on your end device. This data usually includes user preferences, such as the “day” or “night” mode of a website, and is retained until you manually delete the data. Session storage is very similar to Local storage, whereas the storage duration only lasts during the current session, so until the current tab is closed. The session storage objects are then deleted from your end device. Cookies are information that a web server (server that provides web content) stores on your end device in order to be able to identify this end device. They are either temporarily deleted for the duration of a session (session cookies) and after your visit to a website or permanently (permanent cookies) on your end device until you delete them yourself or they are automatically deleted by your web browser.
These objects can also be stored on your end device by third-party companies when you visit our site (third-party requests). This allows us, as the operator, and you, as a visitor to this website, to make use of certain third-party services installed on this website. Examples are the processing payment services or displaying videos on a website.
These mechanisms have a variety of uses. They can improve the functionality of a website, control shopping cart functions, increase the security and comfort of website use and carry out analyses regarding visitor flows and behaviour. Depending on their individual functions, they must be classified in terms of data protection legislation. Are they necessary for the operation of the website and intended to provide certain features (shopping cart feature) or serve to optimize the website (e.g. cookies to measure visitor behaviour), then their use is based on Article 6(1)(f) GDPR. As a website operator, we have a legitimate interest in storing local storage items, session storage items and cookies in order to ensure the technically error-free and optimized provision of our services. In all other cases, local storage items, session storage items and cookies are only stored with your express consent (Article 6(1)(a) GDPR).
If local storage items, session storage items and cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this privacy notice. When required, your consent will be requested and can be revoked at any time.
Use of external services
We use external services on our website. External services are services provided by third parties that are used on our website. This can be done for a variety of reasons, such as embedding videos or website security. When using these services, personal data is also passed on to the respective providers of these external services. If we have no legitimate interest in using these services, we will obtain your revocable consent as a visitor to our website before using them (Article 6(1)(a) GDPR).
Analytics
We process website visitors’ personal data in order to analyse user behaviour. Evaluation of this data enables us to compile information on how visitors use individual components of our website. This allows us to increase the user-friendliness of our website. The analysis tools may be used, for example, to create user profiles for the display of targeted or interest-based advertising messages, to recognise our website visitors the next time they visit our website, to measure their click/scroll behaviour and downloads, to create heat maps, to recognise page views, to measure the length of visits to the website or bounce rates, as well as to trace the origin of website visitors (city, country, the website visitors have come from). The analysis tools help us to improve our market research and marketing activities.
Processing only occurs if you expressly give consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent Art. 6(1)(a) GDPR. Without your consent, data processing in the manner described above will not take place. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.
Google Analytics
Our website uses the service Google Analytics. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The use of this service may result in data transfer to a third country (USA). The provider of this service is certified according to the EU-
U.S. Data Privacy Framework and therefore provides an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://policies.google.com/privacy.
SalesViewer
Our website uses the service SalesViewer. The provider of this service is SalesViewer GmbH, Huestraße 30, 44787 Bochum, Germany.
Further information can be found in the provider’s privacy policy at the following URL: https://www.salesviewer.com/en/privacy-policy.
WP Statistics
Our website uses the service WP Statistics. The provider of this service is VeronaLabs OÜ, Tatari 64, 10134 Tallinn, Estonia. As this service is hosted locally on the web server, no data is transferred to third parties.
Content delivery network (CDN)
We use a content delivery network (CDN) to optimise the performance and availability of our website. For this purpose, the service provider who makes this network available will process your IP address and information about when you visited our website. All further information on data processing by this service provider can be found in the company’s privacy notice.
This processing is based on our legitimate interest (Article 6(1)(f) GDPR).
Our legitimate interest in using a content delivery network is to be able to display our website as quickly, securely and reliably as possible.
Google APIs CDN
Our website uses the service Google APIs CDN. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The use of this service may result in data transfer to a third country (USA). The provider of this service is certified according to the EU-
U.S. Data Privacy Framework and therefore provides an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://policies.google.com/privacy.
Content management system
A content management system enables the creation, editing, organisation and presentation of digital content. We use a content management system to create content for our website. This enables us to design a more attractive website.
This processing is based on our legitimate interest (Article 6(1)(f) GDPR).
Our legitimate interest is in the technically error-free display and optimisation of the website.
Elementor
Our website uses the service Elementor. The provider of this service is Elementor Ltd., Tuval st. 40, Ramat Gan, 5126112, Israel. As this service is hosted locally on the web server, no data is transferred to third parties.
Presentation optimisation
We use tools that serve to optimise the presentation of our website. Among other things, these tools help display the website in other languages or to make it more accessible.
Processing only occurs if you expressly give consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent Art. 6(1)(a) GDPR. Without your consent, data processing in the manner described above will not take place. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.
WPML
Our website uses the service WPML. The provider of this service is OnTheGoSystems Ltd., 22/F 3 Lockhart Road, Wanchai, Hong Kong, China.
As this service is hosted locally on the web server, no data is transferred to third parties. This processing is based on our legitimate interest (Article 6(1)(f) GDPR).
This application is required to ensure the unrestricted functionality of the website. This is a language tool which is considered essential.
Web fonts
This site uses so-called web fonts for the uniform display of fonts, which are provided by an external provider and loaded by the browser when the website is accessed. When web fonts are loaded, the web font provider becomes aware that our website has been accessed from your IP address, as your browser establishes a direct connection to the web font provider.
Processing only occurs if you expressly give consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent Art. 6(1)(a) GDPR. Without your consent, data processing in the manner described above will not take place. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.
Google Fonts
Our website uses the service Google Fonts. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The use of this service may result in data transfer to a third country (USA). The provider of this service is certified according to the EU-
U.S. Data Privacy Framework and therefore provides an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://policies.google.com/privacy.
Presence on social media
Social networks process personal data of their users on a large scale. Visiting our profiles on such networks leads to the processing of your IP address and other information about the used devices, among other things, which enables the IP addresses to be reassigned to individual users. We cannot influence this data processing. Therefore we have to point out that visiting our profiles on the social networks and using their functions is at your own risk. Details on data processing can be found in the operator’s data protection declaration.
The purpose of our profiles on social media platforms is to increase our Internet presence and the associated greater notoriety. Therefore, legitimate interest in accordance with Article 6 (1)(f) GDPR is to be used as the legal basis. Furthermore, with regard to the processing activities by the social networks, we refer to their own legal bases (e.g. consent in accordance with Article 6 (1)(a) GDPR), which can be found in the respective data protection declaration.
Together with the social media platform, we are responsible for the data processing operations triggered when you visit our profile. You can therefore assert your rights as a data subject in accordance with the GDPR against the social media platform and against us.
However, we would like to point out that we cannot influence the processing of data by the social media platform.
Presence on LinkedIn
We have a profile on LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
Detailed information about the handling of personal data can be found in the following data protection declaration of LinkedIn: https://www.linkedin.com/legal/privacy-policy.
Presence on XING
We have a profile on XING. The provider of this service is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
Detailed information about the handling of personal data can be found in the following data protection declaration of XING: https://privacy.xing.com/de/datenschutzerklaerung.
Presence on YouTube
We have a profile on YouTube. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Detailed information about the handling of personal data can be found in the following data protection declaration of YouTube: https://policies.google.com/privacy?hl=de.
DATA PROTECTION INFORMATION FOR CUSTOMERS AND CONTRACTUAL PARTNERS
Data protection information on our processing of personal data in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)
Dear customer, dear contractual partner,
In accordance with the provisions of Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR), we are hereby informing you about the processing of your personal data and your rights under data protection law in this regard. Which data is processed in detail and how it is used depends largely on the requested or agreed services. Please read the following information to ensure that you are fully informed about how your personal data is processed in the context of the performance of a contract or in order to take steps prior to entering into a contract.
1. PURPOSES AND LEGAL BASIS OF PROCESSING
We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) in the currently valid version:
Fulfilment of (pre-)contractual obligations (Art. 6 (1) (b) GDPR)
Your data is processed for the purpose of concluding a contract online or in one of our branches, for the purpose of concluding a contract for your employment in our company. In particular, the data is processed when business is initiated and when contracts with you are executed.
Fulfilment of legal obligations (Art. 6 (1) (c) GDPR)
Processing of your data is necessary for the purpose of fulfilling various legal obligations, e.g. from the German Commercial Code or the German Fiscal Code.
For the protection of legitimate interests (Art. 6 para. 1 lit. f GDPR)
On the basis of a balancing of interests, data processing may be carried out beyond the actual fulfilment of the contract in order to protect the legitimate interests of us or third parties. Data processing for the protection of legitimate interests takes place, for example, in the following cases:
- Advertising or marketing: Under the statutory conditions of Section 7 (3) of the German Unfair Competition Act (UWG), we are entitled to use the email address that you provided when concluding the contract for direct advertising for our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter. You can object to the use of your personal data for advertising purposes at any time, either in general or for individual measures.
- Measures for business management and further development of services and products
- As part of legal proceedings
As part of your consent (Art. 6 para. 1 lit. a GDPR)
If you have given us consent to process your data, e.g. to send you our newsletter, etc.
Data processing when establishing contact for job applications (Art. 6 para. 1 lit.f DSGVO)
We establish initial contacts between potential candidates and our clients for job positions. In this context, we approach suitable candidates in social networks (of course within the framework of the terms of use there) and ask whether they are interested in being put in touch with our clients.
If we do not receive your express consent for the processing of your data in this context, we store your name and the date of our approach to you in order to document our approach to you, to avoid writing to you more than once during a search, and to take into account any objections.
The basis for the data processing is Art. 6 (1) 1 lit. f GDPR, which permits the processing of data for the purposes of the legitimate interests pursued by the controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Our interest lies in addressing potential applicants efficiently and avoiding addressing people who do not want to be addressed by us twice or at all.
If you send us application documents without being asked to do so after we have approached you, or if you provide us with data in subsequent discussions or in any other way in this context and do not give us your express consent to process this data and/or to forward it to the employer/provider of a job, we will process the data in preparation for a possible forwarding/placement with the employer/provider of a job until we have received your consent or the customer’s order has been completed. The basis for this data processing is Art. 6 (1) sentence 1 point (f) GDPR, which permits the processing of data for the purposes of the legitimate interests pursued by the controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Our interest lies in preparing the transfer of the data to an employer in the event that the corresponding consent, which we regularly ask for, is given. In this case, we do not have to request all the data again.
2. CATEGORIES OF PERSONAL DATA
We only process data that is related to the establishment of the contract or the pre-contractual measures.
For customers, this includes, for example, first and last name, address, contact details (email address, telephone number), bank details, image recordings.
For business partners, this includes, for example, the name of their legal representatives, company, commercial register number, VAT ID number, company number, address, contact details (email address, telephone number, fax), bank details.
3. DATA SOURCES
We process personal data that we receive from you in the context of establishing contact or entering into a contractual relationship or in the context of pre-contractual measures.
4.TRANSMISSION OF YOUR PERSONAL INFORMATION
We only share your personal data within our company with the departments and persons who need this data to fulfil contractual and legal obligations or to pursue our legitimate interests.
Your personal data is processed on our behalf on the basis of data processing agreements in accordance with Article 28 of the GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR. The categories of recipients in this case are providers of internet services and providers of customer management systems and software. We use the CRM system Salesforce from Salesforce, Inc. As Salesforce, Inc. is part of the EU-US Data Privacy Framework Programme, an EU adequacy decision applies to the data transfer.
Otherwise, data will only be passed on to recipients outside the company if this is permitted or required by law, if the transfer is necessary for the processing and thus for the fulfilment of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent or if we are authorised to provide information.
5. TRANSFER TO A THIRD COUNTRY
A transfer to a third country is not intended.
6.DURATION OF DATA STORAGE
If necessary, we process and store your personal data for the duration of our business relationship or to fulfil contractual purposes.This includes, among other things, the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations arising from the German Commercial Code (HGB) and the German Fiscal Code (AO), among other things. The periods for storage and documentation prescribed there are between two and ten years.
Finally, the storage period is also based on the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.
7. YOUR RIGHTS
Every data subject has the right of access under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR, the right to notification under Article 19 of the GDPR and the right to data portability under Article 20 of the GDPR.
Furthermore, you have the right to lodge a complaint with a data protection supervisory authority in accordance with Art. 77 GDPR if you believe that the processing of your personal data is unlawful. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.
If data is processed on the basis of your consent, you have the right to withdraw your consent to the use of your personal data at any time in accordance with Art. 7 GDPR. Please note that the withdrawal of consent is only effective for the future. It does not affect processing that occurred prior to the withdrawal. Please also note that we may need to store certain data for a certain period of time to fulfil legal requirements.
Right to object
If your personal data is processed in order to protect legitimate interests in accordance with Article 6(1)(f) of the GDPR, you have the right to object to the processing of this data at any time for reasons arising from your particular situation, in accordance with Article 21 of the GDPR. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing. These must outweigh your interests, rights and freedoms, or the processing must serve to assert, exercise or defend legal claims.
In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to processing for the purpose of such advertising. This also applies to profiling insofar as it is associated with this direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
To protect your rights, you can contact us using the contact details provided above.
8. REQUIREMENT TO PROVIDE PERSONAL DATA
The provision of personal data for the decision to conclude a contract, to fulfil a contract or to carry out pre-contractual measures is voluntary. However, we can only make a decision within the framework of contractual measures if you provide the personal data that is necessary for the conclusion of the contract, the fulfilment of the contract or pre-contractual measures.
Name and address of the data controller
The responsible body within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:
PAWLIK Digital AG
Hamburger Allee 26-28
60486 Frankfurt am Main
Germany
Phone: +49 40 53 28 50 0
E-Mail: info@pawlik.de
represented by the Executive Board: Stefan Roßbach, Thomas Deibert, Layla Dolfen
Name and address of the data protection officer
The data protection officer of the data controller is:
Jörg Hermann
jmh datenschutzberatung
Freibadstr. 30
81543 München
E-Mail: datenschutz@pawlik.de
General information on data processing
Legal basis for processing personal data
In accordance with Article 13 GDPR, we will inform you of the legal basis for our data processing. If the legal basis is not specified in the privacy notice, the following applies: the legal basis for obtaining consent is Articel 6(1)(a) in conjunction with Article 7 GDPR. The legal basis for processing in order to provide our services and fulfil contractual measures, as well as answering inquiries, is Article 6(1)
(b) GDPR. The legal basis for processing in order to fulfil our legal obligations is Article 6(1)(c) GDPR. If the processing of your data is necessary to safeguard the legitimate interests of our company or a third party and if your interests, fundamental rights and fundamental freedoms as the data subject do not outweigh the first interest, Article 6(1)(f) GDPR serves as the legal basis for the processing. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.
Data deletion and storage period
We adhere to the principles of data minimisation in accordance with Article 5(1)(c) GDPR and storage limitation according to Article 5(1)(e) GDPR. We only store your personal data for as long as is necessary to achieve the purposes stated here, or as stipulated by the retention periods provided for by law. After the respective purpose no longer applies or after these retention periods have expired, the corresponding data will be deleted as quickly as possible.
External links
This website may contain links to third-party websites or to other websites under our responsibility. If you follow a link to any of the websites outside our control, please note that these websites have their own privacy notices. We do not assume any responsibility or liability for these external websites and their privacy notices. Before using these websites, please check whether you agree with their privacy policies.
You can recognise external links either by the fact that they are displayed in a colour which is slightly different from the rest of the text or that they are underlined. Your cursor will show you external links when you move it over such a link. Only when you click on an external link will your personal data be transferred to the destination of the link. The operator of the other website will then receive your IP address, the time at which you clicked on the link, the website you were on when you clicked on the link, and other information that you can find in the respective provider’s privacy notice.
Please also note that individual links may result in data transfer outside the European Economic Area. This could give foreign authorities access to your data. You may not be entitled to any legal recourse against such data access. If you do not want your personal data to be transferred to the link destination or potentially even accessed by foreign authorities against your will, please do not click on any links.
Rights of data subjects
As a data subject within the meaning of the GDPR, you have the option to assert various rights. The data subject rights arising from the GDPR are the right to information (Article 15), the right to rectification (Article 16), the right to deletion (Article 17), the right to restriction of processing (Article 18), the right to object (Article 21), the right to lodge a complaint with a supervisory authority and the right to data portability (Article 20).
Right of revocation:
Some data processing can only take place with your express consent.You have the option to revoke your consent at any time. However, the lawfulness of the data processing up to the point of revocation is not affected by this.
Right of objection:
If the processing is based on Article 6(1)(e) or (f) GDPR, you as the data subject can object to the processing of your personal data at any time for reasons arising from your particular situation. You are also entitled to this right in the case of profiling based on these provisions within the meaning of Article 4(4) GDPR. Unless we can prove a legitimate interest for the processing which overrides your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims, we will refrain from processing your data after the objection has been made.
If the processing of personal data serves the purpose of direct marketing, you also have the right to object at any time. The same applies to profiling associated with direct marketing. Here, too, we will no longer process personal data as soon as you raise an objection.
Right to lodge a complaint with a supervisory authority:
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, without prejudice to any other administrative or judicial remedy, your place of work or the location of the alleged violation.
Right to data portability:
If your data is processed automatically based on consent or fulfilment of a contract, you have the right to receive this data in a structured, common and machine-readable format. You also have the right to request that the data be transferred and made available to another data controller, insofar as this is technically feasible.
Right of access, rectification and erasure:
You have the right to obtain information about the processing of your personal data with regard to the purpose, categories and recipients of the data processing, as well as the duration of storage. If you have any questions on this topic or on other topics regarding personal data, you can of course contact us using the contact options provided in the legal notice.
Right to restriction of processing:
You may assert your right to the restriction of processing of your personal data at any time. To do this, you must meet one of the following requirements:
- You contest the accuracy of the personal data. While the accuracy of the data is being verified, you have the right to demand that its processing is restricted.
- If processing is unlawful, you can request the restriction of the use of the data as an alternative to deletion.
- If we no longer need your personal data for the purposes of processing, but you need the data to assert, exercise or defend legal claims, you can request the restriction of processing as an alternative to deletion.
- If you object to the processing in accordance with Article 21(1) GDPR, we will weigh up your interests against ours. Until this weighing up is completed, you have the right to request the restriction of processing.
The effect of restricting processing is that, apart from storage, the personal data may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a member state.
Provision of the website (web host)
Our website is hosted by:
Hetzner Online GmbH
Industriestr. 25, 91710 Gunzenhausen Germany
When you access our website, we automatically collect and store information in so-called server log files. Your browser automatically transmits this information to our server or our hosting company’s server.
These are:
- IP address of the website visitor’s end device device used
- host name of the accessing computer visitor’s operating system
- browser type and version name of the retrieved file time of server request
- amount of data
- information on whether the retrieval of the data was successful
This data is not merged with other data sources.
Instead of operating this website on our own server, we may also commission an external service provider (hosting company) to operate it on their own server, which we have named above in this case. The personal data collected by this website will be stored on the hosting company’s servers. In addition to the data mentioned above, the web host also stores for us, for example, contact requests, contact details, names, website access data, meta and communication data, contract data and other data generated via a website.
The legal basis for processing this data is Article 6(1)(f) GDPR . Our legitimate interest is the technically error-free presentation and optimisation of this website. If the website is called up in order to enter into contract negotiations with us or to conclude a contract, this serves as a further legal basis (Article 6(1)(b) GDPR). In the event that we have commissioned a hosting company, a order processing contract will have been agreed with this service provider.
Contact form
You have the option to contact us via a form on the website. In order to contact to be established via this form, we need your contact details in particular.
The legal basis for data processing here is to fulfil a contract or pre-contractual measures in accordance with Article 6(1)(b) GDPR . There may also be a legitimate interest in maintaining business relationships or answering your request for other reasons.
In this case, the legal basis for the processing of your data would be Article 6(1)(f) GDPR.
The data will be deleted when we have resolved your request and no other retention obligations apply.
Bookings
We use the Microsoft Booking service of Microsoft Ireland Operations Ltd from Ireland as a plug-in to simplify the appointment process with our website users.
A direct connection is established between your browser and the Microsoft server via the plug-in and data is exchanged with the Microsoft servers. Information about your use of this website (including your IP address) is forwarded.
Microsoft Bookings is part of our Office365, Microsoft acts as our processor, the forwarding to the servers takes place within the framework of order processing.
The basis for data processing by us is Art. 6 para. 1 sentence 1 lit. f GDPR, which permits the processing of data to safeguard the legitimate interests of the controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail. We have an interest in improving the organisation of appointments.
Newsletter
If you wish to register for our newsletter, we require your first name and surname, an e-mail address and information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. For this purpose, we will send a confirmation e-mail to the e-mail address provided, containing a link (double opt-in); only after clicking on this link is the registration complete.
The purpose of this procedure is to be able to verify your registration and, if necessary, to clarify any possible misuse of your personal data. In addition, we store your IP address and the times of registration and confirmation. The purpose of this procedure is to be able to verify your registration and, if necessary, to clarify any possible misuse of your personal data. We do not collect any other data in this context. We use this data exclusively for sending the requested newsletter.
We use the Brevo tool from Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, to send our newsletter. We have concluded a data processing agreement with the service provider in accordance with Art. 28 GDPR.
We evaluate our newsletter campaigns. When you open an e-mail from the newsletter, a file contained in the e-mail (a so-called web beacon) connects to our service provider’s servers. This allows us to determine whether a newsletter message has been opened and which links you click on. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for statistical analysis of newsletter campaigns.
The data you provide us with for the purpose of receiving the newsletter will be stored by us in the newsletter distribution list until you unsubscribe and will be deleted from our servers as well as from the servers of our newsletter service provider after you unsubscribe from the newsletter. Data that we have stored for other purposes (e.g. e-mail addresses for contractual communication) remain unaffected by this.
Data processing is carried out on the basis of your consent in accordance with Article 6 (1) (1) (a) GDPR. You can revoke your consent to receive the newsletter and unsubscribe at any time. You can declare your revocation by clicking on the link provided in each email. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
Use of Local Storage Items, Session Storage Items and Cookies
Our website uses local storage items, session storage items and/or cookies. Local storage is a mechanism that enables data to be stored within the browser on your end device. This data usually includes user preferences, such as the “day” or “night” mode of a website, and is retained until you manually delete the data. Session storage is very similar to Local storage, whereas the storage duration only lasts during the current session, so until the current tab is closed. The session storage objects are then deleted from your end device. Cookies are information that a web server (server that provides web content) stores on your end device in order to be able to identify this end device. They are either temporarily deleted for the duration of a session (session cookies) and after your visit to a website or permanently (permanent cookies) on your end device until you delete them yourself or they are automatically deleted by your web browser.
These objects can also be stored on your end device by third-party companies when you visit our site (third-party requests). This allows us, as the operator, and you, as a visitor to this website, to make use of certain third-party services installed on this website. Examples are the processing payment services or displaying videos on a website.
These mechanisms have a variety of uses. They can improve the functionality of a website, control shopping cart functions, increase the security and comfort of website use and carry out analyses regarding visitor flows and behaviour. Depending on their individual functions, they must be classified in terms of data protection legislation. Are they necessary for the operation of the website and intended to provide certain features (shopping cart feature) or serve to optimize the website (e.g. cookies to measure visitor behaviour), then their use is based on Article 6(1)(f) GDPR. As a website operator, we have a legitimate interest in storing local storage items, session storage items and cookies in order to ensure the technically error-free and optimized provision of our services. In all other cases, local storage items, session storage items and cookies are only stored with your express consent (Article 6(1)(a) GDPR).
If local storage items, session storage items and cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this privacy notice. When required, your consent will be requested and can be revoked at any time.
Use of external services
We use external services on our website. External services are services provided by third parties that are used on our website. This can be done for a variety of reasons, such as embedding videos or website security. When using these services, personal data is also passed on to the respective providers of these external services. If we have no legitimate interest in using these services, we will obtain your revocable consent as a visitor to our website before using them (Article 6(1)(a) GDPR).
Analytics
We process website visitors’ personal data in order to analyse user behaviour. Evaluation of this data enables us to compile information on how visitors use individual components of our website. This allows us to increase the user-friendliness of our website. The analysis tools may be used, for example, to create user profiles for the display of targeted or interest-based advertising messages, to recognise our website visitors the next time they visit our website, to measure their click/scroll behaviour and downloads, to create heat maps, to recognise page views, to measure the length of visits to the website or bounce rates, as well as to trace the origin of website visitors (city, country, the website visitors have come from). The analysis tools help us to improve our market research and marketing activities.
Processing only occurs if you expressly give consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent Art. 6(1)(a) GDPR. Without your consent, data processing in the manner described above will not take place. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.
Google Analytics
Our website uses the service Google Analytics. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The use of this service may result in data transfer to a third country (USA). The provider of this service is certified according to the EU-
U.S. Data Privacy Framework and therefore provides an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://policies.google.com/privacy.
SalesViewer
Our website uses the service SalesViewer. The provider of this service is SalesViewer GmbH, Huestraße 30, 44787 Bochum, Germany.
Further information can be found in the provider’s privacy policy at the following URL: https://www.salesviewer.com/en/privacy-policy.
WP Statistics
Our website uses the service WP Statistics. The provider of this service is VeronaLabs OÜ, Tatari 64, 10134 Tallinn, Estonia. As this service is hosted locally on the web server, no data is transferred to third parties.
Content delivery network (CDN)
We use a content delivery network (CDN) to optimise the performance and availability of our website. For this purpose, the service provider who makes this network available will process your IP address and information about when you visited our website. All further information on data processing by this service provider can be found in the company’s privacy notice.
This processing is based on our legitimate interest (Article 6(1)(f) GDPR).
Our legitimate interest in using a content delivery network is to be able to display our website as quickly, securely and reliably as possible.
Google APIs CDN
Our website uses the service Google APIs CDN. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The use of this service may result in data transfer to a third country (USA). The provider of this service is certified according to the EU-
U.S. Data Privacy Framework and therefore provides an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://policies.google.com/privacy.
Content management system
A content management system enables the creation, editing, organisation and presentation of digital content. We use a content management system to create content for our website. This enables us to design a more attractive website.
This processing is based on our legitimate interest (Article 6(1)(f) GDPR).
Our legitimate interest is in the technically error-free display and optimisation of the website.
Elementor
Our website uses the service Elementor. The provider of this service is Elementor Ltd., Tuval st. 40, Ramat Gan, 5126112, Israel. As this service is hosted locally on the web server, no data is transferred to third parties.
Presentation optimisation
We use tools that serve to optimise the presentation of our website. Among other things, these tools help display the website in other languages or to make it more accessible.
Processing only occurs if you expressly give consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent Art. 6(1)(a) GDPR. Without your consent, data processing in the manner described above will not take place. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.
WPML
Our website uses the service WPML. The provider of this service is OnTheGoSystems Ltd., 22/F 3 Lockhart Road, Wanchai, Hong Kong, China.
As this service is hosted locally on the web server, no data is transferred to third parties. This processing is based on our legitimate interest (Article 6(1)(f) GDPR).
This application is required to ensure the unrestricted functionality of the website. This is a language tool which is considered essential.
Web fonts
This site uses so-called web fonts for the uniform display of fonts, which are provided by an external provider and loaded by the browser when the website is accessed. When web fonts are loaded, the web font provider becomes aware that our website has been accessed from your IP address, as your browser establishes a direct connection to the web font provider.
Processing only occurs if you expressly give consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent Art. 6(1)(a) GDPR. Without your consent, data processing in the manner described above will not take place. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.
Google Fonts
Our website uses the service Google Fonts. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The use of this service may result in data transfer to a third country (USA). The provider of this service is certified according to the EU-
U.S. Data Privacy Framework and therefore provides an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://policies.google.com/privacy.
Presence on social media
Social networks process personal data of their users on a large scale. Visiting our profiles on such networks leads to the processing of your IP address and other information about the used devices, among other things, which enables the IP addresses to be reassigned to individual users. We cannot influence this data processing. Therefore we have to point out that visiting our profiles on the social networks and using their functions is at your own risk. Details on data processing can be found in the operator’s data protection declaration.
The purpose of our profiles on social media platforms is to increase our Internet presence and the associated greater notoriety. Therefore, legitimate interest in accordance with Article 6 (1)(f) GDPR is to be used as the legal basis. Furthermore, with regard to the processing activities by the social networks, we refer to their own legal bases (e.g. consent in accordance with Article 6 (1)(a) GDPR), which can be found in the respective data protection declaration.
Together with the social media platform, we are responsible for the data processing operations triggered when you visit our profile. You can therefore assert your rights as a data subject in accordance with the GDPR against the social media platform and against us.
However, we would like to point out that we cannot influence the processing of data by the social media platform.
Presence on LinkedIn
We have a profile on LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
Detailed information about the handling of personal data can be found in the following data protection declaration of LinkedIn: https://www.linkedin.com/legal/privacy-policy.
Presence on XING
We have a profile on XING. The provider of this service is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
Detailed information about the handling of personal data can be found in the following data protection declaration of XING: https://privacy.xing.com/de/datenschutzerklaerung.
Presence on YouTube
We have a profile on YouTube. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Detailed information about the handling of personal data can be found in the following data protection declaration of YouTube: https://policies.google.com/privacy?hl=de.
DATA PROTECTION INFORMATION FOR CUSTOMERS AND CONTRACTUAL PARTNERS
Data protection information on our processing of personal data in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)
Dear customer, dear contractual partner,
In accordance with the provisions of Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR), we are hereby informing you about the processing of your personal data and your rights under data protection law in this regard. Which data is processed in detail and how it is used depends largely on the requested or agreed services. Please read the following information to ensure that you are fully informed about how your personal data is processed in the context of the performance of a contract or in order to take steps prior to entering into a contract.
1. PURPOSES AND LEGAL BASIS OF PROCESSING
We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) in the currently valid version:
Fulfilment of (pre-)contractual obligations (Art. 6 (1) (b) GDPR)
Your data is processed for the purpose of concluding a contract online or in one of our branches, for the purpose of concluding a contract for your employment in our company. In particular, the data is processed when business is initiated and when contracts with you are executed.
Fulfilment of legal obligations (Art. 6 (1) (c) GDPR)
Processing of your data is necessary for the purpose of fulfilling various legal obligations, e.g. from the German Commercial Code or the German Fiscal Code.
For the protection of legitimate interests (Art. 6 para. 1 lit. f GDPR)
On the basis of a balancing of interests, data processing may be carried out beyond the actual fulfilment of the contract in order to protect the legitimate interests of us or third parties. Data processing for the protection of legitimate interests takes place, for example, in the following cases:
- Advertising or marketing: Under the statutory conditions of Section 7 (3) of the German Unfair Competition Act (UWG), we are entitled to use the email address that you provided when concluding the contract for direct advertising for our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter. You can object to the use of your personal data for advertising purposes at any time, either in general or for individual measures.
- Measures for business management and further development of services and products
- As part of legal proceedings
As part of your consent (Art. 6 para. 1 lit. a GDPR)
If you have given us consent to process your data, e.g. to send you our newsletter, etc.
Data processing when establishing contact for job applications (Art. 6 para. 1 lit.f DSGVO)
We establish initial contacts between potential candidates and our clients for job positions. In this context, we approach suitable candidates in social networks (of course within the framework of the terms of use there) and ask whether they are interested in being put in touch with our clients.
If we do not receive your express consent for the processing of your data in this context, we store your name and the date of our approach to you in order to document our approach to you, to avoid writing to you more than once during a search, and to take into account any objections.
The basis for the data processing is Art. 6 (1) 1 lit. f GDPR, which permits the processing of data for the purposes of the legitimate interests pursued by the controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Our interest lies in addressing potential applicants efficiently and avoiding addressing people who do not want to be addressed by us twice or at all.
If you send us application documents without being asked to do so after we have approached you, or if you provide us with data in subsequent discussions or in any other way in this context and do not give us your express consent to process this data and/or to forward it to the employer/provider of a job, we will process the data in preparation for a possible forwarding/placement with the employer/provider of a job until we have received your consent or the customer’s order has been completed. The basis for this data processing is Art. 6 (1) sentence 1 point (f) GDPR, which permits the processing of data for the purposes of the legitimate interests pursued by the controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Our interest lies in preparing the transfer of the data to an employer in the event that the corresponding consent, which we regularly ask for, is given. In this case, we do not have to request all the data again.
2. CATEGORIES OF PERSONAL DATA
We only process data that is related to the establishment of the contract or the pre-contractual measures.
For customers, this includes, for example, first and last name, address, contact details (email address, telephone number), bank details, image recordings.
For business partners, this includes, for example, the name of their legal representatives, company, commercial register number, VAT ID number, company number, address, contact details (email address, telephone number, fax), bank details.
3. DATA SOURCES
We process personal data that we receive from you in the context of establishing contact or entering into a contractual relationship or in the context of pre-contractual measures.
4.TRANSMISSION OF YOUR PERSONAL INFORMATION
We only share your personal data within our company with the departments and persons who need this data to fulfil contractual and legal obligations or to pursue our legitimate interests.
Your personal data is processed on our behalf on the basis of data processing agreements in accordance with Article 28 of the GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR. The categories of recipients in this case are providers of internet services and providers of customer management systems and software. We use the CRM system Salesforce from Salesforce, Inc. As Salesforce, Inc. is part of the EU-US Data Privacy Framework Programme, an EU adequacy decision applies to the data transfer.
Otherwise, data will only be passed on to recipients outside the company if this is permitted or required by law, if the transfer is necessary for the processing and thus for the fulfilment of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent or if we are authorised to provide information.
5. TRANSFER TO A THIRD COUNTRY
A transfer to a third country is not intended.
6.DURATION OF DATA STORAGE
If necessary, we process and store your personal data for the duration of our business relationship or to fulfil contractual purposes.This includes, among other things, the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations arising from the German Commercial Code (HGB) and the German Fiscal Code (AO), among other things. The periods for storage and documentation prescribed there are between two and ten years.
Finally, the storage period is also based on the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.
7. YOUR RIGHTS
Every data subject has the right of access under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR, the right to notification under Article 19 of the GDPR and the right to data portability under Article 20 of the GDPR.
Furthermore, you have the right to lodge a complaint with a data protection supervisory authority in accordance with Art. 77 GDPR if you believe that the processing of your personal data is unlawful. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.
If data is processed on the basis of your consent, you have the right to withdraw your consent to the use of your personal data at any time in accordance with Art. 7 GDPR. Please note that the withdrawal of consent is only effective for the future. It does not affect processing that occurred prior to the withdrawal. Please also note that we may need to store certain data for a certain period of time to fulfil legal requirements.
Right to object
If your personal data is processed in order to protect legitimate interests in accordance with Article 6(1)(f) of the GDPR, you have the right to object to the processing of this data at any time for reasons arising from your particular situation, in accordance with Article 21 of the GDPR. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing. These must outweigh your interests, rights and freedoms, or the processing must serve to assert, exercise or defend legal claims.
In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to processing for the purpose of such advertising. This also applies to profiling insofar as it is associated with this direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
To protect your rights, you can contact us using the contact details provided above.
8. REQUIREMENT TO PROVIDE PERSONAL DATA
The provision of personal data for the decision to conclude a contract, to fulfil a contract or to carry out pre-contractual measures is voluntary. However, we can only make a decision within the framework of contractual measures if you provide the personal data that is necessary for the conclusion of the contract, the fulfilment of the contract or pre-contractual measures.