Privacy policy
(Data protection information in accordance with Article 13 GDPR)
1. Controller’s name and contact details
The controller under Article 4(7) of the EU General Data Protection Regulation (GDPR) is:
DATA AHEAD AG – Joerg Wolter
Prinzregentenufer 3
90489 Nuremberg
Tel.: +49 911 43 31 41-0
Fax: +49 911 43 31 41-20
info@dataahead.de
2. Contact details of the data protection officer
We have appointed a data protection officer for data protection matters, who can be contacted at:
Nina Ben Yagoub, QM-Dienstleistungen
External data privacy officer
Simonstraße 14
90763 Fürth
Tel.: +49 911 4952 2540
Fax: +49 911 4952 2548
datenschutz@dataahead.de
3. Rights of the data subjects
3.1 You have the following rights with respect to us with regard to the personal data relating to you:
– right to information,
– right to rectification or erasure,
– right to restriction of the processing,
– right to object to the processing,
– right to data portability.
You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data by us.
3.2 Right of objection
a.) Data subjects have the right to object at any time, on grounds relating to their particular situation, to the processing of personal data relating to them that occurs on the basis of Article 6(1) points (e) or (f) GDPR. This also applies to profiling based on those provisions. The controller will then no longer process the personal data, unless it can demonstrate compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject, or the processing serves the purpose of the establishment, exercise or defence of legal claims.
b.) If personal data is processed in order to conduct direct marketing, the data subject has the right to object at any time to the processing of the personal data relating to him/her for the purposes of such marketing. This also applies to profiling insofar as it is associated with such direct marketing.
c.) If the data subject objects to the processing for the purposes of direct marketing, the personal data will no longer be processed for those purposes.
4. Data processing
4.1 Visiting the website
When our website is used for purely informational purposes, i.e. if you do not provide us with any other information, we only collect the personal data that your browser automatically transmits to our server.
If you use our website, we will collect the following data, which is technically necessary for us to display our website to you and ensure its stability and security:
– IP address
– date and time of the enquiry
– time zone difference relative to Greenwich Mean Time (GMT)
– the content of the request (specific page)
– access status/HTTP status code
– transferred volume of data
– the website from which the request originates
– browser
– operating system and its interface
– language and version of the browser software
a.) Purposes:
The purposes for which the personal data is processed:
– presentation of the website.
b.) Legal basis:
Legitimate interests in accordance with Article 6(1) point (f) GDPR.
The legitimate interests are:
– proper functioning, presentation, stability and security of the website.
c.) Categories of recipients of the personal data:
The web server is technically operated by a service provider (contract processor).
d.) Storage period:
– one week.
4.1.1 Transient cookies/session cookies (technically necessary cookies)
Necessary storage of data includes cookies, which are absolutely necessary for the functions of a website. These include, for example, cookies which serve the purpose of storing log-in data, the shopping cart or the language selection. They are deleted when you close your browser.
a.) Purposes:
The purposes for which the personal data is processed:
– presentation of the website.
b.) Legal basis:
Legitimate interests in accordance with Article 6(1) point (f) GDPR.
The legitimate interests are:
– proper functioning, presentation, stability and security of the website.
c.) Categories of recipients of the personal data:
The web server is technically operated by a service provider (contract processor).
d.) Storage period:
– Until the browser is closed.
4.1.2 Persistent cookies (which are not technically necessary)
Text files are installed as non-essential cookies which do not solely serve the purpose of the proper functioning of the website but also collect other data. They include, for example, the following:
– tracking cookies
– targeting cookies
– analysis cookies
– cookies of social media websites
– chat function
Persistent cookies are automatically deleted after a prescribed period of time, which may differ depending on the cookie. You can erase the cookies at any time in the security settings of your browser.
You can configure your browser settings according to your preferences and, for example, refuse the acceptance of third-party cookies or all cookies. We advise you that if you do so you may not be able to use all the functions of this website.
a.) Purposes:
The purposes for which the personal data is processed:
– identification upon subsequent visits, chat function and the above-mentioned purposes.
b.) Legal basis:
– consent for one or more particular purposes (Article 6 (1) point (a) GDPR).
c.) Categories of recipients of the personal data:
– contract processor: The web server is technically operated by a service provider (contract processor).
d.) Storage period:
– Until the consent is withdrawn, and before such withdrawal based on the prescribed period.
e.) Withdrawal option
You have the right to withdraw your consent at any time. The withdrawal of the consent will not affect the legality of the processing that occurred on the basis of the consent up until the withdrawal.
4.2 Unsolicited applications by e-mail
You have the possibility of sending us an unsolicited application by e-mail.
a.) Purposes:
The purposes for which the personal data is processed:
– initiation of employment contracts
b.) Legal basis:
– contract initiation:
The data processing is necessary for carrying out pre-contractual measures that occur at the request of the data subject (Article 6(1) point (b) GDPR).
c.) Categories of recipients of the personal data:
The web server is technically operated by a service provider (contract processor).
d.) Storage period:
Your application will be stored until a decision is made, and for no longer than six months. In the event a contract is concluded, the storage shall be for the duration of the statutory retention requirements.
4.3 Social media
We currently use the following social media plug-ins: Twitter, Xing, LinkedIn.
(1) We use the so-called two-click solution. That means that, as a rule, when you visit our site initially no personal data will be passed on to the providers of the plug-ins. You can identify the provider of the plug-in through the marking on the box above its initial letters or the logo. We enable you to communicate directly with the provider of the plug-in through the button. Only if you click on the marked field and thus activate it will the plug-in provider receive the information that you have accessed the relevant page of our website. The data referred to in section 4.1 of this privacy policy will also be transmitted. In the case of Xing, according to the information of the respective providers in Germany the IP address will be immediately anonymised after collection. Through the activation of the plug-in your personal data will thus be transmitted to the respective plug-in provider and stored there (in the case of US providers: in the USA). Because the plug-in provider collects data particularly via cookies, we recommend that before clicking on the greyed-out box you delete all cookies through the security settings of your browser.
(2) We have no influence on the collected data and data processing processes, nor do we know the full scope of the data collection, the purposes of the processing or the storage periods. We also have no information on the erasure of the collected data by the plug-in provider.
(3) The plug-in provider stores the collected data concerning you as usage profiles and uses it for the purposes of advertising, market research and/or tailoring its website to the users’ needs. Such analysis occurs, in particular (also for users who are not logged in), for the purpose of the presentation of needs-based advertising and in order to inform other users of the social network of your activities on our website. You have a right of objection to the creation of these user profiles. To exercise it you must contact the respective plug-in provider. Via the plug-ins we offer you the possibility of interacting with the social networks and other users, so that we can improve our service and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Article 6(1) sentence 1 (f) GDPR.
(4) The data is passed on irrespective of whether you have an account with the plug-in provider and are logged in there. If you are logged into the plug-in provider, your data collected by us will be directly assigned to your existing account with the plug-in provider. If you click on the activated button and, for example, link the page, the plug-in provider will also store that information in your user account and publicly disclose it to your contacts. We recommend that you generally log out after using a social network and particularly before activating the button, as you can thus prevent such assignment to your profile with the plug-in provider.
(5) You can obtain further information on the purpose and scope of the data collection and processing thereof by the plug-in provider in the privacy policies of those providers indicated below. In them you will also find further information on your rights in this respect and setting options for the protection of your privacy.
(6) Addresses of the respective plug-in providers and URLs with their privacy policies:
a) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
b) Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.
c) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
4.4 Google Analytics
Use of Google Analytics
(1) This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, i.e. text files which are stored on your computer and make it possible to analyse your use of the website. The information generated by the cookies on your use of this website will generally be transferred to and stored on a Google server in the USA. However, if the IP anonymisation is activated on this website, Google will first abbreviate your IP address in Member States of the European Union or in other contracting states of the Treaty on the European Economic Area. In exceptional cases only, the full IP address will be transferred to a Google server in the USA and abbreviated there. Google will use that information on behalf of the operator of this website to analyse your use of the website, to draw up reports on the website activities and to provide other services to the website operator associated with the use of the website and the use of the Internet.
(2) The IP address transmitted by your browser within the framework of Google Analytics will not be combined with any other Google data.
(3) You can prevent the storage of the cookies by setting your browser software accordingly. However, please note that if you do so you may not be able to use all the functions of this website to their full extent. You can also prevent the recording of the data generated by the cookie that relates to your use of the website (including your IP address) to Google, as well as the processing of that data by Google, by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de
(4) This website uses Google Analytics with the extension “_anonymizeIp ()”. As a result, IP addresses are processed in abbreviated form and a personal reference can therefore be excluded. If the data collected concerning you acquires a personal reference it will thus be immediately excluded and the personal data will therefore be immediately deleted.
(5) We use Google Analytics so that we can analyse and continually improve the use of our website. Through the statistics obtained we can improve our service and make it more interesting for you as a user. For the exceptional cases where personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Article 6(1) sentence 1 (f) GDPR.
(6) Information of the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User terms and conditions: http://www.google.com/analytics/terms/de.html, data protection overview: http://www.google.com/intl/de/analytics/learn/privacy.html, and the privacy policy: http://www.google.de/intl/de/policies/privacy.
4.5 Integration of YouTube videos
(1) We have integrated YouTube videos into our online service, which are stored at http://www.YouTube.com and can be played back directly from our website. They are all integrated in the “extended data protection mode”, i.e. no data concerning you as the user will be transferred to YouTube if you do not play the videos back. Only if you play the videos back will the data specified in paragraph 2 be transferred. We have no influence on that data transmission.
(2) Through your visit to the website YouTube is notified that you have accessed the relevant subpage of our site. The data referred to in section 4.1 of this privacy policy will also be transmitted. This occurs irrespective of whether YouTube provides you with a user account through which you are logged in or if no user account exists. If you are logged in with Google, your data will be directly assigned to your account. If you do not wish the assignment to your profile with YouTube, you must log out before activating the button. YouTube stores your collected data as usage profiles and uses it for the purposes of advertising, market research and/or tailoring its website to the users’ needs. Such analysis occurs, in particular, (even for users who are not logged in) for the purpose of the presentation of needs-based advertising and in order to inform other users of the social network of your activities on our website. You have a right of objection to the creation of these user profiles, which you must exercise with respect to YouTube.
(3) You can obtain further information on the purpose and scope of the data collection and processing thereof by YouTube in the privacy policy. In it you will also find further information on your rights and setting options for the protection of your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
4.6 Integration of Google Maps
(1) On this website we use the service of Google Maps. This enables us to display interactive maps to you directly on the website and enables you to conveniently use the maps function.
(2) Through your visit to the website Google is notified that you have accessed the relevant subpage of our website. The data referred to in section 4.1 of this privacy policy will also be transmitted. This occurs irrespective of whether Google provides you with a user account through which you are logged in or if no user account exists. If you are logged in with Google, your data will be directly assigned to your account. If you do not wish the assignment to your profile with Google, you must log out before activating the button. Google stores your data as usage profiles and uses it for the purposes of advertising, market research and/or tailoring its website to the users’ needs. Such analysis occurs, in particular, (even for users who are not logged in) for the purpose of the presentation of needs-based advertising and in order to inform other users of the social network of your activities on our website. You have a right of objection to the creation of these user profiles, which you must exercise with respect to Google.
(3) You can obtain further information on the purpose and scope of the data collection and processing thereof by the plug-in provider in the privacy policies of the provider. In them you will also find further information on your rights in this respect and setting options for the protection of your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
4.7 Order form
In the order form the following data is recorded by us: Salutation, first name, surname, company, address (street, building number), town/city, post code, country, e-mail address. This data serves the purpose of the conclusion of a contract and the performance of the contract.
a.) Purposes:
The purposes for which the personal data is processed:
– the conclusion of a contract and the performance of the contract.
b.) Legal basis:
– contract initiation, performance of the contract (Article 6(1) point (b) GDPR).
c.) Categories of recipients of the personal data:
– the web server is technically operated by a service provider (contract processor);
– payment service providers, mailing service providers.
d.) Storage period:
– Until the end of the statutory retention periods.
4.8 Interested parties/customer data/supplier data
The following data of interested parties, customers and suppliers will be recorded: Salutation, first name, surname, company, address (street, building number), town/city, post code, country, e-mail address, bank details, telephone number
a.) Purposes:
The purposes for which the personal data is processed:
– offer processing
– initiation of orders
– invoicing
– processing complaints
– delivery
– determination and improvement of customer satisfaction/supplier ratings
b.) Legal basis:
– contract initiation, performance of the contract (Article 6(1) point (b) GDPR).
c.) Categories of recipients of the personal data:
– employees
– external administrators/auditors
– tax office
– authorities
– mailing service providers, payment service providers
d.) Storage period:
– until the end of statutory retention periods
4.9 Transmission of data to third countries
Recording of interested parties and customer data: Under certain circumstances data may be transmitted to third countries.
a.) Purposes: In connection with order initiation or order processing, data may be transmitted to third countries. Troubleshooting, support in case of questions.
b.) Legal basis:
– contract initiation, performance of the contract (Article 6(1) point (b) GDPR).
c.) Categories of recipients of the personal data:
– sales employees Miami, Florida
– service provider: LabVIEW™ producer
– Basecamp (email@basecamp.com), Basecamp Chicago, Illinois, USA)
– SoftwareKey System (support@softwarekey.com), Concept Software Inc, Florida 34787 USA)
d.) Storage period:
– Until the end of statutory retention periods.