This Privacy Statement also describes our information practices and the choices available to you under UK data protection laws regarding our use of information of your personal data, including under the UK General Data Protection Regulation (“GDPR”).
You can contact our Data Protection Officer at the above address or by emailing email@example.com
Depending on how you interact with us, we process different kinds of data in different ways. Accordingly, the extent and purpose of the data processing will vary depending on the situation:
Some data is automatically processed if you visit our Website (see Section 1. below). Other data is only processed if you actively submit it to us, like using our web forms to get in touch with us or apply for an open role at our company (see Section 2. below) or, when registering for our newsletters (see Section 3. below).
- Personal Data We Process on Our Website:
When we provide our Website to you, for technical reasons, it will be necessary for us to process personal data. These are data that we automatically process for every visitor when the Website is accessed.
Data that we automatically collect when you use our Website:
- – As soon as you visit the Website, you send technical information to our web servers where it is stored in so-called server log files. Once you access the Website, we collect the following “Website Usage Data”:
- – Date and time of the visit and the duration of the use of the Website;
- – the IP address or the ID of your device;
- – the referral URL (the Website from which you may have been referred);
- – the browser used and your operating system;
- – the visited sub-pages of the Website.
We process Website Usage Data to allow you to surf the Website and to ensure its functionality. We also process aggregated Website Usage Data to perform analyses on the performance of the Website, to continuously improve the Website and correct errors, to ensure IT security and operation of our systems, as well as to prevent or uncover abuse. We further process this data to improve the user experience on our Website and guarantee the safety of our IT systems. We are not able to identify you as an individual, based on such Website Usage Data (data processing will remain pseudonymous at all times).
The abovementioned processing purposes represent our legitimate interests. The legal basis for processing Website Usage Data in server log files is, hence, Art. 6 (1) lit. f) of the GDPR.
- Personal Data We Process If You Decide to Contact Us:
We offer interested parties the possibility to contact us through our website forms or by emailing us. You might contact us either because you have a sales or customer support inquiry or because you’d like to apply for an open position with our company. In both cases we will process your personal data only for the purpose of complying with your request.
Personal data includes, in particular, information about you (e.g. first and last name) and contact information (e.g. address, telephone number, e-mail address) including the data resulting from any attachments you send along (e.g. CV, cover letter, certificates, data on qualifications and school and university degrees, professional experience, language skills, etc.).
Certain personal data to be provided on the contact form, which we need to process your application, are mandatory fields. Nevertheless, the provision of this data is voluntary. However, if you do not provide us with these mandatory fields, we may not be able to process your application. All other information that is not marked as mandatory fields can be filled in voluntarily.
Our legal basis for this is Art. 6 (1) lit. a) of the GDPR (your consent). We seek the best applicants regardless of racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or sexual identity (collectively “sensitive data”). If you nevertheless disclose sensitive data without being asked and voluntarily, we may also process this data for the purpose of processing your application.
- Personal Data We Process When You sign up for our Newsletters
When you register for our newsletter, we process your e-mail address for the purpose of sending it. You will receive a registration notification by e-mail, which you must confirm in order to receive the newsletter (so-called double opt-in). This serves as proof for us that the registration was actually initiated by you.
The legal basis is your consent, Art. 6 (1) lit. a) of the GDPR. You can revoke your consent at any time, e.g. via the unsubscribe link at the end of each newsletter.
- With Whom We Share Personal Data:
We treat your personal data with care and confidentially and will only pass it on to third parties to the extent described below and not beyond. We do not share, sell, rent, or trade personal data with third parties for any promotional purposes. For technical reasons, however, we share personal data with our service providers (such as Amazon Web Services who host our online and cloud resources). We have chosen Europe as our server location. Where our service providers process personal data, they will do so solely on our instructions or under our common joint control and have undertaken to comply with strict contractual requirements for the security of your data (including, but not limited to, complying with this Privacy Statement). This includes the service provider hosting the Website.
- Data Transfers to Countries Outside the United Kingdom
We do not transfer your personal data to countries outside the United Kingdom (so-called “Third Countries”) without implementing appropriate safeguards to guarantee the security of processing and an adequate level of data protection at all times.
Some of our service providers (see above) are affiliates of companies based in Third Countries. Hence, legally speaking, personal data may be transferred to Third Countries, even where the actual storage capacities/serves are located inside the territory of the United Kingdom. However, we will ensure that an adequate level of data protection is maintained at all times. We will only transfer your personal data if
- – The Commission has adopted a so-called adequacy decision for the third country or the recipient in that third country,
- – Sufficient safeguards are provided by the recipient in accordance with Article 46 of the GDPR for the protection of the personal data (including any additional measures required),
- – You have expressly consented to the transfer, after we have informed you about the risks, in accordance with Article 49 (1) lit. a) of the GDPR,
- – The transfer is necessary for the performance of contractual obligations between you and us
- – Or another exception from Article 49 of the GDPR applies.
Guarantees according to Article 46 of the GDPR can be so-called standard contractual clauses. In these standard contractual clauses, the recipient assures to protect the data sufficiently and thus to ensure a level of protection comparable to the GDPR.
- For How Long We Keep Your Data:
We delete Website Usage Data as soon as it is no longer required for the purposes we collect them for. Provided that the data is no longer required for the fulfilment of legal obligations (e.g. tax or commercial law), it will be deleted, unless the subsequent processing is necessary for the preservation of evidence or for the defence of legal claims against us. Server log files will be deleted after 30 days. If you contact us, we will delete the data you have provided after the request has been processed, unless you give us your consent to store this data for a longer period of time.
- User profiles:
We do not use your personal data to identify you as an individual or create a profile of your interests and/or interactions.
- Your Legal Rights Under The GDPR:
You, as a data subject (i.e. the person whose data are processed), have the following statutory rights under the GDPR:
- – to withdraw your consent given to us at any time in accordance with Article 7 para. 3 of the GDPR. As a result, we are no longer allowed to continue processing data based on this consent in the future;
- – to request information about your personal data processed by us in accordance with Article 15 of the GDPR. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or opposition, the existence of a right to lodge a complaint, the origin of your data, unless it was collected by us, and the existence of automated decision-making, including profiling and, if necessary, meaningful information about its details;
- – to request the correction of incorrect or incomplete personal data stored by us without delay in accordance with Article 16 of the GDPR;
- – to request the deletion of your personal data stored by us, in accordance with Article 17 of the GDPR, unless the processing for exercising the right to freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest or for asserting, exercising or defending Legal claims is required;
- – To request the restriction of the processing of your personal data in accordance with Article 18 of the GDPR, provided that the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need this to assert, you need to exercise or defend legal claims or you have objected to processing in accordance with Article 21 of the GDPR;
- – according to Article 20 of the GDPR, to receive your personal data, which you have provided to us, in a structured, common and machine-readable format or to request the transmission to another person responsible and
You also have a right to lodge a complaint with the competent data protection supervisory authority, the Information Commissioner’s Office (ICO)
If you would like to exercise your data subject rights, please contact firstname.lastname@example.org
Information about your Right of Objection under Article 21 of the GDPR
- 1. Right of objection in individual cases
In addition to the rights already mentioned, you have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, where it is processed on the basis of Article 6 (1) lit. f) of the GDPR (data processing on the basis of a balance of interests). If you file an objection, we will no longer process your personal data unless we can prove compelling grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise, or defend legal claims. Please also note that, if we terminate the processing due to your objection, the Website may no longer be available to you or only to a limited extent.
- 1. Your right to object to the processing of data for direct marketing purposes
You also have the right to object at any time to the processing of your personal data for the purpose of direct marketing, including any subscription to our newsletters or personalized ads; this also applies to profiling, insofar as it is associated with such direct marketing. If you object, we will no longer process your personal data in the future.
The objection can be filed informally and should be sent to: email@example.com
Information on Cookies and Similar Technologies