Privacy Policy
Privacy
Policy
Effective as of October 30, 2025
Table of Contents
The data controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:
paricon AG
Kufsteiner Straße 103
83026 Rosenheim
Germany
+49 (0) 8031 40896-0
info@paricon.de
https://www.paricon.de/
The data protection officer of the data controller is:
Dr. Sabine Schmalzer
Schmalzer mind+engineering GbR
Bamerstr. 3
D-85579 Neubiberg
datenschutz@paricon.de
3.1 Purpose of Processing
We process personal data for the following purposes:
- Provision of our services, including the initiation, execution, and billing of contracts pursuant to Art. 6(1)(b) GDPR
- Fulfillment of legal obligations, e.g., tax law pursuant to Art. 6(1)(c) GDPR
- Operation of our website and provision of information thereon, as well as ensuring and carrying out the execution of our business operations pursuant to Art. 6(1)(f) GDPR
Insofar as we are required to obtain consent, the processing of personal data is based on your consent pursuant to Art. 6(1)(a) GDPR or, in the case of sensitive data, pursuant to Art. 9(2)(a) GDPR.
We process your personal data exclusively for the stated purposes and retain this data only for as long as the respective purpose and legal requirements mandate.
We exclusively process personal data that has been transmitted to us by parties interested in our services and by our business or contractual partners.
3.2 Categories of Data We Process
In the course of our business activities, we process the following categories of personal data:
- Personal data that you provide to us as a party interested in our services or as a business customer, e.g., your IP address when visiting our website, your contact details such as name, company function, area of activity, address, telephone number, email, and data regarding your interest in our services and products.
- Personal data within the scope of contractual agreements
- Personal data required for the provision of our services
3.3 Storage Period
Unless otherwise specified in this privacy policy, your personal data is stored on our systems until the purpose for the data processing has ceased.
If you submit a legitimate erasure request or withdraw your consent to data processing, your personal data will be deleted unless we have other legally mandatory grounds for its retention.
4.1 Your Right to Withdraw Your Consent
If data processing is based on your explicit consent, you may withdraw this consent at any time (Art. 7(3) GDPR). The lawfulness of the data processing carried out prior to the withdrawal shall remain unaffected.
4.2 Your Right to Object (Art. 21 GDPR)
If data processing is based on Art. 6(1)(e) or (f) GDPR (public or legitimate interest), you have the right at any time to object to the processing of your personal data on grounds relating to your particular situation (Art. 21 GDPR).
If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.
If your personal data is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing. If you object, your personal data will subsequently no longer be used for the purposes of direct marketing.
4.3 Your Right to Access, Rectification, and Erasure
Within the scope of applicable legal provisions (Art. 15, Art. 16, and Art. 17 GDPR), you have the right at any time to free-of-charge information about your stored personal data, its origin and recipients, and the purpose of the data processing, and where applicable, a right to rectification or erasure of such data.
You may contact us at the above contact details at any time for this purpose.
4.4 Your Right to Restriction of Processing
Pursuant to Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data.
The right to restriction of processing exists when:
- You contest the accuracy of your personal data stored by us, for the duration of the verification.
- The processing is unlawful and you request the restriction of the data processing instead of erasure.
- You still require the data for the establishment of legal claims.
- You have filed an objection pursuant to Art. 21(1) GDPR, pending the determination of whether your interests or ours override.
If you have exercised your right to restriction of processing, your personal data may, apart from storage, only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.
4.5 Your Right to Data Portability
Pursuant to Art. 20 GDPR, you have the right to receive your personal data, which we have processed automatically on the basis of your consent or for the performance of a contract, in a commonly used, machine-readable format, or to have it transferred to a third party.
4.6 Your Right to Lodge a Complaint with the Competent Supervisory Authority
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement. The right to lodge a complaint shall be without prejudice to any other administrative or judicial remedy.
5.1 Hosting
Our website is hosted on servers of a service provider commissioned by us. Our service provider is:
1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany.
We have a legitimate interest in the most reliable presentation of our website possible pursuant to Art. 6(1)(f) GDPR. For this purpose, we have concluded a data processing agreement with the above-mentioned provider to ensure that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
5.2 Server Log Files
When you access our website, information is automatically collected and stored in so-called server log files, which your browser automatically transmits when visiting the website. The stored information is:
- Browser type and browser version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- Date and time of the server request
- IP address
This data is not merged with other data sources. The collection of this data is based on Art. 6(1)(f) GDPR. Our legitimate interest in processing this data lies in presenting our website in a technically error-free manner and providing its basic functions.
The data required for the provision of the website is deleted at the end of the session. All log files stored beyond this are anonymized immediately after collection.
When you visit our website, we use technical tools for various functions, in particular cookies, which may be stored on your device. Cookies are text files or information in a database that are stored on your hard drive and assigned to the browser you are using, so that certain information can flow to the entity that sets the cookie. They are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device.
When you access our website and at any time thereafter, you have the choice of whether to generally allow the setting of cookies or which individual additional functions you wish to select. You can make changes in your browser settings or via our consent manager.
Session cookies are automatically deleted after your visit ends. Persistent cookies remain stored on your device until you delete them yourself or an automatic deletion is carried out by your web browser.
An overview of all cookies used can be found in our consent manager. You can give your consent for entire categories or display further information and select only specific cookies.
We use the following types of cookies:
6.1 Technically Necessary Cookies
Technically necessary cookies are required for the technically error-free construction of the website. Without them, our website cannot be displayed completely or correctly, or the support functions are not possible. These cookies collect data about your use of the various functions of our website.
You can set your browser so that you are informed about the setting of cookies and only allow cookies on a case-by-case basis, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. When cookies are deactivated, the functionality of this website may be limited.
The storage of technically necessary cookies on your device and the reading of information to ensure the functionality of our website is based on Section 25(2) No. 2 TDDDG in conjunction with Art. 6(1)(f) GDPR. As the operator of our website, we have a legitimate interest in the storage of technically necessary cookies for the complete and optimized provision of our content.
Technically necessary cookies are regularly deleted automatically after the session ends (e.g., logging out or closing the browser) or after a predetermined period has elapsed.
6.1.1 Cookie Banner and Consent Manager (Borlabs Cookie)
When you first access our website, a so-called cookie banner is displayed. With your selection, you either consent to the use of cookies or reject the use of non-essential cookies. Additionally, you can display the selection menu and consent to or reject the use of functional cookies or cookies for analytics and marketing on a graduated basis.
Via the fingerprint widget displayed at the bottom left of the website, you can withdraw or change your settings at any time. The settings you have made are stored via a cookie in your browser.
To provide you with these functions, we use the cookie plugin Borlabs by WordPress. The legal basis for the processing is the fulfillment of our legal obligation pursuant to Art. 6(1)(c) GDPR to obtain your consent for the provision of cookies and to provide you with the option to withdraw or change this consent at any time.
6.1.2 WPML
We use the multilingual plugin WPML for WordPress to provide our website in different languages. When you visit our website, session cookies are set by WPML to store your selected language setting. Further information is provided in our consent manager.
The legal basis for this data processing is our legitimate interest pursuant to Art. 6(1)(f) GDPR in offering our website visitors the content of our website in their respective native language.
6.1.3 JQuery CDN
We use the JQuery Content Delivery Network (JQuery CDN) to provide JQuery libraries, to ensure the correct display of our website and interactive elements, and to improve loading speed.
The provider is Fastly, Inc., 475 Brannan St. Suite 300, San Francisco, CA 94107, USA.
We have a legitimate interest in the most appealing and user-friendly presentation of our website possible pursuant to Art. 6(1)(f) GDPR and have, for this purpose, concluded a data processing agreement (Data Processing Addendum) with Fastly, including the current Standard Contractual Clauses of the EU Commission (EU SCCs).
In accordance with this contractual agreement, any data transfer to a third country outside the European Union is carried out in accordance with the EU Standard Contractual Clauses and additional technical and organizational safeguards.
Since individual content of our website is loaded via servers in the USA, we would like to point out that personal data of our website visitors may in some cases also be transferred to the USA and processed on Fastly’s servers there.
The US company Fastly, Inc., San Francisco, California has certified itself for the EU-U.S. Data Privacy Framework and thereby participates in the current data protection agreement between the EU and the USA.
6.2 Cookies for Statistics and Marketing
Insofar as we use cookies from third-party providers for statistical analysis purposes and for our marketing, we inform you about this in detail in the following sections of this privacy policy. Data collection via this type of cookie is carried out exclusively on the basis of your express consent via the consent manager pursuant to Section 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR. You can withdraw your consent at any time via the consent manager. Subsequent changes to the settings are also possible at any time via the consent manager.
With the help of statistics cookies, we collect usage data that provides us with information on how you use our website, e.g., which pages or content you spend time on. Marketing cookies likewise serve us to capture demographic information about our website visitors (e.g., job title, employer). We use this data to improve the quality of our website content and thereby our reach and profitability.
6.2.1 Google Tag Manager
If you have given your consent, we use Google Tag Manager on our website, a service (hereinafter referred to as Google).
This solution enables further services to be collectively managed via so-called website tags and provided on the website in a bundled manner. Google Tag Manager itself does not collect any personal data but ensures the triggering of other services that may in turn collect data.
The following tags and associated third-party services may be loaded by Google Tag Manager:
- Google Analytics
- Google Ads
- LinkedIn CDN
Detailed information about these services can be found in the following separate sections of this privacy policy.
When visiting our website, you can prevent the collection of the data generated by cookies and related to your use of the website (including your IP address) to Google, as well as the processing of this data by Google, by generally rejecting the setting of non-essential cookies or by not granting your consent to the setting of statistics cookies in the cookie banner.
For the purpose of this processing, we have concluded a data processing agreement with Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, including the current Standard Contractual Clauses of the EU Commission (EU SCCs).
The US company Google LLC, Mountain View, CA has certified itself for the EU-U.S. Data Privacy Framework and thereby participates in the current data protection agreement between the EU and the USA.
We would like to point out that it cannot be excluded that personal data may be transferred to the USA and that Google LLC as the US parent company or US security authorities may gain access to this data. In order to use the functions of Google Tag Manager, it is necessary to process your IP address. This is usually transferred to a Google server in the USA and stored there as well. The provider of this website has no influence on this data transfer. If you are registered with a Google service, Google may, where applicable, associate the visit with your account and create a user profile. The legal basis for this is the GDPR.
You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal.
Further information about Google Tag Manager can be found at https://www.google.com/intl/de/tagmanager/faq.html and in Google’s privacy policy at https://policies.google.com/privacy?hl=de.
6.2.2 Google Analytics
If you have given your consent, Google Analytics is used on our website, a web analytics service provided by Google LLC. The responsible provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses cookies that enable an analysis of your use of our website. The information collected by means of the cookies about your user behavior is usually transferred to a Google server in the USA and stored there.
We use the AnonymizeIP function (so-called IP masking). Due to the activation of this so-called IP anonymization on our website, your IP address is truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and truncated there.
On our behalf, Google will use this information to evaluate your usage data of the website pseudonymized via IP masking and to compile reports on website activities. The reports provided by Google Analytics serve us to analyze the performance of our website and to measure the success of our marketing campaigns.
During your visit to our website, the following data is collected in particular:
- the pages you have accessed, your “click path”
- achievement of website goals (conversions, e.g., newsletter sign-ups, downloads, purchases)
- your user behavior (for example, clicks, dwell time, bounce rates)
- your approximate location (region)
- your IP address (in truncated form)
- technical information about your browser and the devices you use (e.g., language setting, screen resolution)
- your internet provider
- the referrer URL (information about which website or which advertising medium you used to reach this website)
For the purpose of this processing, we have concluded a data processing agreement with Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, including the current Standard Contractual Clauses of the EU Commission (EU SCCs).
The US company Google LLC, Mountain View, CA has certified itself for the EU-U.S. Data Privacy Framework and thereby participates in the current data protection agreement between the EU and the USA.
We would like to point out that it cannot be excluded that personal data may be transferred to the USA and that Google LLC as the US parent company or US security authorities may gain access to this data. In order to use the functions of Google Analytics, it is necessary to process your IP address. This is usually transferred to a Google server in the USA and stored there as well. The provider of this website has no influence on this data transfer. If you are registered with a Google service, Google may, where applicable, associate the visit with your account and create a user profile.
The legal basis for this data processing is your consent pursuant to Art. 6(1)(a) GDPR.
You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal.
Further information on the terms of use of Google Analytics and on data protection at Google can be found at:
https://marketingplatform.google.com/about/analytics/terms/de
https://policies.google.com/?hl=de
6.2.3 Google Ads
If you have given your consent, Google Ads and Google Marketing Platform by Google LLC are used on our website. The responsible provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The services enable us to place targeted advertisements and to measure the effectiveness of our advertising campaigns.
Google Ads
Google Ads is Google’s proprietary online advertising system. The purpose of the service is so-called conversion tracking.
A conversion occurs when you change from a merely interested website visitor to an active visitor, i.e., when you click on our advertisement and subsequently perform another action, such as visiting our website. Based on this data, we can determine how successful our advertising measures are. We thereby pursue the interest of displaying advertising to you that is of interest to you and of informing you about content relevant to you on our website.
Google Marketing Platform (doubleclick.net)
Google Marketing Platform is a unified advertising and analytics platform built on the existing integrations between DoubleClick and the Google Analytics 360 Suite. We use Google Marketing Platform for placing campaigns and for measuring their success.
We have integrated a conversion tracking tag or code snippet on our website in order to better analyze certain user actions. When you click on one of our Google Ads advertisements, the “Conversion” cookie is stored on your computer (usually in the browser) or mobile device by a Google domain.
During your visit to our website, the following data is collected in particular:
- IP address
- Unique cookie ID
- Number of ad impressions per placement (frequency)
- Last impression (relevant for post-view conversions)
- Opt-out information (indication that the user no longer wishes to be addressed)
For the purpose of this processing, we have concluded a data processing agreement with Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, including the current Standard Contractual Clauses of the EU Commission (EU SCCs).
The US company Google LLC, Mountain View, CA has certified itself for the EU-U.S. Data Privacy Framework and thereby participates in the current data protection agreement between the EU and the USA.
We would like to point out that it cannot be excluded that personal data may be transferred to the USA and that Google LLC as the US parent company or US security authorities may gain access to this data. In order to use the functions of Google Ads, it is necessary to process your IP address. This is usually transferred to a Google server in the USA and stored there as well. The provider of this website has no influence on this data transfer. If you are registered with a Google service, Google may, where applicable, associate the visit with your account and create a user profile.
The legal basis for this data processing is your consent pursuant to Art. 6(1)(a) GDPR.
You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal.
Further information on the terms of use of Google Ads and Google Marketing Platform and on data protection at Google can be found at:
https://support.google.com/tagmanager/topic/6334091?hl=de&ref_topic=3002579
https://support.google.com/tagmanager/answer/6105160?hl=de&ref_topic=6334091
https://ads.google.com/intl/de_de/home/faq/gdpr
https://marketingplatform.google.com/intl/de/about/support
https://support.google.com/marketingplatform/answer/9013946?hl=de
https://policies.google.com/privacy?hl=de
https://policies.google.com/terms?hl=de.
6.2.4 YouTube
We use the YouTube plugin operated by Google, YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. The responsible provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for embedding YouTube videos on our website.
The integration of YouTube videos is carried out in enhanced privacy mode, so that no personal data of our website visitors is transferred to YouTube in advance before they view the video. Despite the privacy-friendly integration, YouTube may use cookies and process further personal data from you.
If you grant your consent to the use of YouTube via the consent manager or actively confirm directly in the video preview window that you wish to have the corresponding content displayed via YouTube, you agree to the terms of use of YouTube and Google.
When using YouTube, the following additional services are provided and loaded by Google, which Google uses to provide YouTube:
- Google Web Fonts: Used to load fonts.
- Google APIs: Used to process API requests.
- YouTube Image CDN: Used to load images.
- Google Image CDN: Used to load images.
Through the transmission of YouTube content and the loading of further services, Google receives the information that you have accessed the corresponding content via our website. If you are registered with a Google service, Google may, where applicable, associate the visit with your account and create a user profile.
We would like to point out that we have no influence on the data processing by YouTube or Google in this regard and that it cannot be excluded that personal data may be transferred to the USA and that Google LLC as the US parent company or US security authorities may gain access to this data.
The legal basis for this data processing is your consent pursuant to Art. 6(1)(a) GDPR.
You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal.
Information on the purpose and scope of data processing by YouTube or Google, as well as the relevant rights and privacy settings for the protection of your privacy, can be found here:
https://www.youtube.com/intl/ALL_de/howyoutubeworks/user-settings/privacy
https://policies.google.com/privacy?gl=DE&hl=de.
6.2.5 Use of LinkedIn Insight Tag (LinkedIn Pixel)
If you have given your consent, we use the marketing service LinkedIn Insight Tag (LinkedIn Pixel) by LinkedIn Ireland, Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter referred to as LinkedIn) on our website. LinkedIn is a professional social network for businesses that connects users based on qualifications and professions.
Through the integration of this JavaScript tag, we are provided with functions and information to optimize our advertising campaigns, to re-engage our website visitors, and to learn more about our target audience. This enables us to display interest-based and relevant advertising to you when you visit LinkedIn or other websites that also use this method. We also receive statistics about our website visitors and aggregated information on criteria such as industry, job title, company size, career level, and location.
Furthermore, by means of a conversion tracking function, we can evaluate your interest in our offerings and your use of our LinkedIn advertising. In addition, we can display LinkedIn ads to you on other websites via retargeting.
The analysis by LinkedIn is carried out in pseudonymized form. LinkedIn does not share your identity or your personal data with us; rather, it generates statistical reports about our target audience and analyses of the performance of our ads for us. The pseudonymized data retained by LinkedIn is deleted within 180 days.
By integrating the LinkedIn Insight Tag, your browser automatically establishes a direct connection with the LinkedIn server, both when visiting the LinkedIn website and websites that also have the LinkedIn Insight Tag integrated. For the collection of your usage data when visiting our website and the transmission to the provider, LinkedIn and we are jointly responsible; however, after transmission of the data, LinkedIn is solely responsible for the material processing for the purposes described.
Further information on the joint controllership and on the processing of your personal data can be found at: https://legal.linkedin.com/pages-joint-controller-addendum.
We would like to point out that we have no influence on the nature and scope of the use of the data by LinkedIn. Please note, therefore, that by activating the LinkedIn Insight Tag, LinkedIn receives the information that you have accessed the corresponding page of our website or clicked on an advertisement from us. If you are registered with a LinkedIn service, LinkedIn can associate the visit with your account. Even if you are not registered with LinkedIn or have not logged in, there is the possibility that the provider may obtain your IP address, time window, and other identification features and link them to the actions attributed to you.
The legal basis for this data processing is your consent pursuant to Art. 6(1)(a) GDPR.
You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal.
LinkedIn also processes your personal data in the USA. The US company LinkedIn Corporation, Sunnyvale, California, has certified itself for the EU-U.S. Data Privacy Framework and thereby participates in the current data protection agreement between the EU and the USA. We have also concluded a data processing agreement with LinkedIn, including the current Standard Contractual Clauses of the EU Commission (EU SCCs).
LinkedIn members can control the use of their personal data for advertising purposes in their account settings. The deactivation of the LinkedIn Insight Tag and further advertising objections are possible in the advertising settings: www.linkedin.com/help/linkedin/answer/62931?trk=microsites-frontend_legal_privacy-policy&lang=en.
Additionally, you can object to retargeting at: www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Information on the purpose and scope of data processing by LinkedIn, as well as the relevant rights and privacy settings for the protection of your privacy, can be found in LinkedIn’s privacy policy and the LinkedIn Privacy Center:
https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy
If you contact us by email, your personal data transmitted with the email, such as your name, contact details including your email address, as well as the information you have otherwise provided.
This data is stored and used exclusively for responding to your inquiry or for contacting you and the associated technical administration.
The legal basis for this data processing is the performance of a contract or the implementation of pre-contractual measures pursuant to Art. 6(1)(b) GDPR, insofar as you have submitted a corresponding inquiry to us, or our legitimate interest in the smooth handling of our business communication pursuant to Art. 6(1)(f) GDPR.
Your data is stored only for as long as is necessary for the above-mentioned purpose. If the inquiry is associated with a contract, the data processed in this context will be deleted in accordance with the contractual term; otherwise, as soon as the storage is no longer necessary. If statutory retention periods apply, the processing will be restricted.
You have the option to subscribe to our newsletter via our website. If you subscribe to our newsletter, we use the personal data collected for this purpose via the registration form, such as your email address and, where applicable, your name and information about your company, exclusively for sending our newsletter.
If you are already a customer of ours or have participated in one of our events or similar, you will receive the newsletter as part of our existing-customer care.
The legal basis for the processing of your personal data for sending the newsletter is, where consent is given, Art. 6(1)(a) GDPR. The legal basis for sending the newsletter as a result of the sale of services is our legitimate interest in providing our existing customers with suitable offers and current information about our company (Art. 6(1)(f) GDPR in conjunction with Section 7(3) UWG).
You have the option at any time to cancel your subscription to the newsletter by clicking on the corresponding link at the end of the newsletter in order to remove yourself from the distribution list. Furthermore, you can send us a message in text form at any time to terminate the subscription with immediate effect. The consent to the storage of your personal data for the purpose of sending the newsletter is thereby likewise withdrawn.
If you unsubscribe from the newsletter, all personal data stored in connection with the sending of the newsletter will be deleted without delay.
To send our newsletter, we use Brevo. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. Our newsletter dispatch is organized with Brevo and statistically evaluated for marketing purposes.
For this purpose, we have concluded a data processing agreement pursuant to Art. 28 GDPR with the above-mentioned provider in order to ensure that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Your data will not be passed on to third parties unless there is a legal obligation to do so.
For the purpose of analysis, the emails sent with Brevo contain a so-called tracking pixel that connects to the servers of our service provider when the newsletter is opened. In this way, it can be evaluated whether the newsletter was opened. Furthermore, with the help of Brevo, we can determine which links in our newsletter were clicked and how often.
The legal basis for this data processing is your consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent to the analysis by Brevo at any time by unsubscribing from the newsletter as described above.
9.1 Inquiry via Contact Form
We offer you the opportunity to contact us on our website via the contact form and, if you are interested in our offerings and products, to submit your inquiry to us.
When using the contact form, you will be asked to enter your company name, name, email address, information about your interests in our services, and your message to us. Optionally, you can also provide us with your telephone number and request information material or book a product presentation.
We store and use the personal data that you transmit to us as part of your contact inquiry via the contact form exclusively to respond to your inquiry and, where applicable, for pre-contractual measures.
The legal basis for this processing is accordingly Art. 6(1)(b) GDPR.
If the inquiry is associated with a contract, the data processed in this context will be deleted in accordance with the contractual term; otherwise, as soon as the storage is no longer necessary. If statutory retention periods apply, the processing will be restricted.
9.2 Appointment Booking via the Contact Form
If you wish to arrange an appointment directly, e.g., for a consultation, a product presentation, or a demo call, you can use the direct appointment booking function in our contact form.
For this purpose, we use the service Microsoft Bookings. The provider is Microsoft Ireland Operations, Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (hereinafter Microsoft).
For this purpose, we have concluded a data processing agreement (Data Processing Addendum) with Microsoft, including the current Standard Contractual Clauses of the EU Commission (EU SCCs), and have contractually agreed that the processing of personal data takes place exclusively within the EU.
Nevertheless, we would like to point out that it cannot be entirely excluded that personal data may be transferred to the USA or that US security authorities may gain access to it.
All data that you provide to us as part of your contact and appointment booking, as well as your email and IP address and further data strictly necessary for sending and receiving mail and for booking appointments, are stored on Microsoft’s servers within the European Economic Area.
The legal basis for this data processing is the performance of a contract or the implementation of pre-contractual measures pursuant to Art. 6(1)(b) GDPR, insofar as you have submitted a corresponding inquiry to us, or our legitimate interest in the smooth internal handling of our business communication pursuant to Art. 6(1)(f) GDPR.
Your data is stored only for as long as is necessary for the above-mentioned purpose. The stored data will be deleted after the processing purpose has ceased to apply and taking into account the statutory retention periods.
Further information on how Microsoft handles customer data can be found here: https://www.microsoft.com/de-de/trust-center/privacy/data-access.
On our careers page you have the option of applying online for advertised positions or submitting a speculative application. If you make use of this offer, a new window opens with an application form.
If you submit your application to us in this way, we process the data you enter via the form about your person, such as name, address, contact details, date of birth, as well as the application documents attached, such as files relating to your application (e.g. cover letter, curriculum vitae, references).
The data transmitted in the course of your application via the application form is transferred in encrypted form to our service provider HRworks. The provider is HRworks GmbH, Waldkircher Str. 28, 79106 Freiburg, Germany, which offers personnel administration and applicant management software. For this purpose, we have concluded a data processing agreement with HRworks GmbH in accordance with Art. 28 GDPR.
Of course, you can also send us your application by e-mail. In this case, we will accordingly process your e-mail address and the data you transmit. No transfer to further services or to third parties takes place.
The processing of your applicant data takes place for the purpose of conducting and handling the application procedure and assessing the extent to which you are suitable for the relevant position. Ultimately, the processing of applicant data is necessary in order to be able to decide on the establishment of an employment relationship. The legal basis for the processing is § 26(1) BDSG in conjunction with Art. 88 GDPR.
After completion of the application procedure and once all candidates have been informed of the outcome, the application data is stored for a maximum of six months and, in the event of a rejection, deleted without delay after expiry of this period, unless further storage is required for the purpose of providing evidence or applicants have consented to longer storage.
The further storage period in the event that an employment contract is concluded results from our legal obligations as an employer to perform the employment relationship pursuant to § 26(1) BDSG in conjunction with Art. 88 GDPR and the statutory retention periods.
The companies of the paricon Group (paricon AG, paricon Systems Integration AG and paricon products GmbH) work closely together on development projects and in the performance of service contracts. As a result of this cooperation, we may also process your personal data jointly within the scope of the application procedure. In order to safeguard your rights and taking into account the requirements of the EU General Data Protection Regulation (GDPR), we have concluded an agreement that establishes rules on the processing of your personal data. As so-called joint controllers in accordance with Art. 26 GDPR, we are jointly responsible for the processing of your data.
If you have any questions about data protection or the processing of your personal data, you can contact us at any time.
Please understand that we can only consider applications that are completely filled in and contain all the data required for the application procedure. Without provision of the data required for the proper conduct of the application procedure, your application unfortunately cannot be processed. In this case, we will delete any data already submitted without delay after expiry of the application deadline, but at the latest after completion of the application procedure.
Of course, you can also send us your application by e-mail. In this case, we will accordingly process your e-mail address and the data you transmit. No transfer to further services or to third parties takes place.
After sending your application, you will receive a confirmation of receipt of your application documents from us by e-mail.
The processing takes place for the purpose of conducting and handling the application procedure and assessing the extent to which you are suitable for the relevant position. Ultimately, the processing of applicant data is necessary in order to be able to decide on the establishment of an employment relationship. The legal basis for the processing is § 26(1) BDSG in conjunction with Art. 88 GDPR.
After completion of the application procedure and once all candidates have been informed of the outcome, the application data is stored for a maximum of six months and, in the event of a rejection, deleted without delay after expiry of this period, unless further storage is required for the purpose of providing evidence or applicants have consented to longer storage.
We use the possibility of company presences on the professional networks LinkedIn and Xing.
The legal basis for operating these profile pages is our legitimate interest in accordance with Art. 6(1)(f) GDPR in presenting our company comprehensively on the internet and getting in contact with other users, interacting with them and answering enquiries. We point out that we have no influence on the data processing of these networks, in particular the analysis processes carried out by social networks, and that these processing operations may be based on differing legal bases, which must in each case be stated by the social media operators.
Please note in this regard the respective privacy policies of the individual providers as indicated in the following sections.
Social networks can generally analyze your user behavior comprehensively when you visit their website or a website with integrated content such as like buttons or advertising banners. When visiting our social media pages, you may be subject to the following data processing operations:
Should you be logged in to your account on the respective platforms and visit our profile page there, the operator can attribute this to your user account.
However, your personal data may also be collected via cookies or by processing your IP address if you are not logged in or do not have an account with the respective provider.
With this data, the operators create so-called user profiles, in which your interests and the actions you carry out on the internet are stored, in order to use your profile data for their own purposes where applicable.
If you visit one of our profile pages, we may be jointly responsible with the operator for the data processing. You can in principle assert your rights (access, rectification, erasure, restriction of processing, data portability and complaint) both towards us and towards the respective provider.
If you share, “like” or comment on our posts, we process this information about the interaction as well as your profile data. In addition, we may contact members of the professional networks directly if the information in the profile has aroused our interest. In doing so, we process the available profile data.
The data collected directly by us via our profile pages as well as personal data that you transmit to us in the course of a contact enquiry will be deleted from our systems as soon as the purpose for storing the data no longer applies, you request us to delete it or you withdraw your consent to storage. Mandatory statutory provisions such as retention periods remain unaffected.
We have no influence on the storage period of your data that is processed by the operators of social or professional networks for their own purposes. In this regard, please observe the terms of use and privacy policies of the individual providers.
11.1 LinkedIn
We operate a company profile on the LinkedIn portal, a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
If you are interested in working with us or in our job advertisements, you have the option of getting in contact with us via our LinkedIn profile. In doing so, we process the available profile data (e.g. job title, company name, sector, education, professional experience, skills, contact options, photo) as well as the content of the message in order to process your enquiry.
In addition, the legal basis for this data processing is Art. 6(1)(b) GDPR for the performance of a contract or the implementation of pre-contractual measures with potential employees.
We have concluded a data processing agreement with the company LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, incorporating the current standard contractual clauses of the EU Commission (EU-SCC).
We point out that we have no influence on the data processing by LinkedIn and that it cannot be ruled out that personal data is transferred to the USA or that US security authorities obtain access to it.
Information on the purpose and scope of the data processing by LinkedIn as well as the related rights and setting options for protecting the privacy of users can be found in the privacy policy of LinkedIn:
https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
11.2 XING
We have a business profile at XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
If you are interested in working with us or in our job advertisements, you have the option of getting in contact with us via our Xing profile. In doing so, we process your available profile data (e.g. job title, company name, sector, education, professional experience, skills, contact options, photo) as well as the content of the message in order to process your enquiry.
In addition, the legal basis for this data processing is Art. 6(1)(b) GDPR for the performance of a contract or the implementation of pre-contractual measures with potential employees.
With XING there is joint responsibility for the data processing in accordance with Art. 26 GDPR. Information on the purpose and scope of the data processing by XING as well as the related rights and setting options for protecting the privacy of users can be found in the privacy policy of XING:
Dear customers, dear prospective customers,
we are pleased about your interest in our company and in our services. With this data protection information, we would like to inform you below about the processing of personal data in the course of communication with our prospective customers and the handling of customer orders at paricon.
1. Scope of application
This data protection information is intended to give you an overview of how your personal data is processed by us in the course of handling enquiries from prospective customers and in the course of performing service contracts with our customers.
In accordance with our information obligations under Art. 13 GDPR, we provide you below with detailed information on data processing in our company. If you have any questions about data protection, we are available to you at any time using the contact details listed below.
For terms such as “personal data” or “processing”, the statutory definitions from Art. 4 GDPR are authoritative. We reserve the right to adapt this data protection information with effect for the future, in particular in the event of an expansion of our business areas or a change in the legal bases or the corresponding case law.
2. Data controller
paricon
Kufsteiner Str. 103
83026 Rosenheim
Germany
Tel.: +49 (0) 8031 40896-0
E-mail: info@paricon.de
Web: https://www.paricon.de
Information about the joint processing of your data
paricon AG, paricon Systems Integration AG and paricon products GmbH work closely together on development projects and in the performance of service contracts. As a result of this cooperation, we also process your personal data jointly.
In order to safeguard your rights and taking into account the requirements of the EU General Data Protection Regulation (GDPR), we have concluded an agreement that establishes rules on the processing of your personal data. As so-called joint controllers in accordance with Art. 26 GDPR, we are jointly responsible for the processing of your data. We would like to provide you with further information on this below.
The data controllers in accordance with Art. 4(7) GDPR are:
paricon AG
Kufsteiner Str. 103, D-83026 Rosenheim
Management Board: Carsten Bein, Anton Taubenberger
Tel.: +49 (0) 8031 40896-0
E-mail: info@paricon.de
paricon Systems Integration AG
Kufsteiner Str. 103, D-83026 Rosenheim
Management Board: Carsten Bein
Tel.: +49 (0) 8031 40896-0
E-mail: info@paricon.de
paricon products GmbH
Kufsteiner Str. 103, D-83026 Rosenheim
Managing Director: Anton Taubenberger
Tel.: +49 (0) 8031 40896-0
E-mail: info@paricon.de
3. Contact details of the data protection officer
Should you have any questions on the subject of data protection at paricon, you can contact the contact details named in the “Data controller” section above or our data protection officer.
The data protection officer of the data controller is:
Dr. Sabine Schmalzer
Schmalzer mind+engineering GbR
Bamerstr. 3
D-85579 Neubiberg
E-mail: datenschutz@paricon.de
4. Your rights
We have jointly agreed on how we safeguard your rights and have specified in more detail which obligations each party fulfills to meet the duties of the GDPR. This concerns in particular the exercise of the rights of data subjects and the fulfillment of the information obligations under Art. 13 and 14 GDPR.
We have designated paricon AG as the joint point of contact for data protection enquiries. With regard to the processing of your data, you can contact paricon AG at any time using the contact details provided above and assert your rights.
You have the following rights with regard to the personal data concerning you, which you can assert towards us:
- Right of access: You can request access in accordance with Art. 15 GDPR to your personal data that we process.
- Right to rectification: Should the information concerning you no longer be (or have ceased to be) accurate, you can request rectification in accordance with Art. 16 GDPR. Should your data be incomplete, you can request completion.
- Right to erasure: You can request the erasure of your personal data in accordance with Art. 17 GDPR.
- Right to restriction of processing: In accordance with Art. 18 GDPR, you have the right to request a restriction of your personal data.
- Right to object to processing: You have the right, on grounds relating to your particular situation, to object at any time, in accordance with Art. 21(1) GDPR, to the processing of your personal data carried out on the basis of Art. 6(1)(e) or (f) GDPR. In this case, we will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or where the processing serves to assert, exercise or defend legal claims (Art. 21(1) GDPR). Furthermore, in accordance with Art. 21(2) GDPR, you have the right to object at any time to the processing of personal data concerning you for the purpose of direct marketing; this also applies to any profiling insofar as it is connected with such direct marketing. We draw your attention to the right to object in this data protection information in connection with the respective processing.
- Right to withdraw your consent: Insofar as you have given your consent for a processing operation, you have a right of withdrawal in accordance with Art. 7(3) GDPR.
- Right to data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format (“data portability”) as well as the right to have this data transmitted to another controller where the conditions of Art. 20(1)(a), (b) GDPR are met (Art. 20 GDPR).
You can assert your rights by notification to the contact details named in the “Data controller” section or towards the data protection officer designated by us.
If you are of the opinion that the processing of your personal data infringes data protection law, you also have the right, in accordance with Art. 77 GDPR, to lodge a complaint with a data protection supervisory authority of your choice. This also includes the data protection supervisory authority competent for the data controller:
Bayerisches Landesamt für Datenschutzaufsicht
Postfach 1349
91504 Ansbach
Germany
Phone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
E-mail: poststelle@lda.bayern.de
5. Processing of your personal data in the course of your business relationship
5.1. Purposes of the processing
The processing of your personal data takes place in principle only insofar as this is necessary for the performance of the contract with our customers or for the implementation of pre-contractual measures (Art. 6(1)(b) GDPR). The processing of customer and prospective customer data always takes place on the basis of the legal basis of Art. 6(1) GDPR or directly on the basis of relevant laws (UStG, HGB).
After the purpose has been achieved, your personal data will be deleted, unless we are entitled or obliged to further retain it and to carry out the processing required in the respective context on the basis of statutory obligations (e.g. § 257 HGB, § 147 AO) or on the basis of legitimate interests.
Insofar as a transfer of your personal data to other bodies or third parties is required within the scope of our statutory obligations, such transmission takes place exclusively in compliance with the data protection requirements.
Video surveillance
We have installed a video surveillance system in the entrance area of our business premises as well as in the server rooms. The legal basis for the processing is Art. 6(1)(f) GDPR. Our legitimate interest in the video surveillance lies in the prevention and prosecution of criminal offenses, such as thefts, burglaries and vandalism. The recordings are stored for a period of 72 hours and then deleted. For the purpose of solving criminal offenses, the recordings may, if necessary, be forwarded to law enforcement authorities.
You can object to the described processing if you have legitimate grounds arising from your particular situation. You can exercise your right to object by sending us a notification using the contact details provided under “Data controller”.
5.2. Data categories
At paricon, we process exclusively personal data that is necessary for the performance of the contractually agreed service. For this purpose, we sometimes require the data of our contact persons, e.g. names and contact details and information on function and area of work. We store this necessary information in our customer and prospective customer file. Furthermore, we may process the data of the contact persons for accounting purposes.
In detail, we process the following categories of personal data:
- personal data of our contact persons (such as first name, surname, name affixes such as academic degrees/titles, company function)
- company contact details (business (mobile) telephone number, company e-mail address)
- contract data and project-related data as well as project content
- business correspondence including e-mail documents
- invoice data (e.g. invoices, accounting vouchers, tax data, bank details of the customer company)
- documentation of visits (check-in and check-out date and time of the visit)
- if applicable: declarations of agreement and/or data protection consents to data processing (e.g. consent to receiving the newsletter or to receiving advertising by e-mail)
5.3. Storage period
Your personal data is stored by us and on our systems only for as long as the respective purpose for the data processing has not ceased to apply. Insofar as we cannot assert any other grounds or legal obligations for the retention, your personal data will be deleted upon expiry of the purpose of the data processing.
Our tax and commercial accounting obligations result from § 147 AO as well as §§ 257 et seq. HGB and, for invoices, from § 14b UStG.
If you submit a legitimate erasure request or withdraw your consent to the data processing, your personal data will be deleted, unless we have other legally binding grounds for the storage.
6. Recipients or categories of recipients of your personal data
Should it be necessary, within the scope of the purposes described above, to transmit your personal data to external recipients, such a transfer takes place exclusively within the framework of the statutory provisions and in compliance with our data protection obligations.
A transmission may take place insofar as
- it is necessary for the establishment, performance or termination of legal transactions with our company (Art. 6(1)(b) GDPR) or
- a service provider or contractor whom we engage in the course of the performance of the employment relationship requires this data or
- an enforceable official or judicial order (Art. 6(1)(c) GDPR) exists or
- we are obliged to do so by law (Art. 6(1)(c) GDPR) or
- the processing is necessary to protect your vital interests or those of another natural person (Art. 6(1)(d) or Art. 9(2)(c) GDPR) or
- it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (Art. 6(1)(e) GDPR or Art. 9(2)(i) GDPR in conjunction with § 22(1) no. 1(c) BDSG) or
- we are entitled or even obliged to transmit it for the purpose of pursuing overriding legitimate interests (Art. 6(1)(f) GDPR).
Within the scope of the performance of a contract or for the implementation of pre-contractual measures, your personal data may be transmitted to the following external recipients:
- tax authorities
- tax advisors
- contractors and service providers (e.g. software providers, IT support service providers)
Insofar as your personal data is transmitted to contractors and service providers located outside the EU or the EEA, such a transfer takes place exclusively in compliance with the requirements of the GDPR.
Microsoft
To handle our business operations, we use Microsoft 365 with the common Office applications (e.g. Outlook for e-mail communication and Teams for video conferences). For this purpose, we have concluded a data processing agreement with Microsoft incorporating the current standard contractual clauses of the EU Commission and contractually agreed the processing of personal data exclusively within the EU.
This means that your personal data, which is collected and stored during the use of the Microsoft software and relevant applications, is in principle only stored on servers in the European Union. Nevertheless, we point out that it cannot be entirely ruled out that personal data is transferred to the USA and that Microsoft Corporation as the US parent company or US security authorities obtain access to this data.
We have taken appropriate technical and organizational measures to ensure that the processing of the personal data of our customers and prospective customers via Microsoft 365 takes place exclusively to the necessary and permissible extent and, in particular in accordance with the principle of data minimization, that no data is collected that is not absolutely necessary for the fulfillment of our contractual obligations. For questions regarding Microsoft, we are happy to be available to you using the contact details named above.
Dear applicants,
with this data protection information, we would like to inform you below about the processing of the personal data you provide in the course of your application and your related rights.
In doing so, we provide you with comprehensive information about the processing of your personal data throughout the entire application procedure.
1. Scope of application
This data protection information is intended to give you an overview of how your personal data is processed in the course of the application procedure at paricon.
In accordance with our information obligations under Art. 13 GDPR, we provide you below with detailed information on data processing in our company. If you have any questions about data protection, we are available to you at any time using the contact details listed below.
For terms such as “personal data” or “processing”, the statutory definitions from Art. 4 GDPR are authoritative. We reserve the right to adapt this data protection information with effect for the future, in particular in the event of an expansion of our business areas or a change in the legal bases or the corresponding case law.
2. Data controller
paricon AG
Kufsteiner Str. 103
83026 Rosenheim
Germany
Tel.: +49 (0) 8031 40896-0
E-mail: info@paricon.de
Web: https://www.paricon.de
Information about the joint processing of your data
paricon AG, paricon Systems Integration AG and paricon products GmbH work closely together on development projects and in the performance of service contracts. As a result of this cooperation, we also process your personal data jointly.
In order to safeguard your rights and taking into account the requirements of the EU General Data Protection Regulation (GDPR), we have concluded an agreement that establishes rules on the processing of your personal data. As so-called joint controllers in accordance with Art. 26 GDPR, we are jointly responsible for the processing of your data.
We would like to provide you with further information on this below.
The data controllers in accordance with Art. 4(7) GDPR are:
paricon AG
Kufsteiner Str. 103, D-83026 Rosenheim
Management Board: Carsten Bein, Anton Taubenberger
Tel.: +49 (0) 8031 40896-0
E-mail: info@paricon.de
paricon Systems Integration AG
Kufsteiner Str. 103, D-83026 Rosenheim
Management Board: Carsten Bein
Tel.: +49 (0) 8031 40896-0
E-mail: info@paricon.de
paricon products GmbH
Kufsteiner Str. 103, D-83026 Rosenheim
Managing Director: Anton Taubenberger
Tel.: +49 (0) 8031 40896-0
E-mail: info@paricon.de
3. Contact details of the data protection officer
Should you have any questions on the subject of data protection at paricon, you can contact the contact details named in the “Data controller” section above or our data protection officer.
The data protection officer of the data controller is:
Dr. Sabine Schmalzer
Schmalzer mind+engineering GbR
Bamerstr. 3
D-85579 Neubiberg
E-mail: datenschutz@paricon.de
4. Your rights
We have jointly agreed on how we safeguard your rights and have specified in more detail which obligations each party fulfills to meet the duties of the GDPR. This concerns in particular the exercise of the rights of data subjects and the fulfillment of the information obligations under Art. 13 and 14 GDPR.
We have designated paricon AG as the joint point of contact for data protection enquiries. With regard to the processing of your data, you can contact paricon AG at any time using the contact details provided above and assert your rights.
You have the following rights with regard to the personal data concerning you, which you can assert towards us:
- Right of access: You can request access in accordance with Art. 15 GDPR to your personal data that we process.
- Right to rectification: Should the information concerning you no longer be (or have ceased to be) accurate, you can request rectification in accordance with Art. 16 GDPR. Should your data be incomplete, you can request completion.
- Right to erasure: You can request the erasure of your personal data in accordance with Art. 17 GDPR.
- Right to restriction of processing: In accordance with Art. 18 GDPR, you have the right to request a restriction of your personal data.
- Right to object to processing: You have the right, on grounds relating to your particular situation, to object at any time, in accordance with Art. 21(1) GDPR, to the processing of your personal data carried out on the basis of Art. 6(1)(e) or (f) GDPR. In this case, we will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or where the processing serves to assert, exercise or defend legal claims (Art. 21(1) GDPR). Furthermore, in accordance with Art. 21(2) GDPR, you have the right to object at any time to the processing of personal data concerning you for the purpose of direct marketing; this also applies to any profiling insofar as it is connected with such direct marketing. We draw your attention to the right to object in this data protection information in connection with the respective processing.
- Right to withdraw your consent: Insofar as you have given your consent for a processing operation, you have a right of withdrawal in accordance with Art. 7(3) GDPR.
- Right to data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format (“data portability”) as well as the right to have this data transmitted to another controller where the conditions of Art. 20(1)(a), (b) GDPR are met (Art. 20 GDPR).
You can assert your rights by notification to the contact details named in the “Data controller” section or towards the data protection officer designated by us.
If you are of the opinion that the processing of your personal data infringes data protection law, you also have the right, in accordance with Art. 77 GDPR, to lodge a complaint with a data protection supervisory authority of your choice. This also includes the data protection supervisory authority competent for the data controller:
Bayerisches Landesamt für Datenschutzaufsicht
Postfach 1349
91504 Ansbach
Germany
Phone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
E-mail: poststelle@lda.bayern.de
5. Processing of your personal data in the course of your application
5.1. Purposes of the processing
The processing of your personal data takes place in principle only insofar as this is necessary in the course of conducting the entire application procedure. The processing of the data takes place on the basis of the legal basis of Art. 6(1) or Art. 9 GDPR or directly on the basis of relevant laws (e.g. BDSG).
After the purpose has been achieved, your personal data will be deleted, unless we are entitled or obliged to further retain it and to carry out the processing required in the respective context on the basis of statutory obligations (e.g. § 257 HGB, § 147 AO) or on the basis of legitimate interests.
A transfer of your personal data to other persons, companies or bodies, in particular of health data to third parties, does not take place in principle, unless we are legally obliged to do so or you have separately consented to such a transfer.
5.2. Data categories
Within the scope of your application, we process exclusively the data necessary for the conducting and handling of the application procedure and the assessment of the extent to which you are suitable for the relevant position. Ultimately, the processing of applicant data is necessary in order to be able to decide on the establishment of an employment relationship. The legal basis for the processing is § 26(1) BDSG in conjunction with Art. 88 GDPR.
In detail, we process the following data categories about your person:
- master data (such as first name, surname, name affixes such as academic degrees/titles, nationality)
- contact details (such as private address, (mobile) telephone number, e-mail address)
- data of the entire application procedure (cover letter, references, questionnaires, interviews as well as any performance assessments, qualifications and previous activities)
- if attached by you to your application documents, your applicant photo where applicable
- special categories of personal data in accordance with Art. 9 GDPR, if these were voluntarily provided by you in the course of your application, where applicable also health data, information on ethnic origin, religious affiliation, details of marital status, information on severe disability status and degree of disability
- if applicable: declarations of agreement and/or data protection consents to data processing
Note:
Special categories of personal data that may be contained in your application letter and the attached documents are stored by us exclusively within the scope of conducting the application procedure until its completion. This information will not be taken into account in the application process, unless, as in the case of a severe disability, there is a legal obligation to do so (§ 81(1) SGB IX).
Within the scope of your application with us, you are not obliged to submit an applicant photo. In addition, you are not obliged to provide information that contains special categories of personal data. The submission of application documents without such information has no effect on your chances in the application procedure.
5.3. Storage period
Your personal data is stored by us and on our systems only for as long as the respective purpose for the data processing has not ceased to apply. Insofar as we cannot assert any other grounds or legal obligations for the retention, your personal data will be deleted upon expiry of the purpose of the data processing.
If you submit a legitimate erasure request or withdraw your consent to the data processing, your personal data will be deleted, unless we have other legally binding grounds for the storage.
After completion of the entire application procedure and once all candidates have been informed of the outcome, your application data is stored for a maximum of six months and, in the event of a rejection, deleted without delay after expiry of this period, unless further storage is required for the purpose of providing evidence or you have consented to longer storage. In this case, we will obtain consent to such further storage separately, e.g. for the purpose of inclusion in an applicant pool or in order to contact you at a later point in time and continue the application procedure should you be considered for another position. We will inform you separately about the duration of the extended storage within the scope of the consent.
Our right of retention to safeguard our own rights until expiry of the deletion period results from § 199(3) no. 2 BGB. Furthermore, for the duration of the possibility of asserting your rights as a data subject, e.g. until the withdrawal of your consent in accordance with Art. 7(3) GDPR, we are obliged to store the data necessary for this purpose.
In the event that an employment contract is concluded, the further storage period of relevant personal data results from our legal obligations as an employer to perform the employment relationship pursuant to § 26(1) BDSG in conjunction with Art. 88 GDPR and the statutory retention periods.
6. Recipients or categories of recipients of your personal data
Within the scope of the application procedure, it may be necessary to transmit your personal data to the recipients described below. Such a transfer takes place exclusively within the framework of the statutory provisions and in compliance with our data protection obligations.
A transmission may take place insofar as
- it is necessary for the decision on the establishment of the employment relationship (Art. 6(1)(b) GDPR) or
- a service provider or contractor whom we engage in the course of the performance of the employment relationship requires this data or
- we are obliged to do so by law (Art. 6(1)(c) GDPR).
To handle the application procedure, your personal data may be transmitted to the following recipients:
- HR department
- management
- selected employees, e.g. a team lead with a supervisory function
- contractors and service providers (e.g. software providers, IT support service providers)
Insofar as your personal data is transmitted to contractors and service providers located outside the EU or the EEA, such a transfer takes place exclusively in compliance with the requirements of the GDPR.
Microsoft
To handle our business operations, we use Microsoft 365 with the common Office applications (e.g. Outlook for e-mail communication and Teams for video conferences). For this purpose, we have concluded a data processing agreement with Microsoft incorporating the current standard contractual clauses of the EU Commission and contractually agreed the processing of personal data exclusively within the EU.
This means that, in the course of e-mail communication with you and during interviews via Microsoft Teams, your personal data, which is collected and stored for the provision and during the use of the Microsoft software, is in principle only stored on servers in the European Union. Nevertheless, we point out that it cannot be entirely ruled out that personal data is transferred to the USA and that Microsoft Corporation as the US parent company or US security authorities obtain access to this data.
We have taken appropriate technical and organizational measures to ensure that the processing of personal data via Microsoft 365 takes place exclusively to the necessary and permissible extent and, in particular, that no recording of Teams conferences takes place. For questions regarding Microsoft, we are happy to be available to you using the contact details named above.