Skip to content

Privacy policy

Last updated on 26.09.2022

1. Introduction and general information

Rokaware S.L. (“Rokaware”, “Netzo,” “we,” or “us”), who offers an all-in-one orchestration platform for IoT and IT services with combined developer features and functions.

This Privacy Policy (“Policy”) applies to the personal information Rokaware S.L., branded under the product name "Netzo", its subsidiaries, located worldwide within the Netzo family of companies (“Affiliates”), collect through https://netzo.io/ (“Website”), owned or controlled by us or within the Netzo family of companies that give reference to this Policy.

A separate privacy policy applies to our web application, available at https://app.netzo.io/, herein onwards ("Platform"). Collectively referred to as "Services". The data collected will be processed in accordance with the statutory data protection regulations.

2. Contact Information

2.1 Identity and contact of the data controller under data protection law:

Main place of business (HQ)

Spain
Rokaware S.L.
Paseo de la Castellana 30, Bajo Derecha
28046 Madrid, Spain
+34 910 601 536
[email protected]
https://netzo.io

Managing Director:
Arturo Romero Karam (M. Sc.)
Place of jurisdiction: Madrid Local Court
NIF (Tax-ID): B09980772

Netzo family of companies ("Affiliates")

GermanyMexico
Asterisc GmbH
Tal 44, 80331 Munich, Germany
+49 892 4886 6390

Managing Director:
Arturo Romero Karam (M. Sc.)
Place of jurisdiction: Munich Local Court
Commercial register number: HRB 265887
USt-ID (Tax-ID): DE344312042
Rokaware S.A.P.I. de C.V.
Corinto 206, San Pedro Garza Garcia
Nuevo Leon, 66274 Mexico

Managing Director:
Arturo Romero Vargas (MBA)
RFC (Tax-ID): ROK220225I67


2.2 Contact of the data protection officer:

Proliance GmbH / datenschutzexperte.de
Data Protection Officer
Leopoldstr. 21
80802 Munich
[email protected]

INFO

Support in English and German. For questions in Spanish, please write to us at: [email protected]

When contacting the data protection officer, please state the company to which your request relates. Please DO NOT provide sensitive information that could identify you, e.g. attaching copy of ID.

3. Data protection regarding the Joint Controllership ("JC")

In the course of the use of our Services, ROKAWARE S.L. and its Affiliates (hereinafter "the Controllers") shall work closely together. This also concerns the processing of personal data relating to you. In this regard, the Controllers are jointly responsible for the protection of the personal data they process to the extent described below (Art. 26 GDPR).

3.1 Agreement made by the parties

Within the scope of their joint responsibility under data protection law, ROKAWARE S.L. and its Affiliates have set out in a written agreement which of the controllers are subject to certain obligations under data protection law and who of the controllers fulfills which obligations. In particular, the data controllers have reached an agreement on who is responsible for exercising data subject rights in accordance with Art. 15-22 of the GDPR and for fulfilling information obligations in accordance with Art. 12-14 of the GDPR (see point 3.3).

3.2 Processing operations covered by the joint responsibility

Your data is collected as part of:

  • Submitting inquiries and/or requests to the Controllers through email, telephone, or through the Services;

  • Registration and/or through a purchase process in the Platform.

  • While using and navigating through our Services (according to your consent collected through the cookie banner)

  • Applications sent through our job portal or email.

In particular, the data is centrally processed in the CRM, HR or respective system by ROKAWARE S.L. for order management and passed on to the Affiliates for order fulfillment.

Apart from the processing operations listed above, the (further) processing of personal data is carried out in each case under the separate responsibility of ROKAWARE S.L. and its Affiliates.

You will be informed separately by the respective controller about the areas in which any company under the Netzo family of companies act under their own responsibility.

3.3 Separation of Controller obligation under GDPR and its meaning to you as data subject

Within the scope of their joint responsibility under data protection law, ROKAWARE S.L. and its Affiliates have agreed, who fulfills which obligations under the GDPR and have specified this in a written agreement:

Processing activity Obligation under data protection law Responsible company in charge of the duty and description of its implementation
Operation and provision of the Services, Registration and use of the Platform
Information obligations pursuant to Art. 12 et seq. GDPR and Art. 26 para. 2 (2) GDPRROKAWARE S.L.
Operation and provision of the Services, Registration and use of the PlatformProcessing of requests to exercise data subject rights according to Art. 15-21 GDPRThe persons responsible inform each other immediately about the rights of data subjects asserted by data subjects in accordance with Art. 12 et seq. GDPR. They provide each other with all the information necessary to respond to requests for information or other inquiries.
Operation and provision of the Services, Registration and use of the PlatformData protection incidents: Fulfillment of obligations according to Art. 33, 34 GDPRThe persons responsible are jointly responsible for examining and processing in the event of violations of the protection of personal data or a security-related disruption in joint data processing, including the fulfillment of any reporting obligations to the competent supervisory authority (Article 33 GDPR) or notification obligations towards the data subjects that may be triggered as a result (Art. 34 GDPR) responsible. The persons responsible have undertaken to inform each other immediately and completely if they identify errors or irregularities with regard to data protection regulations when checking the processing activities.
Operation and provision of the Services, Registration and use of the PlatformEnsuring appropriate technical and organizational measures according to Art. 24, 25, 32 GDPRThe Controllers are jointly responsible for ensuring appropiate technical and organizational measures in joint data processing according to Art. 24, 25, 32 GDPR

In addition, the responsible parties shall ensure that employees maintain the confidentiality are appropriately bound to confidentiality under data protection law and instructed guidelines on the protection of data that are relevant to them.

The Controllers shall ensure that the processing operations covered by the joint controllership are documented in their processing records pursuant to Article 30 (1) of the GDPR and that other documentation is prepared to fulfill the accountability obligation pursuant to Article 5 (2) of the GDPR.

The responsible parties shall independently ensure that the statutory provisions on the deletion of data and the restriction of data processing are complied with. The responsible parties shall observe the statutory retention obligations.

You can find the rights you are entitled to and the contact details for asserting your rights in section "Your rights" in this Privacy Policy. Notwithstanding the above arrangements, data subject rights can be asserted with all data controllers using the contact details described in section "Contact information" of this Privacy Policy or by sending an email to: [email protected]

4. Definitions

Our privacy policy should be simple and understandable for everyone. For this reason, our privacy policy generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 GDPR.

5. Access to and storage of information in terminal equipment

By using our platform, access to information (e.g. IP address) or storage of information (e.g. cookies) in your terminal equipment and a subsequent processing of personal data within the meaning of the GDPR may occur. In cases where such access to information or such storage of information is strictly necessary for the technically error-free delivery of our services, this is done on the basis of §25 (1)(1) and §25 (2)(2) Telecommunications and Telemedia Data Protection Act (TTDSG).

In cases where such a process serves other purposes (e.g. the needs-based design of our platform), this will only be carried out on the basis of § 25 (1) TTDSG with your consent pursuant to Art. 6 (1)(a) GDPR. The consent can be revoked at any time with effect for the future.

For more information on the processing of your personal data and the relevant legal basis in this context, please refer to the following sections on the specific processing activities on our platform.

6. Hosting

This website is hosted by an external service provider (Cloudflare) and is hosted through Cloudflare's CDN. A content delivery network (CDN) is a distributed server infrastructure that enables faster download speed and better performance while navigating through our sites. Our website is therefore served by many servers worldwide. Personal data collected on this web-application is stored on the hoster's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, web page accesses and other data generated.

We have concluded a Data Processing Agreement with the providers in accordance with the requirements of Art. 28 GDPR, in which we oblige them to protect the data of our customers and not to pass them on to third parties.

7. Server-Logfiles

Once you visit our website, it is technically necessary that data is transmitted to our web server via your internet browser. The following data is recorded during an active connection for communication between your internet browser and our web server:

  • Visited domain
  • Date and time of the request
  • The page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Web browser and operating system used
  • IP address of the requesting computer
  • Amount of data transferred

We collect the listed data in order to be able to guarantee a smooth connection to the website and a technically error-free provision of our services. In addition, the log file is used to evaluate system security and stability as well as for administrative purposes. The legal basis for the temporary storage of the data or the log files is Art. 6 (1)(f) GDPR. These logs are stored by default for a period of 3 days by our hosting provider. Please review the subsection on our hosting service provider Cloudflare in the "Third-party tools we use" section in this privacy policy for more information.

8. Cookies and similar tools

Our web-application uses so-called “cookies”. Cookies are small text files that are either temporarily stored on your end device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.

Cookies have various functions. Many cookies are technically necessary, as certain web-application functions would not work without them (e.g. the shopping basket function or language settings). Other cookies are used to evaluate user behavior or display advertising.

The processing of data using strictly necessary cookies is based on a legitimate interest pursuant to Art. 6 (1)(f) GDPR in the technically error-free delivery of our services. For details on the processing purposes and legitimate interests, please refer to the following explanations on the specific data processing.

The processing of personal data using other cookies is based on consent in accordance with Art. 6 (1)(a) GDPR. The consent can be revoked at any time with effect for the future. Insofar as such cookies are used for analysis and optimization purposes, we will inform you separately about this in this privacy policy and obtain your consent in accordance with Art. 6 (1)(a) GDPR.

You can set your browser to

  • be informed about the setting of cookies,
  • only allow cookies in individual cases,
  • exclude the acceptance of cookies for certain cases or generally,
  • activate the automatic deletion of cookies when the browser is closed.

The cookie settings can be managed under the following links for each browser:

You can also manage cookies of many companies and functions used for advertising individually. To do so, use the appropriate user tools, available at:

Most browsers also offer a so-called "do-not-track function". When this feature is enabled, the browser tells ad networks, web-applications and applications that you do not want to be "tracked" for behavioral advertising and the like.

For information and instructions on how to edit this feature, please refer to the links below, depending on your browser provider:

Additionally, you can prevent the loading of so-called scripts by default. "NoScript" allows the execution of JavaScripts, Java and other plug-ins only at trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox) at:

Please note that if you disable cookies, the functionality of our web-application may be limited.

9. SSL/TLS encryption

This website uses SSL/TLS encryption to secure surfing through our websites to protect the transmission of confidential content, such as the inquiries that you send to us as the website operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If the SSL/TLS encryption is activated, the data that you transmit to us cannot be intercepted or read by third parties.

10. Registration

You have the option of registering for certain services provided on our web-application and thus creating a user profile. We collect and use the following personal data as part of registration and setup:

  • First name/Last name
  • Email Address
  • Company Name
  • Password
  • Freely selectable username
  • Avatar

Mandatory information provided for the purpose of registration is marked with an "asterisk" as a mandatory field in the input mask. There is no obligation to use a clear name, a pseudonymous use is possible. For registration, we use the so-called double opt-in procedure, i.e. your registration is not completed until you have confirmed your registration by clicking on the link contained in a confirmation email sent to you for this purpose. If your confirmation in this regard is not received promptly, your registration will automatically be deleted from our database.

Furthermore, we store the voluntary data provided by you for the duration of your use of the platform, unless you delete it beforehand. All data, except for your user name, can be administered and changed in the protected customer area. With your user account, you have the possibility to use further parts of our web-application and to log in for the offers you have purchased.

The legal basis for data processing with consent is Art. 6 (1)(a) GDPR or Art. 6 (1)(b) GDPR if the processing is necessary to provide the desired services. Your data will be deleted as soon as the user account on our web-application is deleted and insofar as there are no legal storage obligations. As a rule, you can change and/or delete your user account, including the data you have entered, directly in your user account after logging in or by sending a corresponding message to the responsible person named in the introduction.

Further information on data processing when using our platform is available under a complementary privacy policy for registered users. You may review this complementary policy in our legal center: Netzo Legal Center.

11. Contact forms and contact per email

For inquiries sent using our contact forms or email, the details contained in the form or email including your first names, last names, email addresses, IP addresses and other company details will be stored with us for the purpose of processing the request and in the event of follow-up questions. Entering an email address is required in order for us to get in touch and handle your request; providing your first name, last name, company name and telephone number and other information is voluntary.

We will never pass on this data without your consent. The legal basis for the processing of the data is our legitimate interest in answering your request, in accordance with Art. 6 (1)(f) GDPR and, if applicable, Art. 6 (1)(b) GDPR, provided that your request is aimed at concluding a contract or for pre-contractual measures. Your data will be deleted after your request has been processed, provided that there are no statutory retention requirements. In case of legitimate interest from us, contained in Art. 6 (1)(f) GDPR, you can object to the processing of your personal data at any time.

Inquiries are handled through our customer management system (CRM) SendinBlue, for detailed information on our partners please refer to section Third-party tools we use in this privacy policy. You may also refer to our Privacy Notice for Customers, Partners and other interested parties.

12. Blog and email newsletter

Our email newsletter is powered by Hashnode. Hashnode is a content creation platform that enables us to share ideas with people in tech, developers and engineers. When you navigate to blog.netzo.io, you are automatically redirected to the Netzo channel hosted by Hashnode.

You may subscribe to receive the newsletter Hashnode sends when we upload new content directly from our website or via the company page in the blog.

INFO

By subscribing to the Netzo newsletter, you are creating an account with Hashnode and agree to THEIR Privacy Policy and Terms of Service. You may review the section "Other social media providers" for further information.

The Hashnode platform is operated by LinearBytes Inc., an American company headquartered in 16192 Coastal Hwy, Lewes, Delaware, 19958, United States

Hashnode takes necessary steps to ensure the protection of data transfers outside of the EEA through legally binding contractual terms or EU-approved standard contractual clases, as described in their privacy policy.

For questions or concerns relating to privacy, you can contact them directly at: [email protected]

Hashnode's data protection officer can be contacted at: [email protected]

12.1 Subscribing to e-mail marketing

When you subscribe to the Netzo channel of Hashnode's newsletter, you will be required to confirm your subscription in the confirmation email sent to you for this purpose. This is commonly known as double opt-in.

By verifying your subscription you agree to Hashnode's privacy policy and are giving consent, according to Art. 6 (1)(a) GDPR, to receive emails when we publish new content to our Hashnode channel.

If your confirmation in this regard is not received promptly, your subscription will automatically be deleted from the database.

Customers that have opened an account with us may subscribe or unsubscribe to the newsletter by visiting the user settings and toggling the newsletter switch respectively.

12.2 Unsubscribing to e-mail marketing

All unsubscribe or opt-out requests may be made by clicking the "unsubscribe" link at the bottom of the email or by changing the email preferences in your account settings (both in Hashnode and in the Netzo Web Platform). By making changes to your consent preferences you are modifying the previously given consent, according to Art. 6 (1)(a) GDPR.

INFO

Unsubscribing from the newsletter cannot be interpreted as a request to delete your account with us. Your personal data may therefore be used in accordance to other gathered consents or legally admissible purposes (eg. Registering to our platform). If you would like to request deletion of all of your personal information or account with us please refer to "Your Rights" in this privacy policy.

For requests regarding the deletion of your personal data with Hashnode, you must get in touch with them directly.

13. Third-party tools we use

In order to provide you with a modern and efficient service, we use the service and tools of various third-party providers, which may in turn process parts of your personal data. We have carefully selected the below listed third-party providers in accordance with GDPR guidelines.

14. Privacy Policy Social Media

In the following, you will find information on how we handle your data, which is processed through your use of our social media presence on social networks and platforms. The processing of your data is in accordance with the legal regulations.

Social media (e.g. Facebook, Instagram, LinkedIn, Twitter, Youtube), our community chat in Discord and Netzo Blog (Please also review the section on "Blog and email marketing" in this privacy policy) are only integrated on our website in the form of a link to the corresponding services. After clicking on the integrated text, image or link, you will be redirected to the website of the respective provider. User information is only transmitted to the respective provider after it has been forwarded. For information on how your personal data is handled when you use these websites, please refer to the respective data protection provisions of the providers you use.

14.2 Facebook fan page

Controller

In case you provide us with data, which is also or exclusively processed by Facebook, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is the controller for data processing, in accordance with the GDPR, in addition to or instead of us. For this purpose, we have concluded an agreement with Facebook pursuant to Art. 26 GDPR on joint controllership for data processing (Controller Addendum). This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook fan page. See the following link to consult this agreement:

Since a transfer of personal data by Facebook Ltd. to the U.S. is made to Facebook Inc. among others, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To ensure this, the provider uses standard contractual clauses in accordance with Art. 46 (2)(c) GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe.

If you, as a visitor to the site, wish to exercise your rights (access, rectification, erasure, restriction, data portability, complaint with a supervisory authority, objection or withdrawal), you can contact both, Facebook and us.

You can edit your advertising preferences in your account settings. Click on the following link and log in to your account to change your settings:

For further details, please see Facebook’s privacy policy:

Facebook’s Data Protection Officer

You can use Facebook’s online form to contact Facebook’s data protection officer. To access it, please use the following link: https://www.facebook.com/help/contact/540977946302970.

Data processing for statistical purposes using Page Insights

Facebook provides Page Insights Data for our Facebook fan page:

This aggregated data gives us an insight into how people interact with our page. Page Insights data may be based on personal data gathered from visits and interactions on, or with our page and from connections with provided content. Please consider which personal data you share with us via Facebook. Your data may be processed for market research and promotional purposes, even if you are not logged into Facebook or do not have a Facebook account. User profiles can be created on the basis of user behavior and the resulting interests of users. User profiles may be used for targeted advertisements within or outside the platform. Data recording is done using cookies, which are stored on your terminal device. In addition, user profiles may contain data, that is gathered from memberships on other platforms. The legal basis of the processing is Art. 6 (1)(f) GDPR.

Our legitimate interest lies in the optimized presentation of our proposition, the effective information and communication with customers and interested parties as well as in the targeted placement of advertisements. Please note that we have no influence on the data gathering and further processing by Facebook. As a result, we cannot provide any access to where, for how long and to which extent Facebook retains the data. Furthermore, we cannot make any statements about the extent to which Facebook complies with existing erasure deadlines, what evaluations and translations are made and to whom the data is transferred by Facebook. If you want to prevent your personal data from being processed by Facebook, please contact us by other means.

14.3. Other social media providers

Controller

If your personal data is processed by a provider listed below, this provider is the data controller within the meaning of the GDPR. For the assertion of your data subject rights, we point out that these can be asserted most effectively with the respective providers. Only they have access to the data collected from you. Should you still require assistance, please feel free to contact us at any time.

We have online presences on the social media platforms of the following providers:

  • Discord Inc.: 444 De Haro Street Suite 200 San Francisco, CA 94107 United States
  • Hashnode (LinearBytes Inc.): 16192 Coastal Hwy, Lewes, Delaware, 19958, United States
  • Instagram Inc.: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland
  • LinkedIn Ireland Unlimited Company: Wilton Place, Dublin 2, Ireland
  • Twitter International Company: One Cumberland Place, Fenian Street, Dublin2, D02 AX07 Ireland
  • YouTube, Google Ireland Limited: Gordon House, Barrow Street, Dublin 4, Ireland

Data Protection Officer

Information on how to contact the Data Protection Officer of the respective social media providers can be found in the following links:

General information on social media platforms

Controller

The controller for data processing within the meaning of the GDPR is the company named at the beginning of this Privacy Policy, insofar as data transmitted by you via one of the social media platforms is processed by us.

Our Data Protection Officer

If you have any concerns regarding data processing that is carried out by us as the responsible party, you can reach our Data Protection Officer at the contact details given at the beginning of this Privacy Policy.

General data processing on social media platforms

i. Data processing for market research and advertising
Organizations generally process data for market research and promotional purposes. Therefore, website providers use cookies, which load onto your browser and detect your return to the same URL. The recorded data is used to create user profiles. User profiles may be used for targeted advertisements within or outside the platform. In addition, user profiles may contain data, that is gathered from memberships on other platforms.
ii. Data processing through making contact
We collect data when you contact us, for example via contact form or messenger services such as Facebook Messenger. The data collected depends on the details you provide and the contact details you specify. It will be stored for the purpose of processing the inquiry and in the event of follow-up questions. Under no circumstances we will pass on the data to third parties without your consent. The legal basis for the data processing is our legitimate interest in responding to your request pursuant to Art. 6 (1)(f) GDPR and, if applicable, Art. 6 (1)(b) GDPR if your request is aimed at the conclusion of a contract. Unless there are compelling reasons, your data will be erased after final processing. We assume the processing is finalized when the circumstances are clarified.
iii. Data processing for the purpose of performing a contract or entering into a contract
If your request via social media or other platforms is aimed at the conclusion of a contract, regarding the delivery of goods or the provision of services, we process your data in order to perform the contract and the requested services, or pre-contractual measures. In this case, the legal basis for the processing of your data is Art. 6 (1)(b) GDPR. Your data will be erased if they are no longer necessary for the fulfillment of the contract or if it is certain, that pre-contractual measures will not lead to the conclusion of a contract corresponding to the purpose of establishing the contract. Please take into account, that it may be necessary to store the personal data of our contractual partners in order to comply with contractual or legal obligations even after the conclusion of the contract.
iv. Data processing on the legal basis of consent
If the respective platform providers request you to give consent to the processing for a particular purpose, the legal basis for the processing is Art. 6 (1)(a), Art. 7 GDPR. You have the right to withdraw such consent with effect for the future at any time.

Data transfer and recipient

When visiting and using the above-mentioned platforms, personal data may be transferred to the U.S. or other third countries outside the EU, therefore further appropriate safeguards are required to ensure the level of data protection under the GDPR. Further information on whether and what suitable guarantees the providers can provide in this regard can be found in the list below.

We have no influence on the processing and handling of your personal data by the respective providers as well as we have no information on this matter. Please consider the privacy policy of the providers for further information:

Discord

According to the privacy policy, Discord uses the EU-US-Privacy-Shield to ensure an adequate level of data protection in accordance with the provisions of the GDPR for data transfers to the U.S. or other third countries outside the EU.

Hashnode

According to the privacy policy, Hashnode uses the standard contractual clauses to ensure an adequate level of data protection in accordance with the provisions of the GDPR for data transfers to the U.S. or other third countries outside the EU.

Twitter

According to the privacy policy, Twitter uses standard contractual clauses to ensure an adequate level of data protection in accordance with the provisions of the GDPR for data transfers to the U.S. or other third countries outside the EU:

Instagram

According to the privacy policy, Instagram uses standard contractual clauses to ensure an adequate level of data protection in accordance with the provisions of the GDPR for data transfers to the U.S. or other third countries outside the EU:

YouTube/Google

According to the privacy policy, Google uses standard contractual clauses to ensure an adequate level of data protection in accordance with the provisions of the GDPR for data transfers to the U.S. or other third countries outside the EU:

LinkedIn

According to the privacy policy, LinkedIn uses standard contractual clauses to ensure an adequate level of data protection in accordance with the provisions of the GDPR for data transfers to the U.S. or other third countries outside the EU:

15. Job Application

If you apply for a job at our company via contact form or by email, we collect personal data. This includes, in particular, your contact details (such as first and last name, telephone number and email address of the user) as well as other data provided by you regarding your background (e.g. CV, qualifications, degrees and work experience) and your person (e.g. cover letter, personal interests). This may also include special categories of personal data (e.g. information on a severe disability).

Your personal data generally is collected directly from you during the application process and is encrypted during electronic transmission. The primary legal basis for this is § 26 (1) BDSG. In addition, consent in accordance with Art. 6 (1)(a) GDPR in conjunction with § 26 (2) BDSG can be a legal basis. If the processing of your data is based on consent, you have the right to revoke your consent at any time with effect for the future.

Within our company, only those persons and positions (e.g. human resources) have access to your personal data which absolutely need to carry out the application procedure or to fulfill our legal obligations. Your applications will be forwarded to the responsible person for examination. Under no circumstances will your personal data be passed on to third parties without authorisation.

Your data for an application for a specific job advertisement will be stored and processed by us during the ongoing application process. Once the application process has been completed (e.g. in the form of an acceptance or rejection), the application process including all personal data will be deleted from the system no later than six months after the application process has been completed. The data of selected applicants will be stored securely for up to 2 years, provided that the applicants have given their consent in accordance with Art. 6 (1)(a) GDPR in conjunction with § 26 (2) BDSG. You can revoke your consent at any time with effect for the future. For this purpose, an informal e-mail to the contact details of the person responsible listed above is sufficient. If you are accepted, your application documents will be transferred to the personnel file.

Further information regarding applications can be found under Notice for applicants or directly in our applicant portal.

16. Other specifications

16.1 Data security

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons. This web-application uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content.

16.2 Storage period

The period for which the personal data will be stored is determined by the relevant statutory storage periods (e.g. from commercial law and tax law). The corresponding data is deleted routinely upon expiry of the respective period. If data is required for the fulfillment of a contract or contract initiation, or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of withdrawal or objection.

16.3 Necessity of providing personal data

The provision of personal data for the decision on the conclusion of a contract, the fulfillment of the contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the fulfillment of the contract or pre-contractual measures.

16.4 Automated decision making

Automated decision-making or profiling according to Art. 22 GDPR does not take place.

17. Your Rights

In the following, you will find information about your rights as a data subject, granted by the current data protection laws against the controller concerning the processing of your personal data:

  • (1) The right, pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your data has been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to request from the controller rectification or erasure or personal data or restriction of processing of personal data concerning you or to object such processing, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if these have not been collected by us and the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved, as well as the significance and the envisaged consequences.
  • (2) The right to obtain without undue delay the rectification of inaccurate personal data concerning you. in accordance with Art. 16 GDPR.
  • (3) The right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right of freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or to assert, exercise, or defend legal claims.
  • (4) The right, pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful, but you oppose the erasure and we no longer need the data for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims or you have filed an objection against the processing pursuant to Art. 21 GDPR.
  • (5) The right, in accordance with Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us in a commonly used and machine-readable format, and the right to transmit that data to another controller.
  • (6) The right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, in particular in the Member State of your habitual residence, place of work.
  • (7) The right to withdraw your given consent pursuant to Art. 7 (3) GDPR: You have the right to withdraw your given consent concerning the processing of your personal data with effect for the future at any time. In the event of withdrawal, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

INFO

Right to object

If your personal data is processed by us based on legitimate interests pursuant to Art. 6 (1)(f) GDPR, you have the right, pursuant to Art. 21 GDPR, to object at any time to the processing of your personal data on grounds relating to your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of stating a particular situation.

If you wish to exercise your right of withdrawal, objection or any of your other rights, simply send an e-mail to [email protected].

18. Modifications and status of the privacy policy

We reserve the right, if necessary, to modify and update the status of this data protection declaration in accordance with the applicable data protection regulations. In this way, we are able to adapt to the latest legal requirements and make changes to our services, may it be required; for example, when introducing new services. The current version of our privacy policy applies for the registration for an account and use of our platform.

Privacy policy has loaded