1. GENERAL AND MANDATORY INFORMATION
The operators of these sites takes the protection of your personal data very seriously. We handle your personal data in confidence and in accordance with statutory data protection provisions as well as this privacy notice.
Your personal data will be collected if you use this website. Personal data are any information which are related to an identified or identifiable natural person. This privacy notice explains which data we collect and what we use it for. It also explains how and for what purpose data is collected.
Please note that data transmission on the internet (e.g. communication via e-mail) may be subject to security vulnerabilities. It is not possible to guarantee complete protection of your data from being accessed by third parties.
AUTHORITY RESPONSIBLE FOR PROCESSING DATA
The authority responsible for processing data on this website is:
Managing Directors: Gerhard Scherbaum, Johann Stelzer
DATA PROTECTION OFFICER
2. DATA SUBJECT RIGHTS
RIGHT OF ACCESS, RIGHT TO RESTRICTION, RECTIFICATION, AND ERASURE
You have the right, within the scope of the applicable legal provisions, to access at any time and free of charge information about your stored personal data, its origin and recipients and the purpose of data processing and, where applicable, you have the right to have this data rectified, restricted, or erased. You can contact us using the address provided on the imprint for this purpose and for other questions on the topic of personal data.
REVOKING YOUR CONSENT TO DATA PROCESSING
Many data processing operations may only be carried out with your express consent. You can revoke your consent at any time. All you need to do is send us an informal message by e-mail. The legality of the data processing carried out before such a revocation is received remains unaffected.
RIGHT OF APPEAL TO THE RESPONSIBLE SUPERVISORY AUTHORITY
Data subjects are entitled to a right of appeal to the responsible supervisory authority in the event of a breach of data protection laws. The supervisory authority responsible for handling data protection issues is the Data Protection Officer who has jurisdiction in the state in which our company’s headquarters are located. You can find a list of data protection officers as well as their contact details by visiting the following link: https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html
RIGHT TO DATA PORTABILITY AND RESTRICTION OF PROCESSING
You have the right to be provided with access to the data that we process automatically on the basis of your consent or for the performance of a contract in a standard, machine-readable format or to have a third party access such data on your behalf. If you make a request to transmit data to another data controller, we will only transmit data in cases where it is technically feasible for us to do so.
You have the right to request that the processing of your personal data is restricted. You can contact us at any time using the address provided in the imprint for this purpose. The right to restriction of processing applies to the following cases:
- If you dispute the correctness of personal data we hold about you, we will usually need time to investigate this. You have the right to request that the processing of your personal data is restricted while the investigation is underway.
- If you personal data is being or has been processed unlawfully, you can request that restrictions are placed on it being processed as opposed to having it erased.
- If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request restriction of the processing of your personal data instead of having it erased.
3. DATA CAPTURE ON OUR WEBSITE
Server Log FILES
Each time our website is accessed, our system will automatically collect data and information from the computer system which is being used to access the website.
Each data record consists of:
- the page from which the file was requested
- the name of the file
- the date and time of the request
- the amount of data transferred
- the status of the request (file transferred, file not found etc.)
- a description of the type of web browser used to access the site
- the domain requesting access
- the IP address requesting access, anonymised (by “zeroing” the last two digits so that it is not possible to identify an individual person)
The stored data is evaluated by the hoster for statistical purposes only and, if necessary, for troubleshooting or security purposes. This data is not merged with other data sources.
The basis for this data processing is Art. 6 (1)(b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. We have entered into a contract for order processing with the provider.
As a matter of principle, our website does not set Cookies. There is only one instance where you can choose to set a Cookie. Please see the paragraph on “Matomo” below for more information on this.
This site is operated on web servers located within the Federal Republic of Germany.
4. AnalysIS Tools
ANONYMOUS USAGE ANALYSIS WITH MATOMO (FORMERLY PIWIK)
This website uses the open-source web analysis software Matomo. In contrast to many other evaluation products, the software is operated by the data controllers themselves, on servers located in the Federal Republic of Germany.
Our Matomo installation respects the “Do not track” HTTP headers (“DNT”) of web browsers. The DNT is designed to inform website operators in advance if usage analysis is not desired. You can configure the DNT yourself using most current web browsers or it will already be pre-set for you.
- If the DNT is active, your session will not be collected as usage data. The box below will tell you whether the DNT is active in your browser.
- If the DNT is not active, Matomo will record your session without using Cookies and anonymise it. Anonymisation involves setting the last two IP digits to 0 before storing the IP address, meaning that it is no longer possible to draw any conclusions about the data subject from the usage data. This data will also be erased automatically after 12 months at the latest.
The basis for this type of data processing is Art 6 (1)(f) GDPR, as we have a legitimate interest in analysing how and where our website is used.
It is also possible to deactivate this anonymised collection of usage data. This means that, if a DNT has not already stopped data collection, a menu will appear in the field below which will allow you to inform the website of your decision. In this instance, an opt-out cookie will be stored in your browser to document this decision. If you delete your Cookies, you will automatically delete the Matomo opt-out Cookie. The opt-out will therefore need to be reactivated the next time you visit this website.
Any applications you send (in the post or via e-mail) will only be processed by Management and persons authorised by them to do so. Once you have been hired, this data will be passed onto our external payroll accounting department and you will be registered as a user on our IT systems. We process applicant data for the purpose of managing the application process for a specific job advertisement. Your data will not be forwarded. We need to process your application for the purpose of performing pre-contractual measures. The legal basis for this type of data processing is based on Art. 6 (1)(b) GDPR. We store other data (IP address, date/time of the transmission) on the basis of our legitimate interest in backing up our IT systems. The legal basis for this type of data processing is based on Art 6 (1)(f) GDPR.
This data will be erased as soon as the purpose for which it was collected has been fulfilled. If your application is successful and we enter into an employment relationship with you, your data will be stored for the purpose of managing that employment relationship in accordance with the statutory provisions. If your application is unsuccessful, we will automatically erase your data two months after sending the rejection, provided that this does not conflict with the evaluation or processing of any legal claims (e.g. under the Equal Treatment Act). We will only store your application data after this time provided that you have given us your express consent, in which case we will request from you.
If you would like to receive the newsletter offered on our website, we will need you to provide us with an e-mail address as well as information that allows us to verify that you are the owner of this e-mail address and that you agree to receiving the newsletter. No further data will be collected or it will only be collected on a voluntary basis. We only use this data to send the information you have requested and we will not share this with third parties.
We use a so-called double opt-in process to register subscribers for our newsletter. I.e. Once you have subscribed, you will receive an email asking you to confirm your subscription. We need this confirmation to stop people logging in using e-mail addresses that do not belong to them. Subscriptions to the newsletter are documented so that we may demonstrate that a subscription process was followed in accordance with legal requirements. We will also store the login and confirmation time, as well as the IP address for the purpose of documentation. Similarly, any changes that are made to your data stored by the provider of the mailing service will also be documented.
Login information: All you need to do to subscribe to the newsletter is provide us with your e-mail address. We will also ask you to provide us with a name so that we may address you personally in the newsletter, however you are not required to provide us with this.
You can revoke your consent to having your data and e-mail address stored and to it being used for the purpose of sending the newsletter at any time, for example, by following the “Unsubscribe newsletter” link in the newsletter. You may make a request for an individual application for erasure at any time, provided that you also confirm that you had previously given your consent.
We send the newsletter and measure its success on the basis of the recipients’ consent in accordance with Article 6 (1)(a) and Article 7 GDPR in conjunction with Section 7 (2)(3) of the Act against Unfair Competition or, where consent is not required, on the basis of our legitimate interest in direct marketing in accordance with Art. 6 (1)(f) GDPR in conjunction with Section 7 (3) of the Act against Unfair Competition.
We will record data collected during the registration process on the basis of our legitimate interest in accordance with Art. 6 (1)(f) GDPR. We are interested in using a user-friendly and secure newsletter system that serves our business interests, meets the expectations of users and allows us to prove consent.
The legality of data processing operations that have already been carried out remains unaffected by revocation. We will store the data that you provide us with for the purpose of receiving the newsletter until you unsubscribe from the newsletter. Once you have unsubscribed from the newsletter, we may store unsubscribed e-mail addresses for up to three years on the basis of our legitimate interest before erasing them so that we may prove that consent was previously given. We shall restrict the processing of this data for the purpose of a possible defence against claims.
Newsletter2Go / SendinBlue
This website uses SendinBlue to send newsletters. The provider is SendinBlue GmbH, Köpenicker Straße 126, 10787 Berlin, Germany. SendinBlue is a service which, among other things, organises and analyses how newsletters are sent. The data you enter for the purpose of receiving the newsletter will be stored on SendinBlue’s servers.
If you do not want SendinBlue to analyse your data, you will need to unsubscribe from the newsletter. We provide a link for this in every newsletter. Furthermore, you can also unsubscribe from the newsletter by going directly to the website.
ANALYSING DATA USING SENDINBLUE
SendinBlue allows us to analyse our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links, if any, have been clicked on. In this way, we can determine, among other things, which links have been clicked on most frequently. We can also see whether certain pre-defined actions have been performed after the link was opened/clicked on (Conversion rate).
This data is only processed with your consent (Art. 6 (1)(a) GDPR). You can revoke your consent at any time. The legality of data processing operations that have already been carried out remains unaffected by revocation.
7. Functions and Tools
SSL / TLS Encryption
This site uses SSL/TLS encryption for security purposes and to protect the transmission of confidential information, such as orders or requests, that you send to us as the site operator. You can identify an encrypted connection by the fact that the address bar of the browser changes from “http://” to “https://” and by the lock symbol that appears in your address bar.
The data that you transmit to us cannot usually be read third parties if SSL/TLS encryption is activated.
THIRD-PARTY PROVIDER COMPONENTS ON THIS WEBSITE
This website is based on the open-source software WordPress. To protect your privacy, third-party components which WordPress uses by default and which can establish connections to a third-party server (e.g. emojis, Gravatars), have been deactivated or modified in such a way that the corresponding components can only be loaded locally.
This website uses external fonts provided by Adobe. Your browser will load the required web fonts in your browser cache when you access a site to display texts and fonts correctly. For this purpose, the browser you are using needs to connect to Adobe servers. This allows Adobe to know that your IP address has been used to access our website. We use Adobe TypeKit Fonts to present our online services in a uniform and attractive manner. The legal basis for this is Art. 6 (1)(f) GDPR.
You can configure your browser so that fonts are not loaded from Adobe’s servers (e.g. by installing add-ons such as NoScript or Ghostery). If your browser does not support Adobe Fonts or you prevent access to Adobe’s servers, the text will be displayed in the system’s default font.
Our online service contains links to the websites of social networks to allow you to communicate with interested parties that are active there. You can share content on social networks and short message services using the “Share” function on this website. Please note that, when using these links, the respective provider may learn the same types of information as listed in Section 3 of this privacy notice. No data will be exchanged between you and the respective providers if you do not click on these links. Similarly, the “WhatsApp link”, for example, will not function if you do not have WhatsApp installed on your device.
8. COMPANY PAGES ON SOCIAL MEDIA
SOCIAL MEDIA PAGES
We manage publicly accessible profiles on social networks. You can find out which social networks we use below.
Social networks such as Facebook, Twitter, Instagram etc. can generally analyse your user behaviour in detail when you visit their website or a website with built-in social media content (e.g. like buttons or banner ads). Visiting our social media pages will trigger various processing operations related to data protection. In particular:
If you are logged into your social media account and visit our social media pages, the operator of the social media platform can assign your session to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the relevant social media platform. In this case, data is collected, for example, via Cookies that are stored on your terminal or by recording your IP address.
The operators of the social media platforms can create user profiles in which your preferences and interests are stored using data collected in this way. As a result, you may be shown personalised ads inside and outside the respective social media platform. If you have an account with the respective social network, personalised ads may be displayed on all devices that you are or were logged into.
We are on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the data they collect is also transferred to the USA and other third countries. You can change the advertisement settings yourself on your user account. Please refer to Facebook’s privacy notice for details on how they handle your personal data.
We are on Twitter. The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. You can change your Twitter privacy settings yourself on your user account. Please refer to Twitter’s privacy notice for details on how they handle your personal data.
We are on Instagram. The provider is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. You can change your Instagram privacy settings yourself on your user account. Please refer to Instagram’s privacy notice for details on how they handle your personal data.
We are on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Please refer to YouTube’s privacy notice for details on how they handle your personal data.
Our social media pages should ensure our presence on the internet is as extensive as possible. This is a legitimate interest within the meaning of Art. 6 (1)(f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be stated by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1)(a) GDPR).
RESPONSIBILITY AND ASSERTING YOUR RIGHTS
If you visit one of our social media pages (e.g. Facebook), we assume joint responsibility for performing the data processing operations that are triggered during your session, together with the operator of the social media platform. In principle, you can assert your rights (right of access, right to rectification, erasure, restriction of processing, data portability and your right to appeal) both against us and against the operator of the respective social media platform (e.g. against Facebook).
Please note that we do not have full control over the data processing operations of the social media platform despite this shared responsibility with the operator of the social media platform. Our options are largely determined by the corporate policy of the respective provider.
The data collected directly by us via the social media platform will be erased from our systems as soon as the purpose for which it was stored has been fulfilled or you ask us to erase it, or you revoke your consent to store it or when there is no longer any purpose for storing such data. Stored cookies will remain on your terminal until you delete them. Mandatory statutory provisions – in particular retention periods – shall remain unaffected.
We have no control over the length of time your data is stored by the operators of the social networks for their own purposes. Please contact the operators of the social networks directly for further details.
9. UPDATING AND CHANGING THIS PRIVACY NOTICE
This privacy notice is currently valid and was last updated in May 2023.
It may be necessary to amend this privacy notice as we further develop our website and the services provided on it or to reflect changes in legal or official requirements. The respective current privacy notice can be accessed and printed at any time by visiting the following website: https://en.platform-muenchen.de/data-privacy-policy/