General Information on the Handling of Your Data
This privacy policy provides you with information about the type, scope, and purposes of the processing of personal data on our website www.advaneo.de.
Controller within the meaning of Art. 4 (7) EU General Data Protection Regulation (GDPR) is:
Advaneo GmbH
represented by the Managing Director Jürgen Bretfeld
Neuer Zollhof 2
40221 Düsseldorf
Phone: +49 (0) 211 / 87 66 91 0
E Mail: hello@advaneo.de
Contact person: Jürgen Bretfeld
Data Protection Officer:
RA Niklas Hanitsch
secjur GmbH
Steinhof 9
20459 Hamburg
datenschutzbeauftragter@advaneo.de
a) If you have questions regarding data protection, or wish to exercise rights or claims concerning your personal data, you can contact us using the contact options specified above (under section 1.1.).
b) In our contact form you must provide mandatory information (your E Mail address and your name) in order for us to answer your inquiry and get in touch with you. Without this information you cannot submit the inquiry. The other fields can be filled in voluntarily.
c) When contacting us (for example by telephone, E Mail), your details will be stored for processing the inquiry and in case follow-up questions arise, pursuant to Art. 6 (1) (b) GDPR. We delete the data arising in this context after storage is no longer necessary, or restrict processing if statutory retention obligations exist (see section 14). If you assert your rights or claims under the GDPR, we store your inquiry data for 3 years. The period begins at the end of the year in which the conversation was concluded. The reason for retention is that claims may be asserted during this time or it may be necessary to prove that we answered your inquiry.
a) Personal data may be processed each time you visit our website. Your personal data will only be processed if it is legally permitted (legal basis). According to Art. 6 (1) GDPR, this is the case if
you have given us your consent, or
• processing is necessary for the performance of our contract with you, or
• in the case of a request by you, pre-contractual measures are required, or
• processing is necessary to protect your vital interests, or
• those of another natural person, or
• processing is necessary for the purposes of our legitimate interests or those of a third party, provided that your interests or fundamental rights and freedoms which require the protection of personal data do not override (balancing of interests).
b) The personal data collected from you will be deleted as soon as the purpose of the collection ceases to apply (see section 14).
a) What “personal data” are is defined in Art. 4 of the General Data Protection Regulation (GDPR). According to this, personal data are details that can be assigned to your person by reasonable means. Personal data are divided into four groups. These include inventory data (e.g. names and addresses of customers), contract data (e.g. services used, names of case handlers, payment information), usage data (e.g. the web pages of our online offer visited, interest in our products) and content data (e.g. entries in the contact form). Information that cannot be attributed to a specific or identifiable person, or only with a disproportionately great effort in time, cost, and labor, is considered anonymous data and not personal.
b) In addition, for technical reasons, further data are processed when visiting our website. These are mainly technical information such as the IP address assigned to your computer by your internet access provider when connecting to the internet, or information about the website from which you accessed our offer, or about the type and version of the internet browser you use. This also includes login data, your operating system, errors when downloading, the length of visits to certain pages, and all telephone numbers from which you call our customer service number. These technical information may in individual cases be personal data. As a rule, however, we only use technical information insofar as this is necessary for technical reasons for the operation and to protect our website against attacks and misuse pursuant to Art. 6 (1) (f) GDPR.
2.3. What is meant by “processing”?
What is meant by “processing” is also defined in Art. 4 GDPR. It includes all operations involved in handling data. The mere collection or recording, but also the organization or ordering and storage, the adaptation or alteration are covered by the term “processing.” Other methods of handling are also included, such as actual use, or transmission and disclosure. Ultimately, restriction, deletion, or destruction of data are also included.
The security of your personal data has a very high priority for us. We therefore protect your data stored with us through technical and organizational measures. This ensures that the provisions of the data protection laws are observed and effectively prevents loss or misuse by third parties. In particular, our employees who process personal data are bound to data secrecy and must comply with it.
Our website uses secure SSL encryption when transmitting personal data or personal content of our users. Please ensure that SSL encryption is activated by you for the relevant activities. The use of encryption is easy to recognize: the display in your browser line changes from “http://” to “https://”. Data encrypted via SSL cannot be read by third parties. Therefore, only transmit your confidential information when SSL encryption is activated and contact us if in doubt.
a) When using the website for information only, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data which are technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 (1) sentence 1 (f) GDPR):
b) The information mentioned under a) is stored for security reasons (e.g. to clarify misuse or fraudulent actions) for a maximum of 7 days and then deleted. Data whose further storage is required for evidentiary purposes will be retained until the matter has been finally clarified.
c) In addition to the aforementioned data, cookies are stored on your computer when you use our website. More detailed information on cookies can be found under section 9.
d) The data are collected by us on the basis of our legitimate interests within the meaning of Art. 6 (1) (f) GDPR. Under no circumstances do we use the collected data to draw conclusions about your person. The purposes we pursue include in particular:
ensuring a smooth connection to the website,
In addition to the purely informational use of our website, we offer various services that you can use if interested. For this, you usually have to provide further personal data which we use to provide the respective service and for which the aforementioned principles of data processing apply.
a) When contacting us (via contact form, telephone, fax or E Mail), your details are processed to handle and process the contact request pursuant to Art. 6 (1) (b) GDPR (necessary information within the framework of pre-contractual measures) or pursuant to Art. 6 (1) (f) GDPR (legitimate interest in answering your inquiry). If you contact us via contact form, email or fax, we also store the content you have sent to us. Insofar as we request entries via our contact form, you can only submit the inquiry if you have provided the required information. In this case, you will receive a notification window indicating which information you still need to provide.
b) Providing optional information (address data, website, further contact data and content data) is voluntary. If you provide information on communication channels (e.g. telephone number), we may also contact you via this communication channel to answer your request. The personal data you transmit will be used exclusively for the purpose for which you provided the data when contacting us.
c) We delete the data received in the course of contacting us as soon as they are no longer necessary to achieve the purpose of their collection. This also applies to your voluntary information. It is in our legitimate interest (Art. 6 (1) (f) GDPR) to store the data together with the necessary data, since the deletion of individual data from a data package would be disproportionately laborious. Should you explicitly wish the deletion of individual data, please send us a short message (see section 1). For the personal data from the input mask of the contact form and those sent by E Mail, the data are deleted when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant matter has been conclusively clarified, but no later than 1 month after the last contact. Should a contractual relationship be established, or should you wish us to include your personal data in our database, we store your personal data in accordance with the information in section 14.
a) If you are our customer, we store your personal data for the duration of the contractual relationship and beyond for a further 10 years, unless statutory retention periods force us to keep the data longer (see section 14). This retention is based on Art. 6 (1) (f) GDPR. Our legitimate interest is based on the limitation period for contractual claims, which is a maximum of 10 years (from knowledge of the claim).
b) We process the data you have provided to us and those we obtain from other publicly accessible sources.
c) The processing of your personal data is carried out on the basis of Art. 6 (1) (b) GDPR. We process your data to enable a smooth business relationship.
We offer open source software on our website. We link the download to the respective website on which the software is offered. When you click on the download link, you will be taken to an external website. The respective provider is responsible for the processing of your personal data on the external websites. You can find information about the processing of your data in the respective privacy policy there.
a) Data are only disclosed to third parties within the framework of legal provisions. We therefore only pass on users’ data to third parties if:
b) When passing on your personal data, we always ensure the highest possible level of security. Therefore, your data will only be passed on, if necessary, to carefully selected and contractually obligated service providers and partner companies in order to ensure the protection of personal data in accordance with the relevant legal provisions.
c) We draw your attention to the fact that, in addition to this privacy policy, the privacy policies and statements of the external websites may also apply.
d) If we pass on your data to third parties, we will inform you of this in a separate privacy policy.
a) The personal data we collect about you are generally stored within the European Union (“EU”). However, in exceptional cases, personal data may be transferred to non-European countries. In these so-called “third countries,” the GDPR does not apply directly. As a rule, a less strict data protection law applies there.
b) Such a data transfer to countries outside the European Economic Area may occur, for example, when processing a service request or providing support services electronically.
c) In the event of such a transfer of data to a third country, we ensure that this is done in accordance with this privacy policy. We also ensure that an adequate level of data protection for you and other data subjects is guaranteed at the respective recipient in the third country or that there is otherwise a legal permission. This is done, for example, by concluding a contract with the recipient in the third country on the basis of the so-called Standard Contractual Clauses of the European Commission. These Standard Contractual Clauses ensure a level of data protection similar to that offered by the European General Data Protection Regulation.
We use so-called “cookies” to recognize repeated use of our offer by the same user or internet connection owner. The data processed by cookies are necessary to safeguard our legitimate interests and those of third parties pursuant to Art. 6 (1) sentence 1 (f) GDPR (see also section 5.).
Almost all websites today use various cookies so that the respective pages function as intended and design and functions can be optimally displayed for you. Cookies are information files that are transferred to your web browser and stored there by our web server or third-party web servers. There they are stored for later retrieval. The information files are specific information relating to your respective device (PC, smartphone and browser used). However, this does not mean that we gain immediate knowledge of your identity. Cookies primarily serve the user-friendliness of websites (e.g. they store login data or the language). Cookies do not cause any damage to your end device, do not contain viruses, trojans or other malware.
This website uses transient and persistent cookies, the scope and functionality of which are explained below:
a) Transient cookies are automatically deleted when you close the browser. These include in particular session cookies. These store a so-called session ID with which various requests from your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. We therefore use these cookies to identify you for follow-up visits if you have an account with us. Otherwise you would have to log in again for each visit. The session cookies are deleted when you log out or close the browser.
b) Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies at any time in your browser’s security settings.
Most browsers accept cookies automatically. If you do not want cookies to be stored on your computer, you can deactivate the corresponding option in your browser’s system settings. Stored cookies can also be deleted in the browser’s system settings. However, the exclusion of cookies may lead to functional restrictions of this online offer. Information on deactivating cookies in the most common browsers can be found at the following links:
Google Chrome
https://support.google.com/chrome/answer/95647
Microsoft Internet Explorer
https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Safari
https://support.apple.com/de-de/HT201265
Firefox
https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen#w_ihre-cookie-einstellungen-anzeigen-und-acndern
Opera
https://help.opera.com/de/latest/features/
We do not pass on your personal data that you have provided to us to third parties unless the data are required for the processing of your contract, there are legitimate interests, or you have expressly consented to the disclosure. Insofar as we are legally obliged to do so, we pass your data on to state bodies and authorities entitled to receive information. Our legitimate interests are, for example, the interest in the analysis, optimization, and economic operation of our online offer within the meaning of Art. 6 (1) (f) GDPR.
Cloudflare
Our website uses the CloudFlare web service, a CDN (Content Delivery Network) of the company Cloudflare Inc., 101 Townsend St, 94107 San Francisco (USA). We use these data to ensure the full functionality of our website. In this context, your browser may transmit personal data, such as the IP address, to CloudFlare. Cloudflare uses cookies stored on your computer that enable increased performance and security of the website. The legal basis for data processing is therefore Art. 6 (1) (f) GDPR. The legitimate interest lies in the error-free functioning of the website. CloudFlare has self-certified under the EU-US Privacy Shield Agreement (see https://www.privacyshield.gov/list ). The data are deleted as soon as the purpose of their collection has been fulfilled. According to Cloudflare, this generally happens within 4 hours, but no later than after 7 days. Further information on the handling of the transmitted data can be found in CloudFlare’s privacy policy: https://www.cloudflare.com/security-policy/?utm_referrer=https://www.google.de/. You can prevent the collection and processing of your data by CloudFlare by deactivating the execution of script code in your browser or by installing a script blocker in your browser (you can find such, for example, at noscript.net or www.ghostery.com).
You have the following rights with respect to the data processed about you:
Where we base the processing of your personal data on a balancing of interests, you may object to the processing. This is the case if processing is not particularly necessary for the performance of a contract with you, which we explain in the description of the functions below. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as carried out by us. In the event of your justified objection, we will examine the situation and either stop or adjust the data processing or inform you of our compelling legitimate grounds on the basis of which we will continue the processing. We will inform you of such compelling grounds. You have the right to lodge a complaint at any time with a supervisory authority (e.g. the supervisory authority at your place of residence or at our company’s registered office).
You can, of course, object at any time to the processing of your personal data for the purposes of data analysis.
If you wish to exercise your right to object, a simple message via the contact options mentioned in section 1 to the person(s) named in section 1 is sufficient.
You can find further information about our company, details of the persons authorized to represent it, and further contact options in our imprint.
a) If you send us your application documents, we process your data to assess your suitability for an open position in our company and to carry out the application process. The legal basis for the processing of your personal data is § 26 BDSG n.F. Accordingly, the processing of data is permissible if it is necessary in connection with the decision on establishing an employment relationship.
b) We process and/or store your data for the duration of the application process and store the data for a further six months after completion of the application process. This is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR for the assertion or defense of claims.
c) If you expressly wish, we will include your data in our applicant pool. There the data will be deleted after two years. If you are accepted into our company as part of the application process, your data will be transferred to our personnel information system.
d) There is no disclosure to third parties or to a service provider. Suitable applications are forwarded internally to the department heads responsible for the respective open position. The further process is then coordinated. In the company, only those persons have access to your data who need it for the proper course of our application process.
e) The data are processed exclusively in data centers of the Federal Republic of Germany.
f) With regard to the processing of your personal data in the course of the application process, you have the following rights:
a) The data stored with us are deleted as soon as they are no longer required for the intended purpose. Details can be found in the sections of this statement where the type and purpose of the respective processing of personal data are explained.
b) Data that we must store due to statutory, corporate, or contractual retention obligations (e.g. for tax law reasons) are blocked instead of being deleted to prevent their use for other purposes. This includes, for example, retention for 6 years pursuant to § 257 (1) HGB (for commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, booking receipts, etc.) or retention for 10 years pursuant to § 147 (1) AO (books, records, management reports, booking receipts, commercial and business letters – this also includes emails, documents relevant for taxation, etc.). The period begins at the end of the calendar year in which the respective document was created or received and ends after expiry of the period at the end of the calendar year.
a) This privacy policy is currently valid and has the status April 2019.
b) Due to changes in the law or adjustments in data processing, updates to this privacy information may become necessary. We therefore recommend that you regularly inform yourself about changes on this page. Insofar as the change concerns your consents or the provisions of the contractual relationship, these will only take place with your consent. You will be contacted separately for this.
