Data protection policy
I. Name and address of responsible entity
The responsible entity within the meaning of the basic data protection regulation and other national data protection laws of other member nations as well as any other data protection regulations is:
DAVASO Holding GmbH | |
---|---|
Sommerfelder Straße 120 04316 Leipzig |
|
Phone | 0341 25920-0 |
Email: | holding@davaso.de |
Website: | www.davaso.de |
II. Name and address of the data protection officer in charge
The data protection officer appointed by the entity is:
Herr Wolfgang Leistner Data protection officer |
|
DAVASO Holding GmbH | |
---|---|
Sommerfelder Straße 120 04316 Leipzig Deutschland |
|
Phone: | 0341 25920-80 |
Email: | datenschutz@davaso.de |
Website: | www.davaso-holding.de |
III. General information on data processing
1. Scope of personal data processing
We collect and process personal data of users only to the extent required for the provision of a functional website and our contents and services. In general, personal user data are only collected and used after the user’s approval. One exception is made when the prior approval could not be obtained for obvious reasons and if the processing of personal data is legally permitted.
2. Legal basis for the processing of personal data
If the processing of personal data requires the prior approval of the corresponding person, article 6 section 1 lit. a Basic Data Protection Policy (“EU-Datenschutzgrundverordnung DSGVO”) shall serve as legal basis.
When processing personal data is required for fulfilling an agreement in which the contract partner is the affected person, article 6 section 1 lit. b DSGVO shall serve as legal basis. This shall also apply to processing steps required to carry out pre-agreement measures.
If the processing of personal data is required to fulfil legal obligations of our company, article 6 section 1 lit. c DSGVO shall serve as legal basis.
If the processing is required for the protection of a legitimate interest of our company or any third party, and if such interests, fundamental rights and freedom do no override the interest mentioned first, article 6 section 1 lit. f DSGVO serves as legal basis for any such data processing.
3. Deletion of data and duration of storage
Personal data of persons affected are deleted or locked as soon as soon as the data storage purpose is no longer pursued. Data may further be stored for reasons foreseen by union regulations, law or any other stipulations under European or national legislations to which the entity in charge is bound. Data are blocked or deleted even of above-mentioned standards include a retention period that is terminated, except if data must be stored for the purpose of entering into an agreement or if an agreement needs to be fulfilled.
IV. Provision of the website and creation of log files
1. Description and scope of personal data processing
Our system automatically tracks data and information about the computer system used by the PC each time our website is accessed.
Following data are saved:
- Information about browser type and version used
- Operating system of the user
- Date and time of accessing the website
- Website from which the user has accessed the website (Referrer)
- Websites accessed by the user system from our website
- User name and Apache web servers if the user’s server uses it for authentication purposes.
Data are further stored in our system‘s log files. Not included in any such data are user IP addresses or any other data that allow us tracking them back to any user. Any such data are not saved together with any other personal user data.
2. Legal basis for the data processing
Data are temporarily stored in accordance with article 6 section 1 lit. f DSGVO.
3. Purpose of the data processing
The temporary storage of IP addresses by the system is necessary in order to provide the website content to the user PC. In order to do so, the user‘s IP address needs to be saved throughout the Internet session.
This is also our reasonable interest in processing data in accordance with article 6 section 1 lit. f DSGVO.
4. Storage duration
Data are deleted as soon as they are no longer needed for the purpose to be achieved. In case of collecting data for the provision of the website, this is the case when the corresponding session is closed.
5. Objection and elimination possibility
Collection of data for the provision of the website and saving data in log files is mandatory for operating the website. Accordingly, the user has no possibility to objection.
V. Use of cookies
a) Description and scope of processing data
Our website uses cookies. Cookies are text files that are saved in the web browser or by the web browser on the user’s computer system. If a user accesses a website, a cookie may be saved in the user’s operating system. Such cookies include a character string allowing a unique browser identification as soon as the website is again accessed.
We use cookies in order to ensure user-friendly website handling. Some elements of our internet site make it necessary that the accessing browser can be identified even after changing the sites.
The cookies save and transmit following data:
- Language settings (pll_language); remain set for one year
- Cookie warning (cookie_notice_accepted) is linked to the privacy settings and remains set for one month
- Login information (only for registered users; session ID is deleted when the browser is closed.)
- Session cookie (JSESSIONID) is a technical requirement in the DAVASO job portal and serves to save the session ID for the interaction with the user for several site access occurrences. The session ID is deleted when the browser is closed.
b) Legal basis for data processing
The legal basis for processing personal data by means of cookies is article 6 section 1 lit. f DSGVO.
c) Purpose of processing data
Purpose of using cookies that are technically required is to facilitate the use of websites. Some features of our internet site cannot be offered without using cookies. Accordingly, it is necessary to recognize the browser even after switching a site.
We use cookies for following applications:
- Use of language settings
- Transfer to DAVASO job portal
- Reference to cookies and privacy statement
- Transfer to protected backend
User data collected with technically necessary cookies are not used for creating user profiles.
These purposes are our legitimate interest in processing personal data in accordance with article 6 section 1 lit. f DSGVO.
d) Duration of storage, objection and elimination possibility
Cookies are saved on the user PC and transferred from this PC to our site. Accordingly, users have full control over the use of cookies. You can limit or de-activate the transmission of cookies by changing the settings in your internet browser. Cookies already saved can be deleted at any time, which can also be done automatically. If cookies are de-activated for our website, it might not be possible to use all website features.
VI. Link to external pages
Our offer contains links to third-party websites (“external links”), on whose content we have no control. These websites are subject to the liability of the respective site operators.
When including the external links, no legal violations were apparent. DAVASO Holding GmbH has no influence on the current and future design and content of the linked sites. Constant control of the external links is not reasonable for us as provider without concrete evidence of legal violations. If legal violations become known, the affected external links will be deleted immediately.
VII. Job portal for online applications
1. Description and scope of data processed
Our website offers the option to users to enter personal information in order to apply. Data are entered in an entry form and transmitted to us. Any such data are not transmitted to any other party.
Following data are collected during the application process:
- Date and time of application
- How did you learn about the position?
- First name
- Last name
- Address
- Nationality
- Date of birth
- Highest school-leaving qualification from – to
- Application letter
- CV
- Certificates
- Job reference letters
During the application process, we obtain the applicant’s prior approval for processing such data.
2. Legal basis for the data processing
Article 6 section 1 lit. a DSGVO shall be the legal basis for processing personal data after receipt of the user’s approval to do so.
If the registrations serves to fulfill an agreement to which the user is the contractor, or if it serves as pre-agreement measure, article 6 section 1 lit. b DSGVO shall become an additional legal basis for processing any such data.
3. Purpose of processing data
It is mandatory for the user/applicant to register in order to fulfil the agreement or carry out pre-agreement measures.
Applicants` data are exclusively collected, processed and used by the corresponding company for the purpose of handling the application. Any such data are not transferred to any third party.
In case of a successful application, your personal data and files are used throughout the duration of your employment in accordance with the privacy regulations. If your application was unsuccessful, or if you have sent us an unsolicited application for which no position is available, your applicants data will be deleted after 6 months if not stipulated otherwise or if the continued storage is mandatory as legal evidence.
4. Duration of storage
Applicants’ data are deleted after 6 months, if they are no longer required for fulfilling the purpose of collecting such data.
During the application process or in order to fulfil pre-agreement measures, this is the case when data are no longer needed to fulfill the agreement. Even after entering into an agreement with the applicant, it might be necessary to save personal data of the contracting party in order to fulfill contractual or legal requirements.
5. Deletion of data and duration of storage
Users may withdraw their application at any time. Further, you may ask to modify your personal data stored at any time.
If you would like to withdraw your application, or if you do no longer agree to the storage of your applicants’ personal data during the application process, we will delete your personal data upon your request. In order to do so, please contact the HR department (karriere@davaso.de). In that case, please keep in mind that we can no longer process your application, and the application process is automatically terminated. We reserve the right to amend this data protection policy at any time in order to meet technical and legal requirements. The law of the Federal Republic of Germany shall apply.
If data are required to fulfill an agreement or to carry out pre-agreement measures, data can only be deleted prematurely, if no contractual or legal requirements prevent the deletion of any such data.
VIII. Email contact
1. Description and scope of data processed
It is possible to contact us using the email address provided on our website. In this case, personal user data transmitted with this email are saved.
In this context, any such data are not transmitted to any third party. Data are exclusively stored for processing the conversation.
2. Legal basis for the data processing
Article 6 section 1 lit. a DSGVO shall be the legal basis for processing personal data after receipt of the user’s approval to do so.
Article 6 section 1 lit. f DSGVO shall be the legal basis for processing such data transmitted by email. If the email contact aims at entering into an agreement, an additional legal basis for processing any such data shall be article 6 section 1 lit. b DSGVO.
3. Purpose of processing data
Personal data collected from emails are exclusively used for contacting the corresponding purpose.
4. Duration of storage
Data are deleted as soon as they are no longer needed for the purpose. In case of personal data provided by email, this is the case when the conversation with the corresponding user has ended. A conversation is ended when it is obvious that the conversation subject was conclusively resolved.
5. Objection and elimination possibility
The user can withdraw his/her approval for the processing of personal data at any time. If the user contacts us by email, he/she can object to the use of personal data at any time. In such case, the conversation cannot be continued.
In order to do so, you may send us an email to info@davaso.de or write to DAVASO Holding GmbH, Sommerfelder Straße 120 in 04316 Leipzig.
All personal data stored during the initial contact procedure are deleted in this case.
IX. Rights of the person affected
If your personal data are processed, you are affected within the meaning of DSGVO, and you have following rights against the responsible:
1. Right to information
You are entitled to ask for confirmation whether personal data related to you are processed by use. If we process data, you are entitled to ask the responsible for following information:
- Purpose for which personal data are processed;
- Categories of personal data being processed;
- Recipient and category of recipients who have received or will receive the corresponding personal data;
- Planned storage duration of personal data related to you, or, if concrete information cannot be given, criteria defining the storage duration;
- Existing right to correct or delete personal data related to you and the right to limit the processing by the responsible and the right of objection against such processing;
You are entitled to receive information on whether any of your personal information are transmitted to a third country or an international organization. In this context and in accordance with article 46 DSGVO, you are entitled to receive information regarding suitable guarantees related to the transfer of such data.
2. Right to correction
In case your personal data processed are incorrect or incomplete, you are entitled to request correction and/or completion from the responsible. The responsible shall correct and/or complete any such data with no delay.
3. Right to restrict the processing of personal data
You are entitled to request a restriction of processing your personal data under the following conditions:
- if you challenge the correctness of your personal data for a duration allowing the responsible to review the correctness of such personal data;
- if the processing is unlawful, you reject the deletion of personal data and request a limitation of using such personal data instead;
- if the responsible does no longer need personal data for processing, but needs them to enforce, exercise or defend legal claims, or
- if you filed an objection against the processing of data in accordance with article 21 section 1 DSGVO, and if it was not determined whether the legitimate interest of the responsible prevail against your interest.
If the processing of your personal data was limited, such data may only be processed (other than saving) with your consent or to enforce, exercise or defend legal claims, protect the rights of any other natural person or legal entity or for reasons of substantial public interest of the European Union or any member nation.
If such limited processing was further limited in accordance with above conditions, you shall be informed prior to releasing this restriction.
4. Right to deletion
a) Obligation to delete data
You are entitled to request the immediate deletion of your personal data, and the responsible is obliged to immediately delete such data under any of the following conditions:
- Your personal data are no longer needed for the purpose they were collected for or for which they were processed.
- You withdraw your consent to the processing in accordance with article 6 section 1 lit. a or article 9 section 2 lit. a DSGVO, and there is no other legal basis for processing.
- In accordance with article 21 section 1 DSGVO, you file an objection against the processing, and there are no prevailing legitimate reasons for processing such data, or you file an objection against the processing in accordance with article 21 section 2 DSGVO.
- Your personal data were processed unlawfully.
- Deletion of your personal data is necessary to fulfill legal requirements in accordance with EU law or EU national legislation that applies to the responsible.
- Your personal data were collected in connection with services offered by the data-processing entity in accordance with article 8 section 1 DSGVO.
b) Information to third parties
If the responsible discloses any of your personal data, and if the responsible is obliged to delete such data in accordance with article 17 section 1 DSGVO, the responsible shall take all suitable measures including technical measures considering available technology and implementation costs to inform the responsible person in charge for processing such data that you being the affected person requested the deletion of all links to such personal data, copies or replicas of such personal data.
c) Exceptions
You are not entitled to request the deletion, if such data shall be processed as a result of
- exercising the freedom of expression and information;
- fulfilling legal requirements requesting the processing in accordance with EU legislation or member nations, or performing a task in the public interest or as exercise of official authority attributed to the responsible;
- Reasons of public interest within the area of public health in accordance with article 9 section 2 lit. h and i as well as article 9 section 3 DSGVO;
- archiving, scientific or historical research purposes as well as statistical purposes of public interest in accordance with article 89 section 1 DSGVO to the extent the right mentioned in section a) possibly makes the attainment of the data processing goals impossible or seriously affects it, or
- Assertion, exercise or defense of legal claims.
5. Right to information
If you have filed your right to correction, deletion or restriction against the responsible, the responsible shall inform all recipients to whom any of your personal data were disclosed about the correction, deletion or restriction of the processing, unless it is impossible or causes disproportionate effort.
You are entitled towards the responsible to be informed about such recipients.
6. Right to data transfer
You are entitled to receive your personal data provided to the responsible in a structured, common and machine-readable format. Further, you are entitled to forward your personal data provided to the responsible to another responsible, if
- such processing was based on your consent in accordance with article 6 section 1 lit. a DSGVO or article 9 section. 2 lit. a DSGVO or an agreement in accordance with article 6 section 1 lit. b DSGVO and
- if the processing has been done automatically.
In exercising this right, and if technically possible, you are further entitled to request that your personal data are directly ported from one responsible to another. Freedom and rights of other persons must not be affected in any way.
The data portability right shall not apply to processing of personal data required for fulfilling a task in the public interest or in exercise of official authority.
7. Right to object
You are entitled for reasons resulting from your specific situation to object to the processing of your personal data based on article 6 section 1 lit. e or f DSGVO; This shall also apply to profiling under these regulations.
The responsible does no longer process your personal data, except in case the reponsible can provide compelling and legitimate reasons for the processing that prevail your interest, rights and freedom, or if the processing serves to assert, exercise or defence of legal claims.
If any such personal data are processed in order to run direct marketing, you are entitled at any time to object to the processing of your personal data for such advertising purposes; this shall also apply to the profiling, if it is related to such direct marketing.
If you object to the processing of your personal data fort he purpose of direct marketing, your personal data will no longer be used for this purpose.
Irregardless regulation 2002/58/EG and in connection with the use of services of the information provider, you have the option to exercise your right to objectusing an automated process that uses technical specifications.
8. Right to object to the data protection declaration
You are entitled to object to your data protection consent declaration at any time. The objection to the consent shall not affect the lawful data processing until the time of objection.
9. Automated decision in individual cases including profiling
You are entitled not to be subject to a decision based on exclusive automatic processing including profiling that has a legal effect on you or that considerably affects you in a similar manner. This shall not apply, if
- it is necessary for the conclusion or fulfillment of an agreement between you and the responsible,
- due to legal regulations of the European Union or member nations that apply tot he responsible, such processing is permitted, as long as any such legal stipulations include reasonable measures to protect your rights and freedom as well as your legitimate interest, or
- if the processing has been done with your explicit content.
However, any such decisions must not be based on special categoris of personal data in accordance with article 9 section 1 DSGVO, as long as article 9 section 2 lit. a or g DSGVO do not apply and if reasonable measures are taken to to protect your rights and freedom as well as your legitimate interest.
In case of (1) and (3), the responsible shall take reasonable measures to protect your rights and freedom as well as your legitimate interest, including but not limited to the right to request assistance of a person appointed by the responsible to explain their own position and to appeal the decision.
10. Right to object at supervisory authority
Regardless any other administrative or judicial procedures, you are entitled to appeal before a supervisory authority, especially one in the member nation of your residence, your workplace or the location of the suspected infringement, if you are of the opinion the processing of your personal data violates the DSGVO.
The supervisory authority you appealed before shall report status and results of the complaint to the complainant, including the option of a legal remedy in accordance with article 78 DSGVO.
X. Encryption
In order to protect its content and for data safety purposes, this site uses SSL encryption.
You can recognize an encrypted connection by the browser address bar switching from “http://” to “https://” and the lock symbol in your browser line.