Data Protection Policy
This data protection policy explains to you the nature, scope and purpose of the processing of personal data (“Data”) within our website and the associated webpages, functions and content, along with our external online presence such as e.g. our social media profile (further together referred to as “Website”). In regard to the terms used such as “processing” or “controller” we refer to the definitions in Article 4 General Data Protection Regulation (GDPR).
mobilverde technologies GmbH
Tel: +49 (2451) 910750-80
Fax: +49 (2451) 910750-81
Types of Data processed:
– Inventory Data (e.g. names, addresses).
– Contact details (e.g. e-mails, telephone numbers).
– Content Data (e.g. text input, photographs, videos).
– Usage Data (e.g. webpages visited, interest in content, access times).
– Meta/communication Data (e.g. device information, IP addresses).
Categories of data subjects
Visitors and users of the Website (we further refer to data subjects together as “Users”).
Purpose of the processing
– the provision of the Website, its functions and content.
– the answering of contact requests and for communication with Users.
– security precautions.
– audience measurement/marketing
‘Personal data’ is any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. ”Processing” means any operation or set of operations which is performed in connection with personal data, whether or not by automated means; the term is extensive and encompasses virtually any handling of Data. ’Pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. ’Profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. ’Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. ’Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Relevant legal bases
Further to Article 13 GDPR we provide you with the legal basis for the processing. Where the legal basis is not specified in the Data Protection Policy, the following applies: the legal basis for the collection of consents is Article 6(1)(a) and Article 7 GDPR; the legal basis for processing in the performance of our services and in the implementation of steps under a contract along with the response to requests is Article 6(1)(b) GDPR; the legal basis of processing for compliance with our legal obligations is Article 6(1)(c), and the legal basis of processing for the protection of our legitimate interests is Article 6(1)(f) GDPR. Where processing is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6(1)(d) GDPR serves as the legal basis.
In compliance with Article 32 GDPR, we take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, appropriate technical and organisational measures to ensure a level of security appropriate to the risk. These measures include in particular the safeguarding of confidentiality, integrity and availability of Data through the control of physical access to the Data as well as any sharing in relation to it, input, transfer, safeguarding of availability and its segregation. Furthermore, we have put procedures in place that ensure the rights of data subjects are observed, Data is erased and any threats to the Data are addressed. In addition, we factor in the protection of personal data in our development and/or selection of hardware, software and processes in line with the principle of data protection by design and by default (Article 25 GDPR).
Collaboration with processors and third parties
To the extent we disclose Data to other persons and organisations (processors or third parties) in the course of processing, transfer it to the latter or otherwise allow them access to the Data, this shall be done only on the basis of a legal authorisation (e.g. if a transfer of the Data is required to third parties, such as payment service providers, under Article 6(1)(b) GDPR for performance of a contract), you have given consent, a legal obligation envisages this or [this is done] on the basis of our legitimate interests (e.g. where subcontractors, web hosting providers etc. are used). Where we engage third parties to process Data on the basis of a “processing contract”, this occurs on the basis of Article 28 GDPR.
Transfers to third countries
To the extent we process Data in a third country (i.e. one outside the European Union (EU) and the European Economic Area (EEA)) or this is done within the framework of our use of third-party services or there is disclosure or transfer of Data to third parties, this occurs only in performance of our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process Data or have it processed in a third country only where the particular requirements of Articles 44 et seq. GDPR are in place. This means processing is done, for example, on the basis of special guarantees such as the officially recognised identification of a level of data protection matching that of the EU (e.g. for the USA, through the “privacy shield”) or compliance with particular contractual obligations that have been officially recognised (“standard contractual clauses”).
Rights of the data subjects
You have the right to obtain confirmation as to whether personal data concerning you is being processed, and information about such Data as well as further information and a copy of the Data under Article 15 GDPR. Under Article 16 GDPR you have the right to have incomplete Data about you completed or inaccurate Data relating to you rectified. Under Article 17 GDPR you have the right to request the erasure of personal data without undue delay or, alternatively, under Article 18 GDPR, to request a restriction of processing of the Data. You have the right under Article 20 GDPR to receive the personal data concerning you, which you have provided to us, and have the right to request its transmission to another controller. Furthermore, under Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority.
Right of revocation
Under Article 7(3) GDPR you have the right to withdraw consents given, with future effect.
Right to object
You may, under Article 21 GDPR, object at any time to the future processing of personal data concerning you. The objection may, in particular, be made against processing for direct marketing purposes.
Cookies and the right to object in the case of direct marketing
Erasure of Data
The Data processed by us is erased or restricted in terms of its processing under Articles 17 and 18 GDPR. Unless expressly indicated in this data protection policy, the Data stored with us will be erased as soon as it is no longer needed for its purpose and its erasure does not contravene any statutory retention obligations. Where Data is not erased because it is required for other, legally permitted purposes, its processing shall be restricted. This means the Data is made unavailable to users and not used for other purposes. That applies to Data that has to be retained on commercial or tax law grounds, for example. Under legal regulations in Germany, records are retained specifically for ten years under Article 147(1) German Fiscal Code, Section 257(1) Nos. 1 and 4, and (4) German Commercial Code (books, records, management reports, vouchers, trading books, tax-relevant documentation, etc.) and six years under Section 257(1) Nos. 2 and 3, and (4) German Commercial Code (business letters).
In addition, we process - Contractual data (e.g. the subject matter of the contract, term, customer category). - Payment details (e.g. bank details, payment history) of our customers, potential buyers and business partners for the purpose of performing our contractual services, customer service and support, marketing, advertising and market research.
Administration, financial accounting, office administration, contact administration
We process Data as part of our administrative responsibilities and the organisation of our business, financial accounting and compliance with legal obligations such as archiving, for example. In so doing, we process the same Data as we process in the context of performing our contractual obligations. The processing bases are Article 6(1)(c) GDPR and Article 6(1)(f) GDPR. Customers, potential buyers, business partners and visitors to our webpage are affected by the processing. The purpose of and our interest in processing the Data lies in the administration, financial accounting, office administration and archiving of Data, i.e. tasks for the purpose of maintaining our business activities, fulfilling our responsibilities and performing our services. The erasure of Data in relation to contractual services and the contractual communications is in line with the information given in relation to this processing activity. In this way, we publish or transfer Data to the financial management department, advisers such as tax advisers or auditors in addition to other charges offices and payment services providers. Moreover, we store information based on our business interests relating to suppliers, operators and other business partners, for example, in order to contact them later. We generally store such – largely organisation-related – information long-term.
Data protection in application procedures
We process applicant data solely for the purpose and as part of the application process in compliance with the legal regulations. Applicant data is processed in performance of our (pre-)contractual obligations as part of the application process within the meaning of Article 6(1)(b) GDPR, Article 6(1)(f) GDPR where the data processing is necessary for us e.g. as part of the legal procedure (Section 26 Federal Data Protection Act also applies within Germany). The application process requires applicants to share applicant data with us. The necessary applicant data is marked (where we provide an online form) and is otherwise made clear from the job descriptions, and essentially includes information about the person, his or her postal address and contact details and the documents relating to the application such as cover letter, CV and education certificates. Aside from this, applicants may share additional information with us voluntarily. By sending us their applications, applicants declare their consent to the processing of their Data for the purposes of the application process in the manner and scope set out in this data protection policy. Where particular categories of personal data under Article 9(1) GDPR are shared voluntarily as part of the application process, they are additionally processed in line with Article 9(2)(a) GDPR (e.g. health information such as a severe disability or ethnic background). Where particular categories of personal data under Article 9(1) GDPR are requested from applicants as part of the application process, they are additionally processed in line with Article 9(2)(b) GDPR (e.g. health information where this is required for the exercise of the profession). Applicants may send us their applications by e-mail. Here, we ask them to note that e-mails are not generally sent in encrypted form and the applicants must take care of encryption themselves. We are therefore unable to accept responsibility for the route via which the application is transferred from the sender and its receipt on our server and therefore sooner recommend sending the application by post. This is because, instead of applying via e-mail, applicants have the further option of sending us their application by post. The Data provided by applicants may be further processed by us (in case of a successful application) for employment-related purposes. Otherwise, where the application for a position is not successful, the applicants’ Data are erased. Applicants’ Data are similarly erased if an application is withdrawn, which the applicants are entitled to do at any time. Subject to a legitimate withdrawal by the applicant, the Data are erased once a period of six months has elapsed so that we are able to respond to any follow-up questions in relation to the application and are able to satisfy our evidential obligations under Germany’s General Act on Equal Treatment. Invoices in relation to any reimbursement of travel costs are archived in line with tax law regulations.
Further information on data use by Google, options for settings and for making an objection is available in Google’s data protection policy (https://policies.google.com/technologies/ads) and in the settings for pop-ups by Google (https://adssettings.google.com/authenticated). After 14 months Users’ personal data is either erased or rendered anonymous.
Google Universal Analytics
We use Google Analytics in its configuration as “Universal-Analytics”. “Universal Analytics” describes a process of Google Analytics, in which user analysis is done on the basis of a pseudonymous user ID, and a pseudonymous profile of the user is created using information from the use of different devices (“Cross Device Tracking”).
Incorporation of third-party services and content
Within our Website and based on our legitimate interests (meaning our interest in analysing, optimising and the commercial operation of our Website within the meaning of Article 6(1)(f) GDPR), we use content or service packages of third-party providers for the purpose of incorporating their content and services such as, for example, videos or fonts (together referred to as “Content”). This is always conditional upon the third-party providers of such content recognising the users’ IP address, as without the IP address they would be unable to send the content to the Users’ browser. Hence the IP address is required in order to show such content. We endeavour to use only content in respect of which the relevant providers use the IP address solely for the purpose of delivering the content. Third-party providers may furthermore use “pixel tags” (invisible graphics also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as user traffic on the pages of this Website. Pseudonymous information can further be stored in cookies on the User’s device and may contain, among other things, technical information about the browser and operating system, linked webpages, length of the visit as well as other information on the use of our Website, and may also be linked to such information from other sources.
We incorporate the “Google Maps” map function of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data processed may in particular include Users’ IP addresses and session data which cannot be collected without the Users’ consent, however (usually through the settings on their mobile devices). The data may be processed in the USA. Data protection policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated