DATA PROTECTION DECLARATION
The following text provides you with information about the way that we process your personal data as part of our Internet services.
GK Software SE
Chairman of the Supervisory Board: Dr. Philip Reimann
Management board: Dipl.-Ing. Rainer Gläß (CEO), Dipl.-Kfm. André Hergert
Amtsgericht Chemnitz HRB 31501
USt.-ID. DE 141 093 347
CONTACT ADDRESS OF DATA PROTECTION OFFICER
WHEN DO WE PROCESS PERSONAL DATA AND WHICH TYPE?
We process your personal data in the following cases:
- If you visit our website, information is automatically sent our website’s server by the browser that you are using on your device. This information is temporarily stored in a so-called log file. The following information is logged without you doing anything and is stored until it is automatically deleted:
- the IP address of the computer making the request,
- the date and time of access,
- the name and URL of the file that has been requested,
- the website, from which access took place (the referrer URL),
- the browser used and possibly the operating system on your computer as well as the name of your access provider.
- We give you the opportunity of contacting us using a readily available form on our website. This means that you must provide some details (they are marked as compulsory boxes) so that we know who is sending the enquiry and how we can process it. Other details can be sent on a voluntary basis in a free text box.
- If you wish to send us an application in order to apply for a job that is being advertised or on your own initiative, we will process the documents that you have sent and your personal data.
- For applications sent by e-mail, we require your name, address, date and place of birth, nationality and qualification papers. You can also send us other voluntary data, which you believe would be advantageous to justify why we should hire you as a member of staff.
- When using the advertising tool on our website, we collect the prescribed personal data that you can enter on the input form. You can send us further documents using the upload function.
- Registering for our newsletter – when you register for our newsletter, we collect your e-mail address (surname/first name/other data). The data that you provide is processed.
- Via the partner portal we offer information for partners regarding training data and training contents of the GK Academy, the possibility for training registration and for downloading training material. The data entered by the user during training registration (name, e-mail, company and telephone number) as well as the data entered during user registration initiated by us (user name and password) are collected and stored exclusively for the use of our offer.
PURPOSES OF PROCESSING DATA
We only make use of the personal data that you actively send us for the agreed purpose in each case and only to the necessary degree.
- We process the data mentioned for the following purposes:
- to guarantee a smooth connection with our website,
- to guarantee that you can use our website with ease,
- to assess the system security and stability – and
- for other administrative purposes.
The legal basis for processing data can be found in Article 6 Para. 1 Sentence 1 f) of the GDPR. Our legitimate interest is based on the purposes for collecting data that are listed above. We never use the data that we collect for the purpose of drawing conclusions about you as a person.
- The processing of data for the purpose of making contact with us takes place according to Article 6 Para. 1 Sentence 1 b), f) of the GDPR on the basis of a pre-contractual procedure and our justified and legitimate interest in using the data that you have declared when making contact with us. If a contract is signed, the data may be entered in our customer service system. The data will not be processed for any other purposes.
- The data processing operations serve the purpose of providing the grounds for and implementing an employment relationship according to Article 88 of the GDPR in conjunction with Section 26 of the German Federal Data Protection Act. If the outcome is positive, your personal data is entered in our personnel file and is used for the purpose of “administering employees”.
- If you have specifically provided your consent according to Article 6 Para. 1 Sentence 1 a) of the GDPR, we will use your e-mail address to regularly send you our newsletter.
- If you have a partner account with us, we will use your data to manage your account and, if a third party misuses your data, as a safeguard for us according to Article 6 Para. 1 Sentence 1 b) of the GDPR.
CATEGORIES OF RECIPIENTS OF PERSONAL DATA
Your personal data is not sent to third parties for any other purposes than those listed below.
We only pass on your personal data to third parties if:
- you have given us your explicit consent for this according to Article 6 Para. 1 Sentence 1 a) of the GDPR,
- passing it on according to Article 6 Para. 1 Sentence 1 f) of the GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding, legitimate interest in not having your data forwarded,
- if there is a statutory obligation to pass on your data according to Article 6 Para. 1 Sentence 1 c) of the GDPR, and
- this is legally permissible and necessary to handle the contractual relationships with you according to Article 6 Para. 1 Sentence b) of the GDPR.
Data will only be passed on to other countries if you have given us your consent for this.
THE LENGTH OF TIME THAT PERSONAL DATA IS STORED
- Cookies are stored in your browser as so-called session cookies, so that your browser automatically deletes them again after you leave the website. In this case, the storage time results from the technical functions of the browser that you are using.
- Personal data, which is transferred to us in conjunction with a contact enquiry on our website, is only stored for the time that it takes to process your enquiry. If a contract is signed, the data that you indicate may be constantly stored for 10 years in our customer service system if there is no other statutory duty obliging us to store the information for a longer period.
- The personal data that is collected is handled in the following ways:
- if your application is rejected: it is stored for at least three months. On the other hand, the maximum storage time is six months;
- if your application is accepted: our storage deadlines apply. The information to which you are entitled will be made available to you when you are employed;
- if you are accepted in our pool of applicants: until further notice.
- The personal data that you have indicated is stored until further notice.
- Any personal data that is transferred to us in conjunction with your registration on our website will only be stored for the time that your account exists. If a contract is signed, the data that you have indicated may be constantly stored in our customer service system for 10 years if there is no other statutory duty obliging us to store the information for a longer period.
We would point out that we delete your data if it is not permissible to store it (particularly if the data is incorrect and it is impossible to make any corrections). Data must be blocked instead of being deleted if any legal or actual obstacles oppose this (for example, special retention requirements based on commercial and tax law stipulations).
RIGHT TO OBJECT
RIGHT TO INFORMATION, CORRECTION, DELETION, RESTRICTIONS
Any affected person has the right to receive information about the personal data involved as well as any correction or deletion or restrictions to the processing arrangements. He or she also has a right to object to the processing.
RIGHT TO DATA PORTABILITY
The affected person is entitled to the right of data portability.
RIGHT TO MAKE A COMPLAINT TO THE SUPERVISORY AUTHORITY
You have the right to make a complaint to the supervisory authority.
MAKING AVAILABLE PERSONAL DATA
There is no statutory obligation for you to make available personal data.
AUTOMATED DECISION MAKING INCLUDING PROFILING
We do not use profiling on our website.
INFORMATION ON COOKIES
The cookie stores information, which is created in conjunction with the device that is specifically used in each case. However, this does not mean that we obtain any direct information about your identity through this.
We firstly deploy cookies to make it more pleasant for you to use our services. For example, we make use of so-called session cookies in order to recognise that you have already visited individual pages of our website in the past. They are automatically deleted once you leave our site.
We also make use of temporary cookies to optimise the user-friendliness of our site; they are stored on your device for a fixed period of time. If you visit our site once again in order to make use of our services, the cookie automatically recognises that you have already been to our site and recalls the information and settings that you entered so that you do not have to input this information once again.
The data processed by cookies is necessary for the purposes already mentioned to safeguard our legitimate interests and those of third parties according to Article 6 Para. 1 Sentence 1 f) of the GDPR.
Most browsers automatically accept cookies. However, you can configure your browser in such a way that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot make use of all the functions on our website.
INTEGRATING YOUTUBE VIDEOS
We embed YouTube videos on some of our websites. The operator of the appropriate plug-ins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit a site with the YouTube plug-in, this creates a connection with the YouTube servers. This means that YouTube knows which sites you are visiting. If you have logged into your YouTube account, YouTube can personally associate your surfing behaviour with you. You can prevent this by logging out of your YouTube account beforehand.
Anybody who has deactivated the storage of cookies for the Google Ad programme does not need to handle any such cookies when looking at YouTube videos. However, YouTube does store non-personal usage information in other cookies too. If you wish to prevent this, you must block any storage of cookies in your browser.
You can find more information about data privacy at “YouTube” in the provider’s data privacy statement at: https://policies.google.com/privacy?hl=en&gl=en
INTEGRATING GOOGLE MAPS
This website makes use of the Google Maps product provided by Google Inc. When using this website, you declare that you agree to the logging, processing and usage of the data that is automatically gathered by Google Inc., its representatives and third parties.
Any usage of "Google Maps" and the information gathered via “Google Maps” takes place according to the conditions of use at Google:
as well as the additional terms of business for “Google Maps”:
In order to protect input forms on our site, we use the “reCAPTCHA” service provided by Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Irland, hereinafter referred to as “Google”. By using this service, it is possible to distinguish whether the appropriate information that is input comes from a person or is being improperly entered by some automated machine processor.
To the best of our knowledge, the referrer URL, the IP address, the behaviour of the website visitors, information about the operating system, browser and time spent, cookies, presentation instructions and scripts, the user’s input behaviour and mouse movements is all sent to “Google” in the area of the “reCAPTCHA” checkbox. Google uses the information that is obtained in this way, among other things, to digitalise books and other printed products and optimise services like Google Street View and Google Maps (for example, house numbers and street name recognition).
The IP address transmitted as part of “reCAPTCHA” is not merged with other data held by Google, unless you are logged into your Google account at the time when you make use of the “reCAPTCHA” plug-in. If you wish to prevent this transfer and storage of data about you and your behaviour on our website by “Google”, you must log out of “Google” – particularly before you visit our site or make use of the reCAPTCHA plug-in.
The use of the “reCAPTCHA” service takes place according to the Google conditions of use: https://www.google.com/intl/en/policies/privacy/.
We make use of the widespread SSL protocol (secure socket layer) when you visit our website in conjunction with the highest available degree of encryption that is supported by your browser. This normally involves 256-bit encryption. If your browser does not support any 256-bit encryption, we make use of the 128-bit v3 technology instead. You can see whether an individual page of our Internet site is being transmitted in encrypted form by the closed image of the key or lock symbol on the lower status bar of your browser.
We also make use of suitable technical and organisational security measures in order to protect your data against any random or deliberate manipulation, partial or complete loss, destruction or against any unauthorised access by third parties. Our security measures are continually being improved in line with technical developments.
Data Protection Declaration Social Media
The company operates profiles on the following networks:
The providers of the various platforms are primarily responsible for informing the individuals concerned about the processing operations and enabling them to exercise their data protection rights. Regardless of this, we would like to take this opportunity of informing you about our presentations on social networks. We recommend that you do not send us any sensitive data via these profiles. Please use a direct communications channel for this.
Our data processing operations
The platform operators publish all the data that you enter on our social network profiles (e.g. comments, photos, private messages, etc.) and we only use it for the following purposes. Article 6 Para. 1 Sentence 1 of the GDPR provides the legal basis for this. The legitimate interest for our processing work with our visitors involves public relations work, modern information and interaction opportunities and making contact with applicants (Xing, LinkedIn); this takes place via private and GK accounts.
Data processing by the platform operators
When people access our profiles, the platform’s operator processes the data. We cannot influence the way that this takes place and we cannot see what is happening either. However, the procedure usually depends on whether you yourself have actually registered with the particular platform. It is possible that the providers process the data outside the EU, so we cannot guarantee that procedures will conform to the data protection principles laid down in the GDPR. However, all the providers are subject to the Privacy Shield and it obliges them to comply with the data protection standards that apply in Europe.
You will find further information about how the individual platform operators process data in their data privacy declarations:
- Facebook: social network; service provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com, data privacy statement: https://www.facebook.com/about/privacy; Privacy Shield (guaranteeing the data privacy level when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; opt-out: settings for advertisements: https://www.facebook.com/settings?tab=ads; additional information on data privacy: Agreement on the Joint Processing of Personal Information on Facebook Sites: https://www.facebook.com/legal/terms/page_controller_addendum; data privacy information for Facebook sites: https://www.facebook.com/legal/terms/information_about_page_insights_data.
- Twitter: social network; service provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; data privacy statement: https://twitter.com/de/privacy, (settings) https://twitter.com/personalization; Privacy Shield (guaranteeing the data privacy level when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.
- LinkedIn: social network; service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; website: https://www.linkedin.com; data privacy statement: https://www.linkedin.com/legal/privacy-policy; Privacy Shield: (guaranteeing the data privacy level when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active; opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
- Xing: social network; service provider: XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany; website: https://www.xing.de; data protection statement: https://privacy.xing.com/de/datenschutzerklaerung.
Since we only have very little influence on the way that individual providers process data, we would ask you to contact the relevant platform operator directly in order to assert your rights.
According to Article 13 Para. 2 of the GDPR, you have the following rights:
- Right to information: Article 15 of the GDPR
- Right to rectification: Article 16 of the GDPR
- Right to deletion: Article 17 of the GDPR
- Right to restrict processing: Article 18 of the GDPR
- Right to data portability: Article 20 of the GDPR
- Right to object: Article 21 of the GDPR
- Right to lodge a complaint with a supervisory authority: Article 77 of the GDPR
VALIDITY AND CHANGES TO THIS DATA PROTECTION DECLARATION
This data protection declaration is valid at this time and was correct in May 2018.
It may be necessary to amend this data protection declaration as a result of the ongoing development of our website and services that it provides or because of changes in statutory or administrative stipulations. The latest version of the data protection declaration can be accessed and printed from the website at any time.