Data Protection Declaration & Privacy Policy

Data Protection Declaration

We support the EU-GDPR

Protecting your personal data is extremely important to us. Self-evidently, therefore, when collecting, processing and using personal data, we comply with the legal provisions specified by the EU’s GDPR.

The following declaration is intended to provide you with an overview of the type of data we collect, how we use and transfer them, the security measures we employ for your protection and your rights to information in this regard.

1.   Name and address of the controller

The controller in the sense of the General Data Protection Regulation and other national data protection laws in member states, as well as other data protection provisions is:

ITConcepts PSO GmbH

Director: Thomas Krumsdorf, Marcus Westen

In den Dauen 6

53117 Bonn

Germany

Tel: +49 (0)228-9087330

Email: info@itconcepts.net or datenschutz@itconcepts.net

Website: www.itconcepts.de and www.itconcepts.net

2.   Name and address of the Data Protection Officer

The Data Protection Officer of the controller is:
LL.M. Felicitas Berger, Fachexpertin Datenschutz / Expert data protection - EXT TÜV SÜD Sec-IT GmbH

@ITConcepts PSO GmbH

In den Dauen 6

53117 Bonn

Germany

Tel: +49 (0)228-9087330

Email: datenschutz@itconcepts.net

Website: www.itconcepts.de and www.itconcepts.net

3.   General points on data processing

3.1.Scope of processing of personal data

Generally, we only process our users’ personal data if this is required in order to provide a functional website, along with our content and services. We only process our users’ personal data on a regular basis with the user’s consent. An exception applies in such cases whereby it is not possible to obtain prior consent for practical reasons and the processing of the data is permitted by law.

3.2.Legal basis for processing personal data

If we have obtained consent from the person affected for processes for processing personal data, Article 6 (1a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

Article 6 (1b) of the GDPR serves as the legal basis for processing personal data required to fulfil a contract, the affected person being a contracting party. This also applies to processing processes required for the implementation of pre-contractual measures.

If processing personal data is required to fulfil a legal obligation that our company is subject to, Article 6 (1c) of the GDPR serves as the legal basis.

In the event that the vital interests of the affected person or another natural person make it necessary to process personal data, Article 6 (1d) of the GDPR serves as the legal basis.

If the processing is required for the protection of the legitimate interests of our company or a third party and the first-mentioned interest does not outweigh the interests, fundamental rights and freedoms of the affected person, Article 6 (1f) of the GDPR serves as the legal basis for the processing.

3.3.Data deletion and storage period

The personal data of the affected person are deleted or blocked as soon as the purpose of the storage lapses. Furthermore, data can be stored if provision is made for this by the European or national legislator in EU legal ordinances, laws or other rules to which the controller is subject. The data are also blocked or deleted if a retention period provided for by the aforementioned standards expires unless the further storage of the data is required in order to conclude or fulfil a contract.

4.   Provision of the website and creation of logfiles

4.1.Description and scope of data processing

In principle, you can visit our sites without needing to give away personal information.

Our system automatically collects data and information from the system of each computer visiting our website.

The following data are collected as part of this process:

  • Information regarding the type of browser and the version used
  • The user’s operating system
  • The user’s Internet Service Provider
  • The user’s IP address
  • Date and time website was accessed
  • Websites from which the user’s system has been directed to our website
  • Websites accessed by the user’s system via our website

The data are also stored in our system’s logfiles. These data are not stored together with the user’s other personal data and are used exclusively for statistical purposes. They serve the purpose of improving our online presence and our offers.

4.2.Legal basis for data processing

Article 6 (1f) of the GDPR provides the legal basis for the temporary storage of data and logfiles.

4.3.Purpose of data processing

The temporary storage of the IP address by the system is necessary in order to facilitate the delivery of the website to the user’s computer. The user’s IP address must be stored for the duration of the session for this to be possible.

Storage in logfiles guarantees the functionality of the website. In addition, the data allow us to optimise the website and guarantee the security of our IT systems. In this context, the data are not analysed for marketing purposes.

We also have a legitimate interest in data processing for these purposes in accordance with Article 6 (1f) of the GDPR.

4.4.Storage duration

The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the event that the data were collected in order to provide the website, the above applies once the respective session has ended.

In the case of data storage in logfiles, the data are deleted after seven days at the latest. An extension to the storage period is possible. In this case, the user’s IP address is deleted or scrambled so that it is no longer possible to assign the client visiting the site.

4.5.Possibility of opt-out and removal

The collection of data in order to provide the website and the storage of data in logfiles is absolutely essential for operating the website. Consequently, it is not possible for the user to opt out.

5.   Use of cookies

5.1.Description and scope of data processing

Our website uses cookies. Cookies are text files stored in the internet browser and/or by the internet browser on the user’s computer system. A cookie may be stored on the user’s operating system when they visit a website. This cookie contains a characteristic string, making it possible to clearly identify the browser when revisiting the website.

We use cookies to make our website more user-friendly. Some elements of our website need to be able to identify the visiting browser even after it has moved to another site.

The following data are stored and transferred in the cookies as part of this process:

  • Language settings
  • Login information

Furthermore, we use cookies on our website that make it possible to analyse the user’s surfing behaviour.

The following data may be transferred in this way:

  • Search terms entered
  • Frequency of visits to site
  • Use of website functions

The user data collected in this way are pseudonymised by means of technical precautions. Therefore, it is no longer possible to assign the data to the visiting user. The data are not stored together with the user’s other personal data.

Users visiting our website are informed about the use of cookies for analytical purposes by means of an info banner and referred to this data protection declaration. In this context, the user is also reminded that the storage of cookies can be prevented via the browser settings.

5.2.Legal basis for data processing

The legal basis for processing personal data using technologically necessary cookies is Article 6 (1f) of the GDPR.

The legal basis for processing personal data using cookies for analytical purposes is Article 6 (1a) of the GDPR if the user’s consent has been obtained in this regard.

5.3.Purpose of data processing

The purpose of using technologically necessary cookies is to simplify the use of websites for users. We are unable to offer some functions of our website without using cookies. These need to be able to identify the browser even after it has moved to another site.

We need cookies for the following applications:

  • Takeover of language settings
  • Remembering search terms

The user data collected using technologically necessary cookies are not used to create user profiles.

The use of analysis cookies has the purpose of improving the quality of our website and its contents. The analysis cookies tell us how the website is used, thereby allowing us to constantly optimise our offer. Above all, they serve the purpose of making visits to our website comfortable and facilitating the use of certain functions. They are automatically deleted at the end of your visit. We do not collect or process any personal data by using them.

The purpose of the analysis is the improvement of the content on offer on the basis of search enquiries and the expansion of certain information for users, as well as making information easier to find.

We also have a legitimate interest in processing personal data for these purposes in accordance with Article 6 (1f) of the GDPR.

5.4.Storage duration, objection and disposal option

Cookies are stored on the user’s computer and transferred from here to our site. Therefore, as the user, you also have complete control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can also take place automatically. If cookies are deactivated for our website, it is possible that not all of the functions of the website can be used to their full extent anymore.

6.     Newsletter

6.1.Description and scope of data processing

It is possible to subscribe to a free newsletter on our website. As part of this, the data entered into the input mask when registering for the newsletter (name, email address) are transmitted to us.

The following data are also collected during registration:

  • IP address of the visiting computer
  • Date and time of registration

Your consent is obtained for the processing of the data as part of the registration process and you are referred to this data protection declaration.

The data is not passed on to any third parties as part of the processing of data for sending out newsletters. The data are used exclusively for sending out the newsletter.

6.2.Legal basis for data processing

If the user’s consent has been obtained, the legal basis for processing the data following registration for the newsletter is Article 6 (1a) of the GDPR.

6.3.Purpose of data processing

Collecting the user’s email address serves the purpose of delivering the newsletter. The collection of other personal data as part of the registration process serves the purpose of preventing misuse of the services or of the email address used.

6.4.Storage duration

The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. Thus, the user’s email address is only stored for as long as the newsletter subscription is active.

The other personal data collected as part of the registration process are generally deleted after a period of seven days.

6.5.Possibility of opt-out and removal

The user concerned can cancel their subscription to the newsletter at any time. For this purpose, there is an appropriate link in each newsletter.

This also makes it possible to revoke consent to the storage of personal data collected during the registration process.

7.     Registration

7.1.Description and scope of data processing

On our website, we offer users the opportunity to register by handing over personal data. This involves the data being entered into an input mask and transmitted to us before being stored. The data are not passed on to third parties. The following data are collected as part of the registration process:

Registration for training:

  • The user’s IP address
  • Date and time of registration
  • Surname
  • First name
  • Email
  • Address
  • Post code
  • City/town
  • Telephone number
  • Company

Registration for information (brochure download)

  • The user’s IP address
  • Date and time of registration
  • Surname
  • First name
  • Email

Online application:

  • The user’s IP address
  • Date and time of registration
  • Title
  • First name
  • Surname
  • Telephone number
  • Mobile number
  • Email
  • Street
  • Post code
  • City/town
  • Country
  • Nationality
  • Date of birth

The user’s consent for processing this data is obtained as part of the registration process.

7.2.Legal basis for data processing

If the user’s consent has been obtained, the legal basis for processing the data is Article 6 (1a) of the GDPR.

7.3.Purpose of data processing

Registering the user is required to provide certain content and services on our website.

7.3.1.     Online application

The purpose of storing applicant data is to fill an open position within the company. If the position is not filled or not filled with another person, the purpose of filling the position ceases for the applicant concerned. In principle, the applicant’s data must be deleted with this and therefore the application and/or the documents given back to the applicant.

7.4.Storage duration

The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected.

This is the case for data collected during the registration process if the registration is cancelled or amended on our website.

7.4.1.     Online application

The employer may retain the application documents (and also the documentation relating to the application process) once the application has been completed in order to be able to provide a defence in the event of potential allegations of discrimination. These claims must be asserted within two months of receiving the rejection, pursuant to Article 15, Paragraph 4 of the General Equal Treatment Act. The employer must retain the application documents for an equal period of time to allow them to rebut the accusations and defend themselves against the claims. Consequently, it is the case that the application documents are returned or destroyed two months after the applicant has received the rejection at the latest.

Their application documents may only be stored for a longer period of time if separate written consent has been obtained for this.

We delete your speculative application if there is unlikely to be a suitable position in the foreseeable future. Longer-term storage of the [...] also in this case

7.5.Possibility of opt-out and removal

As the user, you have the option to cancel the registration at any time. You can have the data stored about you modified at any time.

8.        Contact form and email contact

8.1.Description and scope of data processing

There is a contact form on our website, which can be used for making contact electronically. If a user avails themselves of this, the data entered into the input mask are transmitted to us and stored. These data are:

  • Name
  • Email address

In addition, the following data are stored at the moment the message is sent:

  • The user’s IP address
  • Date and time of registration

Your consent will be obtained for processing the data as part of the sending process and you will be referred to this data protection declaration.

Alternatively, it is possible to make contact via the email address provided. In this case, the user’s data transmitted with the email are stored.

In this context, the data are not passed on to any third parties. The data are used exclusively for processing the conversation.

8.2.Legal basis for data processing

If the user’s consent has been obtained, the legal basis for processing the data is Article 6 (1a) of the GDPR.

The legal basis for processing the data transmitted in the course of sending an email is Article 6 (1f) of the GDPR. If the email contact is aimed at concluding a contract, Article 6 (1b) of the GDPR provides an additional legal basis for the processing.

8.3.Purpose of data processing

The processing of personal data from the input mask serves solely to enable us to process the contact. In the case of email contact, the required legitimate interest in processing the data is also in place.

The other personal data processed during the sending process serve the purpose of preventing any misuse of the contact form and safeguarding the security of our IT systems.

8.4.Storage duration

The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. For personal data from the input mask on the contact form and data sent by email, this is then the case once the respective conversation with the user has ended. The conversation is then finished when it is clear from the circumstances that the issue concerned has been conclusively resolved.

The additional personal data collected during the sending process are deleted after a period of seven days at the most.

8.5.Possibility of opt-out and removal

The user can revoke their consent for the processing of personal data at any time. If the user contacts us by email, they can opt out of their personal data being stored at any time. In such a case, the conversation cannot be continued.

In order to prevent misuse to protect your interests, opt-outs must be made by email from the corresponding registered email address. Proof of identity must be provided in the case of opt-out by telephone or post.

The following methods of contact are available to you:

Telephone:    +49 (0)228-9087330

Email:          datenschutz@itconcepts.net

By post:

ITConcepts PSO GmbH – Data Request – In den Dauen 6, 53117 Bonn, Germany

All personal data stored in the course of making contact are deleted in this case.

9.     Rights of the affected person

If personal data belonging to you are processed, you are the affected person in the sense of the GDPR and you have the following rights with respect to the controller:

9.1.Right of access

You can request confirmation from the controller as to whether personal data concerning you are processed by us.

If this processing does indeed occur, you can request access to the following information from the controller:

(1)     The purposes for which the personal data are processed

(2)     The categories of personal data processed

(3)     The recipients and/or the categories of recipients to whom the personal data concerning you were disclosed or are still disclosed

(4)     The planned duration of storage of the personal data concerning you or, if not concrete information on this can be obtained, criteria for setting the storage duration

(5)   The existence of a right to correction or deletion of the personal data concerning you, a right to restriction of the processing by the controller or a right to opt out of this processing

(6)   The existence of a right to make a compliant to a regulatory authority

(7)   All available information about the origin of the data if the personal data were not collected from the person concerned

You have the right to request information as to whether the personal data concerning you are transmitted to a third country to an international organisation. In this context, you can request information about the appropriate guarantees pursuant to Article 46 of the GDPR in connection with the transmission.

9.2.Right to correction

You have the right to correction and/or completion with respect to the controller if the processed personal data that concerns you are incorrect or incomplete. The controller must implement the correction without delay.

9.3.Right to restrict processing

You can request a restriction on the processing of personal data concerning you under the following conditions:

(1)   If you contest the accuracy of personal data concerning you for a period of time that enables the controller to verify the accuracy of your personal data

(2)   The processing is unlawful and you reject the deletion of the personal data in favour of requesting a restriction on the use thereof

(3)   The controller no longer needs the personal data for the purposes of processing but you, however, need them for the purpose of asserting, exercising or defending legal claims or

(4)   If you have filed an objection to the processing pursuant to Article 21 (1) of the GDPR and it has not yet been clarified whether the controller’s legitimate reasons outweigh your own reasons.

If the processing of personal data concerning you has been restricted, these data (aside from the storage thereof) may only be processed with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction on processing was restricted in accordance with the aforementioned conditions, you will be informed by the controller before the restriction is lifted.

9.4.Right to deletion

a)     Duty to delete

You can demand that the controller delete the personal data concerning you immediately and the controller is responsible for deleting this data immediately if one of the following reasons applies:

(1)   The personal data concerning you are no longer necessary for the purposes for which they were collected or processed in another way.

(2)   You revoke the consent you previously gave, on which the processing was based pursuant to Article 6 (1a) or Article 9 (2a) of the GDPR and there is no other legal basis for the processing.

(3)   You are entering an objection to the processing pursuant to Article 21 (1) of the GDPR and there are no overriding legitimate reasons for the processing or you are entering an objection to the processing pursuant to Article 21 (2) of the GDPR. 

(4)   The personal data concerning you were processed unlawfully.

(5)   The deletion of the personal data concerning you is required to fulfil a legal obligation in accordance with European Union law or the law of member states to which the controller is subject. 

(6)   The personal data concerning you were collected in relation to the provision of information society services pursuant to Article 8 (1) of the GDPR.

b)     Information to third parties

If the controller has made the personal data concerning you public and is obliged to delete it pursuant to Article 17 (1) of the GDPR, taking into account available technology and implementation costs, it shall take appropriate measures, including technical means, to inform entities responsible for data processing who process the personal data that you, as the affected person, have requested the deletion of all links to these personal data or of copies or replications of these personal data.

c)     Exceptions

There is no right to deletion if the processing is required

(1)   to exercise the right to freedom of expression and information

(2)   to fulfil a legal obligation in accordance with European Union law or the law of member states to which the controller is subject or to perform a task in the public interest or in the exercise of official authority assigned to the controller

(3)   for reasons of public interest in the area of public health pursuant to Article 9 (2h/i), as well as Article 9 (3) of the GDPR

(4)   for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) of the GDPR, if it is not anticipated that the right mentioned in section a) will make achieving the objectives of this processing impossible or seriously affect it or

(5)   for the purpose of asserting, exercising or defending legal claims

9.5.Right to information

If you have asserted the right to correction, deletion or restriction of processing with respect to the responsibly entity, the latter is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction to its processing unless this proves to be impossible or would involve disproportionate effort.

You have the right to have the controller inform you of these recipients.

9.6.Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, common and machine-readable format. In addition, you have the rate to transmit these data to another controller without hindrance on the part of the controller to which the personal data were provided, if

(1)   the processing is based on consent pursuant to Article 6 (1a) of the GDPR or Article 9 (2a) of the GDPR or a contract pursuant to Article 6 (1b) Of the GDPR and

(2)   the data are processed by means of an automated process.

In exercising this right, you also have the right to request the direct transmission of the personal data concerning you from one controller to another controller if this is technically feasible. The freedoms and rights of other people must not be affected by this.

The right to data portability does not apply to the processing of personal data required to perform a task in the public interest or in the exercise of official authority assigned to the controller.

9.7.Right to object

You have the right, for reasons arising from your particular situation, to file an objection at any time to the processing of the personal data concerning you on the basis of Article 6 (1e) or (1f) of the GDPR; this also applies to profiling based on these provisions.

The responsibly entity does not process the personal data concerning you unless they can provide evidence of compelling, legitimate grounds for the processing, which outweigh your interests, rights and freedoms or the processing serves the purposes of asserting, exercising or defending legal claims.

If the personal data concerning you are processed in order to carry out direct advertising, you have the right to file an objection at any time against the processing of the personal data concerning you for such advertising; this also applies to profiling if it is associated with such direct advertising.

If you object to the processing for purposes of direct advertising, this means that the personal data concerning you will no longer be used for these purposes.

In the context of the use of services of the information society, you are able to exercise your right of objection by means of an automated process in which technical specifications are used.

9.8.Right to revoke data protection declaration of consent

You have the right to revoke your data protection declaration of consent at any time. The legality of any processing carried out on the grounds of the consent up to the point of the revocation remains unaffected by the revocation.

10.      Other information

10.1.   Passing on to third parties

The ITConcepts group of companies guarantees that it will handle your data confidentially. The data are not passed on to third parties, be it by means of sale, leasing, exchange or making them available to third parties in another way.

10.2.    Transmission to a foreign country

Your data are not transmitted to any foreign countries.

10.3.   Data transmission security

We implement technical and organisational measures to secure our website and other systems against loss, destruction, access, modification or distribution of your data by unauthorised persons. We have established our security measures in accordance with generally accepted industry standards, so that personal data transmitted to us is as well protected as possible, both during transfer and after being received (e.g. by means of firewalls, anti-virus systems, UPS, back-ups etc.). Nevertheless, no transmission over the internet and no storage method is 100% secure. If, in individual cases, personal data are collected via our website, the transfer is encrypted using what is currently the most common and secure data transfer method, SSL "Secure Socket Layer". Furthermore, we ensure that access to your personal data is only granted to employees of our company who need these in order to complete their respective tasks. They receive appropriate training in relation to security and data protection.

10.4.   Links

If you click on a link to the website of a third-party company (e.g. manufacturers and partners), you leave our website and are directed to the selected website. As we are unable to monitor the activities and content of these third-party companies, we assume no responsibility for any use of personal data by these companies. We do not transmit any data to these companies!