- Basic information on data processing and legal basis
- Types of data processed/ categories of data subjects
- Safety measures
- Passing on of data to third parties and third-party providers
- Provision of contractual services/ registration
- Making contact
- Comments and contributions
- Collection of access data and log files
- Google Analytics
- Use of single sign-on procedures Facebook Connect
- Payment processing
- PDF creation
- Rights of the data subject
- Deletion of data
- Right of objection
- inventory data (e.g. names and addresses of customers),
- Contact details (e.g. e-mail, telephone numbers),
- Communication data,
- Contract data (e.g. services used, names of clerks, payment information),
- Usage data (e.g. the visited websites of our online offer, interest in our 2.2 The following persons are affected by the data processing:
- Contract and business partners,
- Users of our online offer,
- Interested parties who are interested in our online offer or who contact us for other reasons and
5.2. Users can create a user account. In this account they can create and view their Skillzcard. In the context of the registration, the necessary obligatory data are communicated to the users. This includes only the name, professional activity, place of work, gender and a picture. The user accounts are not public and cannot be indexed by search engines. User accounts can only be found within the platform. If users have cancelled their user account, their data with regard to the user account will be deleted, subject to their safekeeping is necessary for reasons of commercial or tax law in accordance with Art. 6 para. 1 lit. c DSGVO. It is the responsibility of the users to back up their data before the end of the contract if they have terminated it. We are entitled to irretrievably delete all user data stored during the term of the contract. All data can be managed and changed in the protected customer area.
5.3. Furthermore, we store all content published by you in order to operate our online offer. The provision with user-generated content is our contractual service and will only be processed with your consent (legal basis Art. 6 para. 1 lit. a. DSGVO).
5.4. Within the scope of registration and renewed applications as well as the use of our online services, the IP address and the time of the respective user action will be saved. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. This data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c DSGVO.
5.5. We process usage data (e.g. the visited websites of our online offer, interest in our products) and content data (e.g. entries in the contact form or user profile) for advertising purposes in a user profile, in order to show the user e.g. product information based on their previously used services. 6. Contacting When contacting us, the user's details will be used to process the contact request and its handling in accordance with Art. 6 Para. 1 lit. b. DSGVO are processed 7. Comments and contributions 7.1. If users leave comments or other contributions, their IP addresses will be deleted on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO for seven days.
7.2. This is done for our security in case someone leaves illegal content in comments and contributions. In this case we can be prosecuted ourselves for the comment or contribution and are therefore interested in the identity of the author 8. Collection of access data and log files 8.1. On the basis of our legitimate interests within the meaning of Article 6 paragraph 1 lit. f. DSGVO, we collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited site), IP address and the requesting provider.
- A distinction must be made between cookies that are set by the website operator when a user visits a website (also known as "first-party cookies") and cookies that are set by third-party providers (also known as "third-party cookies"). We only have technical control over the first-mentioned cookies. We further differentiate between the following cookies.
- Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed his browser.
- Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. The interests of users used for reach measurement or marketing purposes can also be stored in such a cookie.
- Necessary (also: essential or absolutely necessary) cookies: Cookies can be absolutely necessary for the operation of a website (e.g. to store logins or other user entries or for security reasons).
9.2. We use "session cookies", which are only stored for the duration of your current visit to our website (e.g. to enable the storage of your login status and thus the use of our website). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. In addition, a cookie contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online services and, for example, log out or close the browser.
9.3. If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser.
10.2. Google Inc. is certified under the Privacy-Shield-Agreement and thus offers a guarantee to comply with the European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
10.3. Google will also use this information to evaluate the use of this website by users, to compile reports on the activities within this website and to provide us with further services associated with the use of this website and the internet. Pseudonymous user profiles of the users can be created from the processed data.
10.4. We use Google Analytics only with activated IP anonymization. This means that the IP address of the user is shortened by Google within member states of the European Union or in other states which are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there.
10.5. The IP address transmitted by the user's browser will not be merged with other Google data. Users can prevent the storage of cookies by adjusting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
10.6. You can find further information on data use by Google, setting and objection possibilities on the websites of Google: https://www.google.com/intl/de/policies/privacy/partners ("Data use by Google when you use websites or apps of my partners"), http://www.google.com/policies/technologies/ads ("Data use for advertising purposes"), http://www.google.de/settings/ads ("Manage information that Google uses to show you advertising"). 11. LogRocket 11.1. This website uses functions of the web analytics service "LogRocket". The provider of the web analysis service is LogRocket Inc, B6201, One Kendall Square, Cambridge, MA 02139, USA.
11.2. In the event of technical complications or functional impairments in connection with the operation of the Website, LogRocket will send automatic error reports containing information about the source of the error and its origin. Transmitted are server information as well as usage parameters such as the IP address, the browser used, timestamps and the URL that was accessed.
11.3. The storage of this user behaviour is carried out on the basis of Art. 6 para. 1 lit. a DSGVO in order to optimise our offer on this website.
11.4 LogRocket with headquarters in the USA is certified according to the EU-US Privacy Shield Framework (https://www.privacyshield.gov/participant?id=a2zt00000008RCRAA2&status=Active), so that compliance with the European data protection level can be guaranteed.
12.2. We have no influence on the scope and use of data collected by Facebook through the use of Facebook Connect. To the best of our knowledge, Facebook receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you have a user account with Facebook and are registered, Facebook can assign the visit to your user account. Even if you are not registered with Facebook or have not logged in, it is possible that Facebook will find out and store your IP address and, if necessary, other identifying features.
12.3. We use Facebook Connect to facilitate and shorten the registration and login process. This is also our legitimate interest in the processing of the above data by the third-party provider. The legal basis is Art. 6 para. 1 lit. f. DSGVO. You can prevent processing of the above information by Facebook by using our registration mask and not using Facebook Connect.
12.4. In addition, Facebook has subjected itself to the privacy shield agreement concluded between the European Union and the USA and has certified itself. Facebook thereby undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the entry linked below: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
12.5. Third Party Information: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For more information about the Third Party Provider's privacy practices, please visit the following Facebook website: https://www.facebook.com/about/privacy 13. Newsletter 13.1. With the following information, we will inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the described procedures.
13.2. We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter referred to as "newsletters") only with the consent of the recipients or a legal permission. If, in the course of registering for the newsletter, its contents are specifically described, they are decisive for the consent of the users.
13.3. The registration for our newsletter takes place in a so-called double opt-in procedure. After registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with foreign e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your data stored by the shipping service provider are also logged.
13.5. The shipping service provider is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with the European level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000TRktAAG&status=Active or https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).
13.6. Furthermore, according to its own information, the mail-order service provider may use this data in pseudonymous form, i.e. without allocation to a user, to optimise or improve its own services, e.g. to technically optimise the dispatch and presentation of newsletters or for statistical purposes to determine the countries from which the recipients come. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or pass them on to third parties.
13.7. To subscribe to the newsletter, it is sufficient to provide your e-mail address. Optionally, we ask you to enter a name for the purpose of personal contact in the newsletter.
13.8. The newsletters contain a so-called "web beacon", i.e. a pixel-sized file which is retrieved from the server of the dispatch service provider when the newsletter is opened. Within the scope of this retrieval, technical information such as information on the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined by means of the IP address) or the access times. Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our nor the dispatch service provider's intention to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
13.9. The use of the mail-order service provider, the performance of statistical surveys and analyses and the logging of the registration procedure are based on our legitimate interests in accordance with Art. 6 Para. 1 lit. f DSGVO. We are interested in the use of a user-friendly and secure newsletter system that serves our business interests and meets the expectations of the users.
15.2. Expected Behavior is certified under the Privacy-Shield Agreement and thus offers a guarantee to comply with the European data protection level (https://www.privacyshield.gov/participant?id=a2zt000000001NpAAI&status=Active). 16. Rights of the data subject If personal data are processed by you, you are the data subject within the meaning of the DSGVO and you are entitled to the following rights in relation to the person responsible:
16.1. Right to information
You can request confirmation from the data controller as to whether personal data concerning you is being processed by us. If such processing has taken place, you may request information from the data controller on the following: (1) the purposes for which the personal data are processed; (2) the categories of personal data which are processed; (3) the recipients or (3) the recipients or categories of recipients to whom the personal data relating to you have been or will be disclosed; (4) the envisaged duration of the storage of the personal data relating to you or, if it is not possible to give specific details, criteria for determining the duration of storage (5) the existence of a right of rectification or erasure of personal data relating to you, a right to have the processing limited by the controller or a right to object to such processing; (6) the existence of a right of appeal to a supervisory authority; (7) any available information on the origin of the data when the personal data are not collected from the data subject; (8) the existence of automated decision making, including profiling, in accordance with Art. 22 (1) and (4) DPA and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing on the data subject. You have the right to request information as to whether the personal data concerning you are being transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 FADP in connection with the transfer.
16.2. Right of rectification
You have a right of rectification and/or integration vis-à-vis the controller if the personal data processed concerning you is incorrect or incomplete. The data controller must make the correction without delay.
16.3. Right to limit processing
You have the right to request that the processing of personal data concerning you be limited under the following conditions: (1) if you dispute the accuracy of the personal data concerning you for a period of time which enables the controller to verify the accuracy of the personal data; (2) if the processing is unlawful and you object to the deletion of the personal data and instead request the restriction of the use of the personal data; (3) if the controller no longer needs the personal data for the purposes of the processing but you need them for the purpose of asserting, exercising or defending legal claims; or (4) if you object to the processing pursuant to Art. 21 (1) DSGVO and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons. If the processing of personal data relating to you has been restricted, such data may be processed - apart from storage - only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or of a Member State. If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
16.4. Right to erasure
a) Obligation to erase You may request the controller to erase personal data concerning you without delay and the controller shall be obliged to erase such data without delay if one of the following reasons applies: (1) the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed (2) you revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a FADP, and there is no other legal basis for the processing. (3) You lodge an objection to the processing pursuant to Art. 21(1) DPA and there are no overriding legitimate reasons for the processing, or you lodge an objection to the processing pursuant to Art. 21(2) DPA. (4) The personal data concerning you have been processed unlawfully. (5) The deletion of personal data relating to you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject. (6) The personal data concerning you have been collected in relation to information society services offered in accordance with Article 8(1) of the DPA. b) Information to third parties If the controller has made public the personal data concerning you and is obliged to delete them in accordance with Art. 17 para. 1 FADP, he shall take reasonable measures, including technical measures, taking into account the available technology and implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested them to delete all links to this personal data or copies or replications of this personal data. c) Exceptions The right of erasure shall not apply insofar as the processing is necessary (1) for the exercise of the right to freedom of expression and information; (2) to comply with a legal obligation to which the processing is subject under Union or national law to which the controller is subject or in the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; (3) for reasons of public interest relating to public health pursuant to Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 DPA; (4) for archiving, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Art. 89 para. 1 DPA, insofar as the law referred to in a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing, or (5) for the assertion, exercise or defence of legal claims.
16.5. Right to information
If you have asserted the right to rectification, erasure or limitation of processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort. You have the right vis-à-vis the controller to be informed of these recipients.
16.6. Right to data transferability
You have the right to obtain the personal data concerning you which you have supplied to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer these data to another controller without hindrance by the controller to whom the personal data have been made available, provided that (1) the processing is based on consent pursuant to Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO or on a contract pursuant to Art. 6 para. 1 lit. b DSGVO and (2) the processing is carried out using automated procedures. In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one responsible party to another, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data transferability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
16.7. Right to object
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out pursuant to Article 6 paragraph 1 letter e or f of the DPA; this also applies to profiling based on these provisions. The controller will no longer process the personal data concerning you, unless he can demonstrate compelling reasons for processing which are justified on grounds of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims. If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it is linked to such direct marketing. If you object to processing for the purposes of direct marketing, the personal data concerning you will no longer be processed for those purposes. You have the possibility to exercise your right of objection in relation to the use of information society services, without prejudice to Directive 2002/58/EC, by using automated procedures involving technical specifications.
16.8. Right to revoke your data protection declaration of consent
You have the right to revoke your data protection declaration of consent at any time. Revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until revocation.
16.9. Automated decision in individual cases including profiling
You have the right not to be subjected to a decision based exclusively on automated processing - including profiling - which has legal effect on you or significantly affects you in a similar way. This shall not apply where the decision is (1) necessary for the conclusion or performance of a contract between you and the controller, (2) authorised by Union or national law to which the controller is subject and that law contains adequate measures to safeguard your rights and freedoms and legitimate interests or (3) with your explicit consent. However, such decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 DPA, unless Art. 9 para. 2 lit. a or g applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests. With regard to the cases referred to in (1) and (3), the data controller shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, which shall include at least the right to obtain the intervention of a person from the data controller, to express his or her point of view and to challenge the decision.
16.10. Right to appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to appeal to a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place where the alleged infringement is committed, if you consider that the processing of personal data relating to you is in breach of the DPA. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 DSGVO. 17. Deletion of data 17.1 The data stored with us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage obligations. If the users' data are not deleted because they are required for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax law reasons.