Information Duties

pursuant to Art. 13 EU General Data Protection Regulation (GDPR) CeoTronics AG

>>   Information Duties for applicants

 

Below you will find an overview of the collection, processing and use of your data.

CeoTronics AG takes the protection of your personal data very seriously and processes it in accordance with the applicable statutory data protection requirements.

What is personal data?

Personal data is all information that may relate to you personally (e.g. surname, first name, address, etc.).

What is included in this letter?

The following information will give you an overview of the processing of your personal data, which is collected, processed and used by us and on the basis of your data protection rights. Which individual data is collected, processed and used by you depends on the services requested or agreed in each case.

Please also pass on the information contained in the letter to all current or future authorized representatives who may use the services/products of CeoTronics AG.

1. Who is responsible for data collection, processing and use and who can I contact?

Data controller:

CeoTronics AG
Adam-Opel-Straße 6
63322 Rödermark, Germany
Phone: +49 (0)6074 / 8751-0
Email: datenschutz@ceotronics.com

You can contact our external Data Protection Officer at:

wavesun-technologies
Patrick Bäcker
Am Lerchenberg 15
63322 Rödermark, Germany
Phone: +49 (0)6074 / 3709395
Email: info@wavesun-technologies.de

2. Which sources and data do we use and according to which categories are the personal data processed?

We process personal data which we receive from our customers, interested parties, service providers and suppliers in the context of our business relationships. In addition, we process personal data – should this be necessary for the provision of our services – that we permissibly obtain from publicly accessible sources or that is transmitted to us by other companies within CeoTronics AG or by other third parties (e.g. credit agencies).
The following categories of data are processed by us:

  • Master data: e.g. name, first name and department of the contact person, company name, address, telephone, fax and e-mail.

  • Order data: e.g. company name, address, contact person

  • Data for the fulfillment of our contractual obligations: e.g. contract billing and payment data

  • Correspondence (correspondence with you)

  • Communication data

  • Advertising and sales data

  • Planning and control data

  • Other data comparable with the above categories

3. For what purpose and on what legal basis do we process the data?

We process the aforementioned personal data in compliance with the applicable statutory data protection requirements. Processing shall be lawful if at least one of the following conditions is met:

a.) Based on your consent (article 6, para. 1 lit a of the GDPR)

If you have given us permission to process your personal data for specific purposes (e.g. passing on data within the company, using the data for marketing purposes). Your consent is voluntary and can be revoked at any time with effect for the future. This also applies to the revocation of declarations of consent given to us before 2018-05-25.

b.) In order to fulfill contractual obligations or to carry out pre-contractual measures
(Art. 6. para. 1 lit. b of the GDPR)

We process data so that we can fulfill our contractual obligations to provide services for our customers or to carry out pre-contractual measures, which take place on request. The purposes of data processing result primarily from the concrete service/product and can include, among other things, needs analyses and consultations. Further details regarding data processing purposes can be found in the contract documents and General Terms and Conditions.

c.) Based on legal requirements (article 6, para. 1 lit c of the GDPR)

CeoTronics AG is subject to various legal obligations, which entails legal requirements (e.g. commercial and tax retention periods in accordance with the German Tax Code and the German Commercial Code). The purposes of processing also include the fulfillment of control and reporting obligations under tax law as well as risk assessment and control within the company.

As part of the balancing of interests (article 6, para. 1 (f) of the GDPR)

If necessary, we shall process your data beyond the actual fulfillment of the contract to protect the legitimate interests of the data controller or a third party. Examples are:

  • Prevention of criminal offenses

  • Measures for building security (e.g. access control)

  • Ensuring IT operation and security

  • Measures to secure the householder's title

  • Advertising (e.g. direct advertising) or market and opinion research, insofar as you have not objected to the use of your data

  • Assertion of legal claims and defense in legal disputes

  • Consultation of and data exchange with credit agencies

4. Who receives my data?

(Categories of recipients of personal data)

Within CeoTronics AG, the departments that require it to fulfill our contractual and legal obligations have access authorization. CeoTronics AG may also use carefully selected service providers who comply with data protection regulations to obtain data for these purposes. These are mainly companies in the categories:

  • Payment transactions
  • Settlement
  • IT service provider
  • Consultation
  • Sales and Marketing
  • Service providers within the framework of contract processing relationships

When passing on data to other recipients, we may only pass on information about you if this is required by law, if you have consented to the data being passed on or if we are authorized to do so. Recipients of personal data include, but are not limited to:

  • Public bodies or institutions (e.g. tax authorities, supervisory authorities) in the event of a statutory or official obligation
  • Other companies or comparable institutions (e.g. manufacturing companies) to which we transfer your personal data in order to realize business relationships
  • Other companies within CeoTronics AG (e.g. CT-Video GmbH)

Other data recipients may be places for which you have given us your consent.

5. Is data transferred to third countries?

An active transfer of personal data to third countries only takes place if this is necessary for the execution of your orders or is stipulated by law.

6. For how long is my personal data stored?

Your personal data will only be stored as long as is necessary for the fulfillment of our contractual and legal obligations.

If the data is no longer necessary for the fulfillment of contractual or legal obligations, it will be deleted regularly unless temporary and limited further processing is necessary for the following purposes:

  • Compliance with commercial and tax retention periods: These include the German Commercial Code (HGB) and the German Tax Code (AO). The storage periods stipulated therein are up to 10 years.
  • Preservation of evidence within the framework of the legal provisions related to limitation periods. According to articles 195 et seq. of the German Civil Code (BGB), the regular limitation period is three years, and, in special circumstances, up to 30 years.
  • Compliance with storage obligations under telecommunications law in accordance with the German Telecommunications Act (TKG) and other laws.

7. What is the obligation to provide and what are the consequences of not providing data?

As part of our business relationship, you must provide the personal information necessary to establish and conduct a business relationship and to fulfill the contractual obligations associated therewith, or which we are required to collect by law. Without this information, we will generally not be able to enter into or execute the contract with you.

8. Is there automated decision making (including profiling)?

In principle, we do not use fully automated decision-making pursuant to article 22 of the GDPR for the establishment and implementation of business relationships. Should we use this procedure in individual cases, we will inform you of this separately if this is required by law.

9. What data protection rights do I have?

You have the following rights:
-  pursuant to Art. 7 para. 3 GDPR, you have the right to revoke your consent at any time with effect for the future. The consequence of this is that we may no longer continue the data processing based on this consent in the future;
- pursuant to Art. 15 GDPR, the right to request free information about the personal data processed by us concerning your person;
- pursuant to Art. 16 GDPR, the right to immediately request the correction of incorrect or incomplete personal data processed by us;
- pursuant to Art. 17 GDPR, the right to demand the deletion of your personal data stored by us, unless processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- pursuant to Art. 18 GDPR, the right to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims, or you have lodged an objection against the processing pursuant to Art. 21 GDPR;
- pursuant to Art. 20 GDPR, the right to receive the personal data you have provided to us in a structured, common and machine-readable format or to request transmission to another responsible person; and
- to complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company.
Right of objection (Art. 21 GDPR):
As far as the processing of your data for the protection of justified interests takes place, you have the right to object to this processing at any time under our contact details given above if your particular situation gives rise to reasons that prevent this data processing. We will then terminate this processing unless it serves overriding interests worthy of protection on our part.
Right to object to the processing of data for direct marketing purposes: In individual cases, we process your personal data in order to instigate direct advertising. You have the right to object to the processing of your personal data for the purpose of such advertising at any time under the contact details given above.
If you object to the processing for the purposes of direct marketing, we will no longer process your personal data for these purposes in future.
   

Information sheet pursuant to Art. 13 EU data protection basic regulation (DSGVO) of CeoTronics AG for applicants

Below you will find an overview of the collection, processing and use of your data.
CeoTronics AG takes the protection of your personal data very seriously and processes it in accordance with the applicable statutory data protection requirements.

1. Who is responsible for data collection, processing and use and who can I contact?

1.1 is responsible:

CeoTronics AG
Adam-Opel-Straße 6
63322 Rödermark, Germany
Phone: +49 (0)6074 / 8751-0
Email: datenschutz@ceotronics.com


1.2 You can reach our external data protection officer at:

wavesun-technologies
Patrick Bäcker
Am Lerchenberg 15
63322 Rödermark, germany
Phone +49 (0)6074 / 3709395
Email: info@wavesun-technologies.de

2. Which sources and data do we use and according to which categories are the personal data processed?

2.1 Origin of data: The data are collected directly from you.

2.2 Relevant data categories are:

- Personal details (surname, first name, date of birth, gender, etc.)
- Address and contact data (address, telephone number, email address)
- Application data (e.g. certificates, curriculum vitae, knowledge of the job advertised)
- Account data in travel expense reimbursement cases
- Other data that you voluntarily make available to us


3. For what purpose and on what legal basis do we process the data?

3.1 These data shall be collected

- to establish an apprenticeship, trainee, working student or employment relationship;
- to correspond with you;
- to process payments;
- to meet our legal obligations;
- in order to be able to process any existing liability claims and to be able to make claims against you.


3.2 Legal basis of the processing:

Art. 6 para. 1 lit. b GDPR, Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 BDSG-new (German Federal Data Protection Act) for the establishment or execution of the contractual relationship.

4. Who receives my data?
    (Categories of recipients of personal data)

4.1 Within CeoTronics AG, only authorized employees have access to your application data, which they need to fulfill our contractual and legal obligations. All selection decisions are made on a case-by-case basis, not automatically (Art. 22 GDPR).

4.2 Data may be transmitted to, for example, our tax consultant or viewed by our internal IT department and externally engaged companies during the maintenance and servicing of our hardware, software, hosting of our website, service providers for the destruction of documents and data carriers as well as other service providers within the scope of order processing relationships (pursuant to Art. 28 GDPR), insofar as this is necessary for technical reasons for the maintenance of the IT infrastructure, IT security, contractual or legal requirements (within the scope of our legitimate interest pursuant to Art. 6 para. 1 lit. f).  All employees and external service providers are bound to secrecy in writing / contractually and may only process data according to written instructions.

4.3 In addition, third parties may receive data for certain purposes if this is required by law as part of your application (e.g. notification to the Federal Employment Agency)
(pursuant to Art. 6 para. 1 lit. c DS Block Exemption Regulation).

5. How long will my personal data be stored?

5.1 The data will be deleted 6 months after the end of the application procedure if no employment takes place.

5.2 Any storage extending beyond this will take place if you have given us your consent (pursuant to Art. 6 para. 1 lit. a GDPR) or

5.3 we are required by tax and commercial law to keep records and documentation in accordance with


(e.g. § 257 Commercial Code, § 147 Fiscal Code), Principles for the Proper Electronic Storage of Books, Records and Documents (GoBD), Social Code (SGB), General Equal Treatment Act (AGG) and other relevant laws are obliged to a longer storage (pursuant to Art. 6 para. 1 lit. c DS Block Exemption Regulation).

6. What data protection rights do I have?

You have the following rights:
- pursuant to Art. 7 para. 3 GDPR, you have the right to revoke your consent at any time with effect for the future. The consequence of this is that we may no longer continue the data processing based on this consent in the future;
- pursuant to Art. 15 DS-GVO the right to request free information about the personal data processed by us concerning your person;
- pursuant to Art. 16 GDPR, you have the right to immediately request the correction of incorrect or incomplete personal data processed by us;
- pursuant to Art. 17 GDPR the right to demand the deletion of your personal data stored by us, unless processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- pursuant to Art. 18 GDPR, you have the right to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing pursuant to Art. 21 GDPR;
- pursuant to Art. 20 GDPR, you have the right to receive the personal data you have provided to us in a structured, common and machine-readable format or to request transmission to another responsible person; and
- to complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company.
Right of objection (Art. 21 GDPR):
If your data is processed to safeguard legitimate interests, you have the right to object to this processing at any time using the contact data provided above if your particular situation gives rise to reasons that oppose this data processing. We will then terminate this processing unless it serves overriding interests worthy of protection on our part.

7. Is data transferred to third countries?

Data will only be transferred to countries outside the EU or the EEA (so-called third countries) if this is necessary or legally required (e.g. tax or other reporting requirements) to initiate and, if necessary, conclude an employment contract or another contract with you or third parties as part of your application, if you have given us your consent or as part of order processing pursuant to Art. 28 GDPR. If service providers in a so-called third country are included, they are bound by written instructions and obliged to comply with the data protection level in Europe by an agreement of the EU standard contract clauses.

8. What is the obligation to provide data and what are the consequences of not providing data?

The provision of personal data is necessary for the initiation and, if necessary, conclusion of an employment contract or another contract with you or third parties within the framework of your application for the above-mentioned purposes of data processing and the legal basis for processing the data. Without this personal data we are not in a position to process your application and, if applicable, conclude a contract with you.