Data protection
1. General information
1.1 Objective and responsibility
This Privacy Policy contains information about the type, scope and purpose of the processing of personal data in relation to our online services and the associated websites, functions and content (hereinafter jointly referred to as “online services” or “website”). Details of these processing activities can be found in section 2.
Detailed information on the data processing that takes place within the scope of our business processes can be found in section 3.
The provider of the website and the data controller is REMBE® Advanced Services + Solutions GmbH Consulting. Engineering. Products. Service (Zur Heide 35, 59929 Brilon, Germany) – hereinafter referred to as “Provider”, “we” or “us”.
Our website is provided by Host Europe GmbH (c/o WeWork, Friesenplatz 4, 50672 Cologne, Germany).
Our data protection officer is Sven Meyzis – IT.DS Consulting (phone: 0049 40-21091514 / email: s.meyzis@itdsb.de).
The term “user” includes all customers and users of the website.
1.2 Legal basis
We collect and process personal data in accordance with the following legal principles:
Consent pursuant to Article 6(1)(a) of the General Data Protection Regulation (GDPR). Consent is any freely given specific, informed and unambiguous indication – in the form of a statement or other unambiguous affirmative act – via which the data subject signifies his or her agreement to the processing of personal data relating to him or her.
he necessity of the processing for the performance of the contract or the implementation of preparatory measures in accordance with Article 6(1)(b) GDPR, i.e. we require the data in order to fulfil our contractual obligations towards you or we need the data to prepare for the conclusion of a contract with you.
Data processing for the fulfilment of a legal obligation pursuant to Article 6(1)(c) GDPR, i.e. if the data processing is required, e.g. due to a law or other regulations.
Data processing in accordance with our legitimate interests pursuant to Article 6(1)(f) GDPR, i.e. if the processing is necessary to protect our legitimate interests or the legitimate interests of third parties, unless such interests are overridden by your interests or fundamental rights and freedoms which require the protection of your personal data.
1.3 Rights of data subjects
You have the following rights in relation to our data processing activities:
- Right of appeal to a supervisory authority pursuant to Article 13(2)(d) GDPR; and Article 14(2)(e) GDPR.
- Right of access pursuant to Article 15 GDPR
- Right of rectification pursuant to Article 16 GDPR
- Right to erasure (“right to be forgotten”) pursuant to Article 17 GDPR
- Right to restriction of processing pursuant to Article 18 GDPR
- Right to data portability pursuant to Article 20 GDPR
- Right to object pursuant to Article 21 GDPR
Note: Users can object to the processing of their personal data in accordance with the legal requirements at any time with effect for the future. The objection can in particular be raised against any data processing for the purpose of direct advertising.
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
1.4 Data deletion and storage period
The personal data relating to the data subject shall be deleted or blocked as soon as the purpose of the storage ceases to apply. In addition, it may be stored if such storage has been stipulated by the European or national legislator in Union regulations, laws or other provisions to which the data controller is subject. The data shall also be blocked or deleted if a storage period prescribed in accordance with the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.
1.5 Safety of processing
We have implemented appropriate, state-of-the-art technical and organisational security measures (TOMs). As a result, the data processed by us is protected against accidental or intentional manipulation, loss, destruction and unauthorised access.
In particular, these security measures include the encrypted transmission of data between your browser and our server.
1.6 Data transfer to third parties, subcontractors and third-party providers
Personal data is only transferred to third parties within the framework of the statutory requirements. We only share users’ data with third parties if this is necessary; for example, for billing purposes or for other purposes if the transfer is necessary to fulfil contractual obligations vis-à-vis users.
If we use subcontractors to provide our online services, we have taken appropriate contractual precautions and corresponding technical and organisational measures vis-à-vis these companies.
If we use content, tools or other services provided by other companies (hereinafter collectively referred to as “third-party providers”) and their registered office is located in a third country, it is to be assumed that a data transfer takes place to the third-party providers’ countries of domicile. The transfer of personal data to third countries by us will only take place subject to an adequate level of data protection, user consent or corresponding legal authorisation.
2. Processing within the scope of our online services
2.1 Collection of information on the use of the website
When a user accesses the website, information is automatically transmitted to us via the user’s browser; this includes the name of the accessed website, the file, the date and time of access, the amount of data transferred, a notification of successful access, the browser type and version, the user’s operating system, the referrer URL (the previously visited page), the IP address and the requesting provider.
This information is processed on the basis of our legitimate interests pursuant to Article 6(1)(f) GDPR (e.g. optimisation of the website) as well as to ensure the security of the processing pursuant to Article 5(1)(f) GDPR (e.g. for protection against and investigation of cyberattacks).
This information is automatically deleted 30 days after termination of the connection – i.e. the use of the website – provided that there are no other retention periods that go beyond this.
The collection of this data and the storage of this data in log files is absolutely necessary for the provision of the website. Therefore, the user cannot delete, object to or correct this data.
2.2 Contact form and contact by email
When contacting us (via online form or email), the data provided by the user is processed exclusively for the purpose of handling the enquiry and its processing.
Any other use of the data only takes place on the basis of the user’s consent.
2.3 Links to other websites
While using some of our services (e.g. in the “Jobs” section), you will be automatically redirected to other websites.
Please note that such websites are not subject to this Privacy Policy. The privacy policy of each linked website may differ significantly from this one.
2.4 Consent via Borlabs Cookie
Our website uses Borlabs Cookie Consent technology to obtain your consent to the storage of certain cookies in your browser or to the use of certain technologies and to document this in accordance with data protection law. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg (hereinafter “Borlabs”).
When you access our website, a Borlabs cookie is stored in your browser, which stores the types of consent you have granted or revoked. This data is not shared with the provider of the Borlabs cookie.
The collected data is stored until you ask us to delete it, delete the Borlabs cookie yourself or the purpose for storing the data no longer applies. Any mandatory statutory retention obligations shall remain unaffected. Details of Borlabs Cookie data processing can be found at en.borlabs.io/kb/what-data-stores-borlabs-cookie
The Borlabs cookie consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6(1)(c) GDPR.
Processing cookies
2.5 Information about Google services
We use various services provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland on our website.
Detailed information on the specific individual Google services that we use on this website can be found elsewhere in this Privacy Policy.
Through the integration of Google services, Google may collect and process information (including personal data). It cannot be ruled out that Google will also transmit this information to a server in a third country.
The transfer of data to the USA depends on the feature via which the personal data was provided. As the data controller, we may transfer data to Google in the USA for further use.
There is currently no adequacy decision pursuant to Art. 45 GDPR. However, the transfer may be based on Standard Contractual Clauses. Google has committed to comply with the Standard Contractual Clauses (SCC) for the transfer of personal data to third countries.
More information on the Standard Contractual Clauses is available at
ec.europa.eu/info/law/law-topic/data-protection
and
policies.google.com/privacy/frameworks
We cannot directly influence what data Google actually collects and processes. However, Google states that, in principle, the following information (including personal data) may be processed, as well as other data:
- Log data (in particular the IP address)
- Site-related information
- Unique application numbers
- Cookies and similar technologies
- Information on the types of cookies used by Google can be found at policies.google.com/technologies/types.
If you are logged into your Google Account, Google may add the processed information to your account and treat it as personal data, depending on your account settings.
Google states the following about this, among other things:
“If you are not signed into a Google Account, we store the data we collect with unique identifiers associated with the browser, app or device you are using. This allows us to ensure, for example, that your language settings are retained across all browsing sessions.
If you are logged into a Google account, we also collect data that we store in your Google account and consider to be personal data.” (privacy.google.com/take-control)
You can prevent this data from being added directly by logging out of your Google account or by configuring the corresponding account settings in your Google account. Furthermore, you can change your cookie settings (e.g. delete cookies, block cookies, etc.).
You can find more detailed information in Google’s privacy policy, which you can access here:
www.google.com/policies/privacy/
You can find information on Google’s privacy settings at privacy.google.com/take-control
2.6 Google Analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited (Gordon House Barclays Dublin Ireland – hereinafter “Google”), on the basis of your consent for the analysis, optimisation and economic operation of our online services in accordance with Article 6(1) (a) GDPR. Google uses cookies and other technologies. The information generated by the service about the use of the online service by the users is transmitted to a Google server in the USA and processed there.
Google acts on our behalf within the framework of contract data processing pursuant to Article 28 GDPR. We have entered into a data protection agreement with Google that includes the EU standard data protection clauses.
We use Google Analytics with IP anonymisation enabled.
Google Analytics stores cookies in your web browser for a period of two years from the time of your last visit. These cookies contain a randomly generated user ID that can be used to recognise you if you visit the website again in the future. Users can prevent the storage of cookies by configuring their browser software accordingly; users can also prevent the collection of the data generated by the cookie and related to their use of the online service by Google as well as the processing of this data by Google by downloading and installing the browser plugin via the following link: tools.google.com/¬dlpage/gaoptout
The collected data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely.
Further information on Google’s use of data, settings and withdrawal options can be found on Google’s websites:
- policies.google.com/technologies/partner-sites?hl=de (“Data use by Google when you use our partners’ websites or apps”).
- policies.google.com/technologies/ads (“Data use for advertising purposes”)
- adssettings.google.com/authenticated (“Managing information Google uses to serve ads to you”).
2.7 Google Fonts
In order to display our content correctly and in a graphically appealing manner across browsers, we use “Google Web Fonts” from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”) to display fonts on this website.
The privacy policy of the library operator (Google) can be found here: www.google.com/policies/privacy/
The retrieval of script libraries or font libraries automatically triggers a connection to the library operator. It is theoretically possible – although it is currently unclear whether and for what purposes – that the operator collects Google data in this case. Google processes your data in the USA.
We do not collect any personal data through the integration of Google Web Fonts.
The legal basis for the processing is your express consent in accordance with Art. 6(1)(a) GDPR.
2.8 Google Tag Manager
We use the Google Tag Manager on our website. The Google Tag Manager is a service provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The Google Tag Manager enables us to integrate various codes and services on our website in an orderly and simplified manner. The Google Tag Manager implements the tags or “triggers” the embedded tags. When a tag is triggered, Google may process information (including personal data). It cannot be ruled out that Google will also transmit this information to a server in a third country.
Information on the standard contractual clauses and the transmission of data by us to Google in the USA and other relevant data processing by Google in the context of the use of Google services can be found in section 2.5 of this Privacy Policy (“Information on Google services”).
In particular, the following personal data is processed by the Google Tag Manager:
- Online identifiers (including cookie identifiers)
- IP address
Furthermore, you can find more detailed information about the Google Tag Manager on the website www.google.de/tagmanager/use-policy
and
www.google.com/intl/de/policies/privacy (Data we receive based on your use of our services“).
Furthermore, we have concluded an order processing contract with Google for the use of the Google Tag Manager (Art. 28 GDPR). Google processes the data on our behalf in order to trigger the stored tags and display the services on our website. Google may transfer this information to third parties if required to do so by law, or if such third parties process the information on Google’s behalf.
If you have deactivated individual tracking services (e.g. by setting an opt-out cookie), the deactivation will remain in place for all affected tracking tags that are integrated via the Google Tag Manager.
By integrating the Google Tag Manager, we pursue the purpose of being able to carry out a simplified and clear integration of various services. In addition, the integration of the Google Tag Manager optimises the loading times of the respective services.
The legal basis for the processing of personal data described here in the context of the measurement procedure is your express consent pursuant to Art. 6(1)(a) GDPR.
The legal basis for the processing of data in the context of obtaining your consent is our legitimate interest pursuant to Art. 6(1)(f) GDPR. We have a legitimate interest in being able to prove that you have given your consent to the measurement procedure (Art. 7(1) GDPR).
2.10 Youtube
We use the provider YouTube to embed videos. The videos in question were embedded in the extended data protection mode.
The legal basis for the processing is your consent in accordance with Art. 6(1)(a) GDPR.
YouTube’s website uses cookies to collect information about the users of its website. YouTube uses this, among other things, to collect video statistics, prevent fraud and improve the user experience.
By using YouTube, a connection is established with the Google DoubleClick network. When you start the video, this may trigger further data processing operations. Such operations are outside of our control.
For more information about privacy at YouTube, please see their privacy policy at:
www.youtube.com/t/privacy_at_youtube
In connection with the use of YouTube, additional services are downloaded; these include in particular: Google.com, Google Photos (ggpht.com)
3. Processing for the purpose of carrying out our business processes
3.1 Job applications
For reasons of easier readability, the simultaneous use of masculine, feminine and diverse forms of language is dispensed with here – for the following reason: all references to people apply equally to all genders: m/f/d.
3.1.1 Direct applications
We offer you the opportunity to apply to us directly (e.g. by email or post). In the following, you will find information about the scope, purpose and use of your personal data that is collected as part of the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection laws and all other statutory provisions, and that your data will be treated in strict confidence.
Scope and purpose of data collection
If you send us an application, we will process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) to the extent necessary to decide whether to offer you an employment contract. The legal basis for this is § 26 BDSG (initiation of an employment relationship), Art. 6(1)(b) GDPR (general contract initiation) and – if you have given your consent – Art. 6(1)(a) GDPR. You can revoke your consent at any time. Your personal data will only be shared with individuals within our company who are involved in processing your application.
If your application is successful, the data submitted by you will be stored in our data processing systems on the basis of section 26 of the German Data Protection Act (BDSG) and Art. 6(1)(b) GDPR for the purpose of implementing the employment relationship.
Retention period for the data:
If we are unable to make you a job offer, or if you reject a job offer or withdraw your application, we reserve the right to retain the data you have provided on the basis of our legitimate interests (Art. 6(1)(f) GDPR) for up to six months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and your physical application documents will be destroyed. The stored data serves in particular as evidence in the event of a legal dispute. Should it become evident that the data will be required after the six-month period (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for its continued storage no longer applies.
It may also be stored for a longer period if you have given your consent to this (Art. 6(1)(a) GDPR) or if statutory storage obligations prohibit its deletion.
3.1.2 Admission to the applicant pool
If we do not make you a job offer, we may be able to include you in our pool of applicants. If you agree to this, all documents and details relating to your application will be transferred to the applicant pool so that we can contact you in case of suitable vacancies.
Your inclusion in the applicant pool is based exclusively on your express consent (Art. 6(1)(a) GDPR). The granting of this consent is voluntary and is not related to the current application process. The data subject may revoke his/her consent at any time. In this case, their data will be irrevocably deleted from the applicant pool, unless there are legal reasons for its retention.
Your data will be irrevocably deleted from the applicant pool no later than 12 months after your consent was granted.
3.1.3 Applicant management software
The data transmitted as part of your application in the online application process is transmitted via TLS encryption and stored in a database. This database is operated by Personio GmbH, which offers personnel administration and applicant management software (www.personio.de/impressum)
In this context, Personio is our processor in accordance with Art. 28 GDPR. The basis for the processing is a data processing contract concluded between us as the data controller and Personio.
Information about data protection at Personio can be found at: www.personio.de/datenschutzerklaerung
4. Cookie-Policy
4.1 General information
Cookies are pieces of information that are transmitted from our web server or third-party web servers to the users’ web browsers and stored there for later retrieval. Cookies may be small files or other types of information storage.
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in their browser settings. Stored cookies can be deleted via the browser settings. The blocking of cookies may limit the functionality of this website.
4.2 Cookie overview, opt-out
For an up-to-date overview of the cookies used on this website, please refer to the Consent Management Platform “Borlabs Cookie” (see paragraph 2.4.).
This platform also enables you to manage specific types of consent and your preferences (footer menu: “Individual data protection settings”).
5. Changes to this privacy policy
We reserve the right to change this Privacy Policy with regard to data processing in order to adapt it to changed legal situations and/or to changes to the website or our data processing activities.
Insofar as the user’s consent is required or components of the Privacy Policy contain provisions governing our contractual relationship with the user, the changes shall only be implemented with the user’s consent.
Users are requested to inform themselves at regular intervals about the details of this Privacy Policy.
Last updated: May 2023