Privacy Policy
1. Data Protection at a Glance
General InformationThe following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified. Detailed information on data protection can be found in our privacy policy listed below this text.
Data Collection on This Website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find their contact details in the section “Note on the Responsible Party” in this privacy policy.
How do we collect your data?
Your data is collected in part by you providing it to us. This may include data you enter into a contact form.
Other data is collected automatically or with your consent when you visit the website through our IT systems. These are primarily technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.
What do we use your data for?
Part of the data is collected to ensure the website is provided without errors. Other data may be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right to receive information free of charge at any time about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. Furthermore, you have the right to request the restriction of the processing of your personal data under certain circumstances. You also have the right to lodge a complaint with the competent supervisory authority.
You can contact us at any time regarding this and other questions on the topic of data protection.
2. Hosting
We host the content of our website with the following provider:
External Hosting
This website is hosted externally. The personal data collected on this website is stored on the servers of the host(s). This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access, and other data generated via a website.
External hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast, and efficient provision of our online offering by a professional provider (Art. 6 para. 1 lit. f GDPR). If consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Our host(s) will only process your data to the extent necessary to fulfill their service obligations and follow our instructions regarding this data.
We use the following host:
ALL-INKL.COM – Neue Medien Münnich
Owner: René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany, Phone: +49 (6652) 793948-0
Data Processing Agreement
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a legally required contract that ensures that the service processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
3. General Notes and Mandatory Information
Data Protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
When you use this website, various personal data are collected. Personal data is data by which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens.
We point out that data transmission over the Internet (e.g., communication by email) can have security vulnerabilities. Complete protection of data from access by third parties is not possible.
Note on the Responsible Party
The responsible party for data processing on this website is:
ERT Solutions GmbH, Zum Wolfsgraben 5, D-36088 Hünfeld, Phone: +49 (0) 6652 79 39 48 - 480
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).
Storage Duration
Unless a more specific storage period is stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, deletion will occur after these reasons cease to apply.
General Information on the Legal Basis for Data Processing on This Website
If you have consented to data processing, we process your personal data based on Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data under Art. 9(1) GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, data processing is also based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), data processing is additionally based on § 25(1) TTDSG. Consent can be revoked at any time.
If your data is necessary for the performance of a contract or for pre-contractual measures, we process your data based on Art. 6(1)(b) GDPR. Furthermore, we process your data if required to fulfill a legal obligation based on Art. 6(1)(c) GDPR. Data processing may also be based on our legitimate interest under Art. 6(1)(f) GDPR. The relevant legal basis in each individual case is explained in the following sections of this privacy policy.
Data Protection Officer
We have appointed a data protection officer:
TOSIT GmbH
Ludwig-Erhard-Straße 2, D-36088 Hünfeld, www.tosit.eu, Phone: +49 (0) 6652 9697-6100, Email: dsb@tosit.eu
Note on Data Transfer to Countries with Inadequate Data Protection and to US Companies Not Certified Under the DPF
We use tools from companies based in countries with inadequate data protection as well as US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to and processed in these countries. We point out that in countries with inadequate data protection, no level of data protection comparable to that of the EU can be guaranteed.
We note that the USA is generally considered a safe third country with a level of data protection comparable to that of the EU. Data transfer to the USA is permissible if the recipient is certified under the “EU-US Data Privacy Framework” (DPF) or has suitable additional safeguards. Information on transfers to third countries, including data recipients, can be found in this privacy policy.
Recipients of Personal Data
In the course of our business activities, we cooperate with various external parties. This may also involve the transfer of personal data to these external parties. We only transfer personal data to external parties if this is necessary for the fulfillment of a contract, if we are legally obliged to do so (e.g., transfer of data to tax authorities), if we have a legitimate interest under Art. 6(1)(f) GDPR in the transfer, or if another legal basis permits the data transfer.
When using processors, we only transfer personal data of our customers based on a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.
Revocation of Your Consent to Data Processing
Many data processing operations are only possible with your explicit consent. You may revoke consent already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to Object to Data Collection in Special Cases and to Direct Advertising (Art. 21 GDPR)
IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RELEVANT LEGAL BASIS FOR PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).
Right to Lodge a Complaint with the Competent Supervisory Authority
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, place of work, or the place of the alleged infringement. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.
Right to Data Portability
You have the right to receive data that we process automatically based on your consent or in fulfillment of a contract, in a common, machine-readable format, and to have it transmitted to yourself or to a third party. If you request the direct transfer of the data to another controller, this will only be done if technically feasible.
SSL or TLS Encryption
For security reasons and to protect the transmission of confidential content—such as orders or inquiries you send to us as the site operator—this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the browser’s address line changes from “http://” to “https://” and by the lock icon in your browser bar.
When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Objection to Promotional Emails
We hereby object to the use of contact data published within the scope of the legal notice obligation for sending unsolicited advertising and information materials. The operators of this website expressly reserve the right to take legal action in the event of unsolicited promotional information, such as spam emails.
Cookies
Our websites use so-called “cookies.” Cookies are small data packets that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit. Persistent cookies remain stored on your device until you delete them or your web browser deletes them automatically.
Cookies can be set by us (first-party cookies) or by third-party companies (third-party cookies). Third-party cookies allow the integration of certain services provided by third parties within websites (e.g., cookies for processing payment services).
Cookies serve various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or displaying videos). Other cookies may be used to analyze user behavior or for advertising purposes.
Cookies that are necessary for the electronic communication process, for providing certain functions you desire (e.g., the shopping cart function), or for optimizing the website (e.g., cookies for measuring web audience) are stored based on Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent has been requested for the storage of cookies and similar recognition technologies, processing is based exclusively on this consent (Art. 6(1)(a) GDPR and § 25(1) TTDSG); consent can be revoked at any time.
You can configure your browser to inform you about the setting of cookies, allow cookies only in individual cases, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.
You can find out which cookies and services are used on this website in this privacy policy.
Consent with Usercentrics
This website uses the consent technology of Usercentrics to obtain your consent for storing certain cookies on your device or for using specific technologies in a data protection-compliant manner. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, website: https://usercentrics.com (hereinafter referred to as “Usercentrics”).
When you enter our website, the following personal data is transmitted to Usercentrics:
Usercentrics also stores a cookie in your browser to assign the given consents or their revocation. The collected data is stored until you request deletion, delete the Usercentrics cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention periods remain unaffected.
The Usercentrics banner on this website was configured using eRecht24. You can recognize this by the eRecht24 logo displayed in the banner. To display the logo, a connection to the eRecht24 image server is established. The IP address is transmitted in this process, but it is only stored in anonymized form in the server logs. The image server is located in Germany with a German provider. The banner itself is provided exclusively by Usercentrics.
The use of Usercentrics is intended to obtain the legally required consents for the use of certain technologies. The legal basis is Art. 6(1)(c) GDPR.
Data Processing Agreement
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a legally required contract that ensures the service processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Server Log Files
The provider of these pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:
This data is not merged with other data sources.
The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of the website – for this purpose, the server log files must be collected.
Contact via Email, Telephone, or Fax
If you contact us via email, telephone, or fax, your inquiry, including all resulting personal data (e.g., name, inquiry), will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.
The processing of this data is based on Art. 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary for pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively handling inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if requested; consent can be revoked at any time.
The data you send to us via contact requests will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been fully processed). Mandatory legal provisions—especially retention periods—remain unaffected.
Google Fonts (Local Hosting)
This site uses Google Fonts for the uniform display of fonts, provided by Google. The Google Fonts are locally installed. No connection to Google servers is established.
More information about Google Fonts can be found at:https://developers.google.com/fonts/faqand in Google’s privacy policy:https://policies.google.com/privacy?hl=en
Font Awesome
This site uses Font Awesome for the uniform display of fonts and icons. The provider is Fonticons, Inc., 6 Porter Road Apartment 3R, Cambridge, Massachusetts, USA.
When you access a page, your browser loads the required fonts into its cache to correctly display texts, fonts, and icons. To do this, your browser must connect to Font Awesome’s servers. This allows Font Awesome to know that your IP address accessed this website. The use of Font Awesome is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the uniform presentation of the typeface on our website. If consent has been requested, processing is carried out exclusively based on Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
If your browser does not support Font Awesome, a standard font from your computer will be used.
More information about Font Awesome can be found in their privacy policy:https://fontawesome.com/privacy
OpenStreetMap
We use the map service OpenStreetMap (OSM).
We integrate OpenStreetMap using our own (tile) server. When accessing the map material, no connection to third-party servers is established.
The use of OpenStreetMap is in the interest of an appealing presentation of our online offerings and easy location of the places indicated on the website. This constitutes a legitimate interest pursuant to Art. 6(1)(f) GDPR. If consent has been requested, processing is carried out exclusively based on Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Handling Applicant Data
We offer you the opportunity to apply to us (e.g., via email, postal mail, or online application form). Below we inform you about the scope, purpose, and use of your personal data collected during the application process. We assure you that the collection, processing, and use of your data is carried out in accordance with applicable data protection laws and all other legal provisions, and that your data is treated strictly confidentially.
Scope and Purpose of Data Collection
If you send us an application, we process your associated personal data (e.g., contact and communication data, application documents, notes from interviews, etc.) to the extent necessary to decide on the establishment of an employment relationship. The legal basis is § 26 BDSG under German law (initiation of an employment relationship), Art. 6(1)(b) GDPR (general contract initiation), and—if you have given consent—Art. 6(1)(a) GDPR. Consent can be revoked at any time. Your personal data will only be shared within our company with individuals involved in processing your application.
If the application is successful, the data you submitted will be stored in our data processing systems for the purpose of carrying out the employment relationship based on § 26 BDSG and Art. 6(1)(b) GDPR.
Retention Period of Data
If we are unable to offer you a position, you reject a job offer, or withdraw your application, we reserve the right to retain the data you submitted based on our legitimate interests (Art. 6(1)(f) GDPR) for up to 6 months after the end of the application process (rejection or withdrawal). The data will then be deleted, and physical application documents destroyed. Retention serves in particular as evidence in the event of a legal dispute. If it is apparent that the data will be needed after the 6-month period (e.g., due to a pending legal dispute), deletion will occur once the purpose for further retention no longer applies.
Longer retention may also occur if you have given consent (Art. 6(1)(a) GDPR) or if legal retention obligations prevent deletion.
Inclusion in the Applicant Pool
If we do not offer you a position, there may be an option to include you in our applicant pool. In this case, all documents and information from your application will be transferred to the applicant pool to contact you in case of suitable vacancies.
Inclusion in the applicant pool is based solely on your explicit consent (Art. 6(1)(a) GDPR). Giving consent is voluntary and unrelated to the current application process. You may revoke your consent at any time. In this case, the data from the applicant pool will be irrevocably deleted unless legal retention obligations exist.
Data from the applicant pool will be irrevocably deleted no later than two years after consent is given.
