Personal data is any information relating to an identified or identifiable natural person (hereinafter the "data subject"). A natural person is considered to be identifiable if, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, expresses the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person, which can be identified.
Affected person is any identified or identifiable natural person whose personal data are processed by the controller.
Processing means any process or series of operations related to personal data, such as compiling, collecting, organizing, structuring, storing, adapting or modifying, reading, querying, using, with or without the aid of automated procedures; disclosure by submission, dissemination or other form of provision, reconciliation or association, restriction, erasure or destruction.
Restriction of processing
Restriction of the processing is the marking of stored personal data with the aim to limit their future processing.
Profiling is any kind of automated processing of personal data that consists in using that personal information to evaluate certain personal aspects relating to a natural person, in particular aspects relating to job performance, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or relocation of that natural person, to analyse or predict them.
Pseudonymisation is the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the need for additional information, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data not assigned to an identified or identifiable natural person.
The controller or the person responsible for processing
The controller or the person responsible for processing, is the natural or legal person, public authority, body or body that, alone or in concert with others, decides on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, so that the controller or the specific criteria for his designation may be provided under Union or national law.
The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or other entity to whom Personal Data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union or national law in connection with a particular mission are not considered as beneficiaries.
Third party is a natural or legal person, public authority, body or body other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or processor to process the personal data.
Consent is any expression of will voluntarily given by the data subject in an informed and unambiguous manner in the form of a statement or other unambiguous confirmatory act that indicates to the data subject that they are processing personal data concerning them agrees.
Name and contact details of the person responsible and the data protection officer
The person responsible for the processing of personal data pursuant to Art. 4 No. 7 GDPR is:
CEO Dr. Andreas Lüdke, Ralf Scheid
Tel. +49 (0)9127-95 607
Fax +49 (0)9127-57 96 58
Processing of personal data and the nature and purpose of their use
We process personal data only in the legal framework of the relevant legal norms and, if necessary, your consent. Personal data is all information that relates to a natural person or is at least obtainable and thus allow conclusions about the person.
Processing means any process or series of operations related to personal data, such as collecting, compiling, organizing, structuring, storing, adapting or modifying, reading, querying, using, with or without the aid of automated procedures; disclosure by submission, dissemination or other form of provision, reconciliation or association, restriction, erasure or destruction.
Visit the website
When you visit our website, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file.
The following information will be collected and stored without your intervention:
- Name and URL of the retrieved file,
- Date and time of access,
- Website from which access is made (referrer URL),
- used browser and possibly the operating system of your computer as well as the name of your access provider.
- IP address of the requesting computer,
The data mentioned are processed by us for the following purposes:
- Ensuring a smooth connection of the website,
- Ensuring comfortable use of our website,
- Evaluation of system security and stability as well
- for further administrative purposes.
The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the data collection purposes listed above. In no case we use the collected data for the purpose of drawing conclusions about you.
Disclosure of data
A transfer of your personal data to third parties for purposes other than those listed below does not take place. We only share your personal information with third parties if:
- You according to Art. 6 para. 1 sentence 1 lit. a DSGVO have given express consent to this
- disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f DSGVO is required to assert, exercise or defend legal claims and there is no reason to assume that you have a predominantly legitimate interest in not disclosing your data,
- in the event that disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c DSGVO is a legal obligation, as well
- this is permitted by law and according to Art. 6 para. 1 sentence 1 lit. b DSGVO is required for the settlement of contractual relationships with you.
Because we process your personal information, you have the following rights:
According to Art. 15 DSGVO you can request information about your personal data processed by us. In particular, you can demand information on the processing purposes, the category of personal data, the categories of recipients to whom your data has been disclosed, the planned retention period, the right to rectification, deletion, limitation of processing or objection, the existence of a right to complain, the source of their data, if not collected from us, and the existence of automated decision-making including profiling and, where appropriate, meaningful information about their details;
In accordance with Art. 16 DSGVO, you can immediately demand the correction of incorrect or completion of personal data stored by us.
According to Art. 17 GDPR, you may request the deletion of your personal data stored by us, unless the processing for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims is required.
You may demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR, as far as the accuracy of the data is disputed by you, the processing is unlawful, but you reject its deletion and we no longer need the data, but you assert this, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 GDPR.
In accordance with Art. 20 GDPR, you may receive your personal data that you have provided to us in a structured, standard and machine-readable format or request that you send it to another person in charge.
In accordance with Art. 7 para. 3 GDPR, you may at any time revoke your once given consent to us.
As a result, we are no longer allowed to continue the data processing based on this consent for the future.
Right of appeal
You may complain to a supervisory authority in accordance with Art. 77 GDPR if you consider that the processing of your personal data violates data protection regulations. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters.
Right of objection
If your personal data are based on legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f DSGVO are processed, you have the right to file an objection against the processing of your personal data in accordance with Art. 21 DSGVO, provided that there are reasons for this arising from your particular situation or the objection is directed against direct mail. In the latter case, you have a general right of objection, which is implemented by us without specifying any particular situation.
If you would like to exercise your right of revocation or objection, please send us an e-mail
Data protection in applications and in the application process
We process the personal data of applicants for the purpose of processing the application process. The processing can also be done electronically. This is especially the case if an applicant submits the corresponding application documents to us electronically, for example by e-mail or via a web form located on the website. If we conclude a contract of employment with an applicant, the transmitted data will be stored for the purpose of the employment relationship in compliance with the legal requirements. If no employment contract is concluded with the candidate by the controller, the application documents will be automatically deleted two months after the announcement of the rejection decision, unless deletion precludes other legitimate interests of the controller. Other legitimate interest in this sense, for example, a burden of proof in a procedure under the General Equal Treatment Act (AGG).
Duration for which the personal data is stored
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the deadline, the corresponding data is routinely deleted, if they are no longer required to fulfil the contract or to initiate a contract.
Existence of automated decision-making
As a responsible company we refrain from automatic decision-making or profiling.
We use the widely used SSL (Secure Socket Layer) encryption mechanism within visiting the site. Whether a single page of our website is encrypted is shown by the closed representation of the key or lock icon in the lower status bar of your browser.
We also take appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
As of April 2018