PRIVACY POLICY

 

PRIVACY POLICY

 

I. Name and address of the controller

The controller as defined in the General Data Protection Regulation and other national data protection laws of the Member States and all other data privacy provisions shall be

atrova GmbH
Landshuter Allee 8
80637 München

Tel.: +49 89 2123106-40
E-Mail: kontakt@atrova.de

Responsible for content: Rainer Nagel, Stefan Randak
Managing Directors: Dr. Harald Linné, Rainer Nagel, Stefan Randak
Registered in the company register of Munich Local Court with the following HRB number: 234183
VAT identification number: DE 313 005 763

I. Name and address of the controller

The controller as defined in the General Data Protection Regulation and other national data protection laws of the Member States and all other data privacy provisions shall be

atrova GmbH
Landshuter Allee 8
80637 München

Tel.: +49 89 2123106-40
E-Mail: kontakt@atrova.de

Responsible for content: Rainer Nagel, Stefan Randak
Managing Directors: Dr. Harald Linné, Rainer Nagel, Stefan Randak
Registered in the company register of Munich Local Court with the following HRB number: 234183
VAT identification number: DE 313 005 763

LEGAL NOTICE

 

II. General data processing information

Scope of processing of personal data

We process the personal data of our users only where this is necessary to provide a functional website as well as our content and services. We generally process the personal data of our users only once they have given consent. An exception may be made in cases where it is not possible to obtain consent in advance for practical reasons and processing of the data is permitted under statutory provisions.

1. Legal basis for processing of personal data

Where we obtain consent from the data subject for processing operations involving personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) shall provide a legal basis.

Where processing of personal data is necessary for the performance of a contract to which the data subject is party, Article 6 (1) (b) GDPR shall provide a legal basis. This also includes processing operations that are necessary in order to take steps prior to entering into a contract.

Where processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6 (1) (c) GDPR shall provide a legal basis.

Where the processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6 (1) (d) GDPR shall provide a legal basis.

Where processing is necessary for the purposes of a legitimate interest pursued by our company or by a third party and where the former interest is not overridden by the interests or fundamental rights and freedoms of the data subject, Article 6 (1) (f) GDPR shall provide a legal basis for processing.

2. Erasure of data and retention period

The personal data of the data subject is erased or made unavailable as soon as the purpose for retention ceases to apply. The data may be retained beyond this period if so provided for by the European or national legislator in regulations, laws or other provisions under Member State law to which the controller is subject. The data may also be made unavailable or erased if the retention period specified in the relevant standards expires, unless the further retention of the data is required to enter into or to perform a contract.

III. Provision of the website and creation of log files

Description and scope of data processing

Every time someone visits our website, our system automatically collects data and information from the computer system accessing the website.

The following data is collected:

  • Information on the browser type and version used
  • The user’s operating system
  • The user’s internet service provider
  • The user’s IP address
  • Date and time of access
  • Websites from which the user’s system was referred to our website (referrer URLs)
  • Websites that the user’s system accessed via our website

3. Legal basis for data processing

The legal basis for temporary storage of the data and log files is provided by Article 6 (1) (f) GDPR.

4. Purpose of data processing

The system must temporarily store the IP address so that the website can be delivered to the user’s computer. The user’s IP address must be stored for the duration of the session.

Data is stored as log files to ensure the functioning of the website. We may also use the data to optimize the website and to maintain the security of our IT systems.

For these purposes, we also have a legitimate interest in data processing as set out in Article 6 (1) (f) GDPR.

5. Retention period

The data is erased as soon as it is no longer required to serve the purpose of its collection. Where the data is collected for the purpose of providing the website, the data is erased when the relevant session is ended.

6. Objection and removal options

Collection of data to provide the website and storage of said data as log files is strictly necessary for the running of the website. It follows that the user does not have the option to object.

IV. Use of cookies

  1. a) Description and scope of data processing

Our website uses cookies. Cookies are text files stored in the web browser or by the web browser on the user’s computer. When a user loads a website, a cookie may be stored on the user’s operating system. This cookie contains a string of characters that can be used to uniquely identify the browser the next time the website is loaded.

We use cookies to make our website more user-friendly. Some elements of our website require the browser to be identified even after loading a different page.

Cookies store and transfer the following data:

  • Language settings
  • Device information
  • Login information

We also use cookies on our website to analyze user behavior.

When users load our website, they are informed of the fact that we use cookies for analysis purposes and their consent is obtained for the processing of any personal data that may be used in this context. They are also made aware of this privacy notice.

  1. b) Legal basis for data processing

The legal basis for processing of personal data using strictly necessary cookies is provided by Article 6 (1) (f) GDPR.

The legal basis for processing of personal data using analytical cookies is provided by Article 6 (1) (a) GDPR, where consent has been given by the user.

  1. c) Purpose of data processing

The purpose of using strictly necessary cookies is to make websites easier to use. We are not able to offer certain features of our website without the use of cookies. These features require the browser to be identified again even after loading a different page.

The user data collected by strictly necessary cookies is not used to create user profiles.

Analytical cookies are used in order to improve the quality of our website and its content. Analytical cookies tell us how the website is being used and can help us to consistently optimize our services.

For these purposes, we also have a legitimate interest in processing the personal data as set out in Article 6 (1) (f) GDPR.

  1. e) Retention period, opt-out and removal options

Cookies are stored on the user’s computer and are transferred from the computer to our webpage. As a user, you therefore also have full control over the use of cookies. You can disable or restrict the transmission of cookies by adjusting the settings in your web browser. Stored cookies can be deleted at any time and automatically. If cookies are disabled for our website, it may mean that you are no longer able to use all features of the website in their entirety.

V. Newsletter

Description and scope of data processing

Our website gives you the option of subscribing to a free newsletter featuring the latest information about the Atreus Group (Atreus GmbH, AIM GmbH, atrova GmbH, MyHead GmbH). When you register for the newsletter, the data from the input screen is forwarded to us.

Your consent for processing of the data is obtained during the registration process and you are made aware of this privacy notice.

Registration for our newsletter uses the double opt-in method. This means that, once you have registered, we send an e-mail to the e-mail address that you specified asking you to confirm that you want us to send you the newsletter. If you do not confirm your registration, it does not become active and you do not receive the newsletter. We also store the time of the registration and confirmation. The purpose of this process is to keep a record of your registration and to be able to trace any misuse of your personal data if needed.

Data that is processed for distribution of the newsletter is not disclosed to third parties. The data is used exclusively for the purpose of distributing the newsletter.

Please note that we analyze your user behavior during distribution of the newsletter. For analysis purposes, the e-mails that we send contain web beacons and tracking pixels featuring one-pixel image files that are stored on our website. To analyze behavior, we link the contact information on file and the web beacons to your e-mail address and an individual ID. Even the links in the newsletter contain this ID. We use the data obtained in this manner to create a user profile so that we can tailor the newsletter to your personal interests. We keep track of when you read your newsletter and which newsletter links you click on, and use this information to draw conclusions about your personal interests. We link this data to your activity on our website. We do not pass this data on to third parties outside the Atreus Group.

7. Legal basis for data processing

The legal basis for processing of data after the user registers for the newsletter is provided by Article 6 (1) (a) GDPR, where consent has been given by the user.

The legal basis for the tracking is our “legitimate interest” pursuant to Article 6 (1) (f) GDPR.

Within the scope of contracted data processing under Article 28 GDPR, your data is forwarded to Adobe/Marketo Inc., 901 Mariners Island Blvd Suite 500, San Mateo, CA 94404, U.S.A. Marketo falls under the EU–U.S. Privacy Shield, which ensures an appropriate level of data protection.

8. Purpose of data processing

We collect the user’s e-mail address in order to deliver the newsletter.

We collect other personal data during the registration process in order to prevent misuse of the services or the used e-mail address.

We use tracking for the purpose of optimizing the content of the e-mail newsletter and tailoring it to the user’s personal interests.

9. Retention period

The data is erased as soon as it is no longer required to serve the purpose of its collection. Hence the user’s e-mail address is stored for as long as the newsletter subscription is active.

10. Objection and removal options

You may withdraw your consent to transmission of the newsletter at any time pursuant to Article 7 (3) GDPR and unsubscribe to the newsletter. You may give notice of withdrawal by clicking on the link provided in every newsletter e-mail, by e-mailing kontakt@atreus.de or by sending a message to the address mentioned in the legal notice.

You may cancel the tracking at any time pursuant to Article 21 GDPR by e-mailing us at kontakt@atrova.de to give notice. Your information will be stored for as long as you have subscribed to the newsletter. Once a subscription has been canceled, we store the data anonymously purely for statistical purposes.

VI. Portal registration

Description and scope of data processing

Our website offers users (particularly candidates/managers and (prospective) customers) the option of registering with us by submitting their personal data. The data is entered into an input screen, forwarded to us and stored on file. Additional personal information and details (such as CVs, certificates and qualifications) may also be uploaded to our portal.

When you send personal information to us, we give you the option of sending the information in encrypted format. This encryption safeguards the confidentiality of the data exchange between yourself and our web server, and helps to prevent misuse of the information, e.g. through interception. The encryption method we use is SSL (Secure Sockets Layer). This is a recognized and widely used technology.

These processes are outlined in a separate business privacy notice (link).

VII. Contact form, e-mail contact and telephone

Description and scope of data processing

There is a contact form available on our website that can be used to contact us electronically. If a user chooses this option, the data that is entered in the input screen is forwarded to us and stored on file. This data includes the following:

Title, name, contact details, message.

The following additional information is stored when the message is sent:

The user’s IP address and the date and time of registration.

Your consent for processing of the data is obtained during the submission process and you are made aware of this privacy notice.

Alternatively, you can contact us using the e-mail address provided. In this case, we store the user’s personal data that is sent in the e-mail.

If a user contacts us by e-mail to apply for a job at our company, the user’s personal data is stored along with the submitted application documents.

When you send personal information to us, we give you the option of sending the information in encrypted format. This encryption safeguards the confidentiality of the data exchange between yourself and our web server, and helps to prevent misuse of the information, e.g. through interception. The encryption method we use is SSL (Secure Sockets Layer). This is a recognized and widely used technology.

You can also contact us using the telephone number provided.

Data that is provided for this purpose is not disclosed to third parties. The data is used exclusively to process the conversation.

 

11. Legal basis for data processing

The legal basis for processing of data provided when the user contacts us is the consent provided for in Article 6 (1) (a) GDPR.

The legal basis for processing of data for applications is provided for by Section 26 (1) and (2) of the Federal Data Protection Act (BDSG) as amended.

The legal basis for processing of data that is sent to us in an e-mail is provided by Article 6 (1) (f) GDPR. If the purpose of the e-mail contact is to enter into a contract, an additional legal basis for processing is provided by Article 6 (1) (b) GDPR.

12. Purpose of data processing

We process personal data from the input screen solely for the purpose of contacting you. If we are contacted by e-mail, we also have a necessary legitimate interest in processing the data. If we receive an e-mail application, we have a legitimate interest in processing the application.

Other personal data that is processed during the submission process or during the telephone call is used to prevent misuse of the contact form and to maintain the security of our IT/telecommunication systems.

13. Retention period

The data is erased as soon as it is no longer required to serve the purpose of its collection.

In the case of an application where the candidate is rejected, all personal data will be erased by no later than six months after the decision.

14. Objection and removal options

Users have the option of withdrawing their consent to processing of their personal data at any time. When users contact us by e-mail or telephone, they may object to retention of their personal data at any time. If this occurs, the conversation cannot be continued.

All personal data that was stored during the period of contact is erased in that case.

VIII. Web analysis and social media plugins

MyFonts Counter

On this website, we use MyFonts Counter, a web analysis service of MyFonts Inc., 500 Unicorn Park Drive, Woburn, MA 01801, U.S.A., on the basis of Article 6 (1) (f) GDPR. The license terms allow for page view tracking where the number of visits to the website are counted for statistical purposes and forwarded to MyFonts. MyFonts collects only anonymized data. You can enable JavaScript code in your browser to allow data forwarding, where required. To prevent MyFonts from running JavaScript code altogether, you can install a JavaScript blocker (e.g. www.noscript.net). For more information about MyFonts Counter, please consult the MyFonts privacy policy at http://www.myfonts.com/info/terms-and-conditions/#Privacy.

Google Tag Manager

This website uses Google Tag Manager. Google Tag Manager is a Google Inc. tool that allows companies to manage website tags via a user interface. Google Tag Manager is a cookieless domain that does not collect any personal data. Google Tag Manager allows you to deploy other tags that may collect your data. We point this out to you specifically. Google Tag Manager does not access this data. If the user has disabled certain domains or cookies, this setting will remain in place for all tracking tags implemented with Google Tag Manager.

Google Analytics

This website uses features of the Google Analytics web analysis service. This service is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses cookies. Cookies are text files stored on your computer that can be used to analyze your use of the website. The information generated by the cookie in respect of your use of this website is generally transferred to a Google server in the U.S., where it is stored.

The storage of Google Analytics cookies and the use of this analytical tool is based on Article 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its web services and its advertising. Where consent has been queried (e.g. consent to store cookies), the data shall be processed solely on the basis of Article 6 (1) (a) GDPR; consent may be withdrawn at any time.

IP anonymization

We have enabled the IP anonymization feature on this website. This means that within Member States of the European Union or in other countries that are party to the Agreement on the European Economic Area Google will truncate your IP address before it is transferred to the U.S. Only in exceptional instances is the full IP address transferred to a Google server in the U.S., where it is then truncated. Google will use this information on behalf of the operator of this website in order to analyze your use of the website, compile reports on website activity, and render further services to the website operator that relate to website and internet use. The IP address transferred from your browser within the parameters of Google Analytics is not merged with other Google data.

Browser plugin

You can prevent storage of cookies by adjusting the settings of your browser software accordingly. We would like to point out, however, that in such an instance you may not be able to use all features of this website in their entirety. You can, furthermore, prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address), as well as Google’s processing of such data, by downloading and installing the browser plugin available at the following link:

https://tools.google.com/dlpage/gaoptout?hl=de

Opting out of data collection

You can prevent Google Analytics from collecting your information by clicking on the following link. An opt-out cookie will be set in order to prevent your data from being collected on future visits to this website:

For more information on how Google Analytics uses user data, please refer to Google’s privacy policy:

https://support.google.com/analytics/answer/6004245?hl=de

 

Contracted data processing

We have concluded a contract with Google for contracted data processing and we fully implement the strict requirements of the German data protection authorities for the use of Google Analytics.

Google Analytics demographics

This website uses the Google Analytics “demographics” feature. This allows reports to be generated that contain statements about the age, gender and interests of website users.

This data comes from interest-related advertising by Google and user data from third parties. This information cannot be associated with any specific individual. You can disable this feature at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described under “Opting out of data collection”.

Retention period

Google will anonymize or erase any user-level and event-level data associated with cookies, user identifiers (e.g. User ID) and advertising identifiers (e.g. DoubleClick cookies, Android’s Advertising ID) that it has stored after 14 months. Details on this are available at the following link:

https://support.google.com/analytics/answer/7667196?hl=de

Google Analytics Remarketing

This website uses the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and Google DoubleClick. This service is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

This feature makes it possible to link target audiences for promotional marketing created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. This allows advertising tailored to your personal interests, which have been identified based on your previous user and surfing behavior on one device (e.g. your cell phone), to be displayed on other devices (such as a tablet or computer).

Once you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. That way, the same personalized promotional messaging can be displayed on any device that signs in to your Google account.

To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion.

You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising; follow this link:

https://www.google.com/settings/ads/onweb

The combining of the data collected in your Google account is based solely on your consent, which you may give or withdraw from Google (Article 6 (1) (a) GDPR). For data collection operations not merged into your Google account (for example, because you do not have a Google account or have objected to the merge), the collection of data is based on Article 6 (1) (f) GDPR. The website operator has a legitimate interest in anonymously analyzing the behavior of website users for promotional purposes.

For more information and data protection provisions, please refer to Google’s privacy policy:

https://policies.google.com/technologies/ads?hl=de

Google AdWords and Google conversion tracking

This website uses Google AdWords. AdWords is an online advertising program provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

As part of Google AdWords, we use conversion tracking. When you click on an ad displayed by Google, a conversion tracking cookie is set. Cookies are small text files that the web browser stores on the user’s computer. These cookies expire after 30 days and are not used for personal identification of the user. If the user visits certain pages of this website and the cookie has not yet expired, Google and our company can tell that the user clicked on the ad and proceeded to the webpage.

Each Google AdWords advertiser has a different cookie. Thus, cookies cannot be tracked using the website of an AdWords advertiser. The information obtained using the conversion cookie is used to create conversion statistics for the AdWords advertisers who have opted for conversion tracking. Advertisers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, advertisers do not obtain any information that can be used to personally identify users. If you do not want to participate in tracking, you can opt out of this by easily disabling the Google conversion tracking cookie by changing your browser settings. This means that you will not be included in the conversion tracking statistics.

The storage of conversion cookies and the use of this tracking tool is based on Article 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its web services and its advertising. Where consent has been queried (e.g. consent to store cookies), the data shall be processed solely on the basis of Article 6 (1) (a) GDPR; consent may be withdrawn at any time.

For more information on Google AdWords and Google conversion tracking, please refer to Google’s privacy policy:

https://policies.google.com/privacy?hl=de

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

IX. Rights of the data subject

If your personal data is being processed, you are the data subject as defined in the GDPR and the controller shall afford you the following rights:

Right of access

You may request from the controller confirmation as to whether or not personal data about you is being processed by our company.

If we are processing data about you, you may request the following information from the controller:

(1) the purposes for which the personal data is being processed;

(2) the categories of personal data that are being processed;

(3)  the recipients or categories of recipient to whom the personal data about you has been or will be disclosed;

(4)  the intended retention period for which the personal data about you will be stored or, if this cannot be ascertained, the criteria used to determine the retention period;

(5) the existence of the right to request from the controller rectification or erasure of personal data about you, or the right to restrict the processing of this data or to object to such processing;

(6) the right to lodge a complaint with a supervisory authority;

(7) where the personal data is not collected from the data subject, any available information as to its source;

(8)  the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to be informed as to whether or not personal data about you is being transferred to a third country or to an international organization. You shall have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer in this regard.

1.  Right to rectification

You have the right to have data rectified and/or completed by the controller, if the personal data about you that is being processed is incorrect or incomplete. The controller shall rectify the data without undue delay.

2.  Right to restriction of processing

You may request that the processing of personal data about you be restricted under the following circumstances:

(1)  if you contest the accuracy of the personal data about you for a period enabling the controller to verify the accuracy of the personal data;

(2)  if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;

(3)  if the controller no longer needs the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defense of legal claims; or

(4)  if you have objected to processing pursuant to Article 21 (1) GDPR pending the verification of whether the legitimate grounds of the controller override your own.

Where processing of personal data about you has been restricted, this data shall – with the exception of retention – only be processed with your consent, or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

Where processing has been restricted under the circumstances mentioned above, you shall be informed by the controller before the restriction of processing is lifted.

3. Right to erasure

Erasure obligation

You may request from the controller the erasure of personal data about you without undue delay, and the controller has an obligation to erase this data without undue delay where one of the following grounds applies:

(1) The personal data about you is no longer required in relation to the purposes for which it was collected or otherwise processed.

(2)  You withdraw your consent on which the processing is based pursuant to Article 6 (1) (a) or Article 9 (2) (a) GDPR, and there are no other legal grounds for the processing.

(3)  You object to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) GDPR.

(4)  The personal data about you has been unlawfully processed.

(5)  The personal data about you has to be erased for compliance with a legal obligation by Union or Member State law to which the controller is subject.

(6)   The personal data about you has been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.

a) Disclosure to third parties

Where the controller has made the personal data about you public and is obliged pursuant to Article 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, copies of or reproductions of this personal data.

b) Derogations

The right to erasure shall not apply to the extent that processing is necessary

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation that requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health in accordance with Article 9 (2) (h) and (i) and Article 9 (3) GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) GDPR in so far as the right referred to in (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(5)  for the establishment, exercise or defense of legal claims.

4. Right to be informed

If you have exercised your right to rectification, erasure or restriction of processing against the controller, the controller has an obligation to communicate this rectification or erasure of data or restriction of processing to each recipient to whom the personal data about you has been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to have the controller inform you about these recipients.

LEGAL NOTICE

 

II. General data processing information

Scope of processing of personal data

We process the personal data of our users only where this is necessary to provide a functional website as well as our content and services. We generally process the personal data of our users only once they have given consent. An exception may be made in cases where it is not possible to obtain consent in advance for practical reasons and processing of the data is permitted under statutory provisions.

1. Legal basis for processing of personal data

Where we obtain consent from the data subject for processing operations involving personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) shall provide a legal basis.

Where processing of personal data is necessary for the performance of a contract to which the data subject is party, Article 6 (1) (b) GDPR shall provide a legal basis. This also includes processing operations that are necessary in order to take steps prior to entering into a contract.

Where processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6 (1) (c) GDPR shall provide a legal basis.

Where the processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6 (1) (d) GDPR shall provide a legal basis.

Where processing is necessary for the purposes of a legitimate interest pursued by our company or by a third party and where the former interest is not overridden by the interests or fundamental rights and freedoms of the data subject, Article 6 (1) (f) GDPR shall provide a legal basis for processing.

2. Erasure of data and retention period

The personal data of the data subject is erased or made unavailable as soon as the purpose for retention ceases to apply. The data may be retained beyond this period if so provided for by the European or national legislator in regulations, laws or other provisions under Member State law to which the controller is subject. The data may also be made unavailable or erased if the retention period specified in the relevant standards expires, unless the further retention of the data is required to enter into or to perform a contract.

III. Provision of the website and creation of log files

Description and scope of data processing

Every time someone visits our website, our system automatically collects data and information from the computer system accessing the website.

The following data is collected:

  • Information on the browser type and version used
  • The user’s operating system
  • The user’s internet service provider
  • The user’s IP address
  • Date and time of access
  • Websites from which the user’s system was referred to our website (referrer URLs)
  • Websites that the user’s system accessed via our website

3. Legal basis for data processing

The legal basis for temporary storage of the data and log files is provided by Article 6 (1) (f) GDPR.

4. Purpose of data processing

The system must temporarily store the IP address so that the website can be delivered to the user’s computer. The user’s IP address must be stored for the duration of the session.

Data is stored as log files to ensure the functioning of the website. We may also use the data to optimize the website and to maintain the security of our IT systems.

For these purposes, we also have a legitimate interest in data processing as set out in Article 6 (1) (f) GDPR.

5. Retention period

The data is erased as soon as it is no longer required to serve the purpose of its collection. Where the data is collected for the purpose of providing the website, the data is erased when the relevant session is ended.

6. Objection and removal options

Collection of data to provide the website and storage of said data as log files is strictly necessary for the running of the website. It follows that the user does not have the option to object.

IV. Use of cookies

  1. a) Description and scope of data processing

Our website uses cookies. Cookies are text files stored in the web browser or by the web browser on the user’s computer. When a user loads a website, a cookie may be stored on the user’s operating system. This cookie contains a string of characters that can be used to uniquely identify the browser the next time the website is loaded.

We use cookies to make our website more user-friendly. Some elements of our website require the browser to be identified even after loading a different page.

Cookies store and transfer the following data:

  • Language settings
  • Device information
  • Login information

We also use cookies on our website to analyze user behavior.

When users load our website, they are informed of the fact that we use cookies for analysis purposes and their consent is obtained for the processing of any personal data that may be used in this context. They are also made aware of this privacy notice.

  1. b) Legal basis for data processing

The legal basis for processing of personal data using strictly necessary cookies is provided by Article 6 (1) (f) GDPR.

The legal basis for processing of personal data using analytical cookies is provided by Article 6 (1) (a) GDPR, where consent has been given by the user.

  1. c) Purpose of data processing

The purpose of using strictly necessary cookies is to make websites easier to use. We are not able to offer certain features of our website without the use of cookies. These features require the browser to be identified again even after loading a different page.

The user data collected by strictly necessary cookies is not used to create user profiles.

Analytical cookies are used in order to improve the quality of our website and its content. Analytical cookies tell us how the website is being used and can help us to consistently optimize our services.

For these purposes, we also have a legitimate interest in processing the personal data as set out in Article 6 (1) (f) GDPR.

  1. e) Retention period, opt-out and removal options

Cookies are stored on the user’s computer and are transferred from the computer to our webpage. As a user, you therefore also have full control over the use of cookies. You can disable or restrict the transmission of cookies by adjusting the settings in your web browser. Stored cookies can be deleted at any time and automatically. If cookies are disabled for our website, it may mean that you are no longer able to use all features of the website in their entirety.

V. Newsletter

Description and scope of data processing

Our website gives you the option of subscribing to a free newsletter featuring the latest information about the Atreus Group (Atreus GmbH, AIM GmbH, atrova GmbH, MyHead GmbH). When you register for the newsletter, the data from the input screen is forwarded to us.

Your consent for processing of the data is obtained during the registration process and you are made aware of this privacy notice.

Registration for our newsletter uses the double opt-in method. This means that, once you have registered, we send an e-mail to the e-mail address that you specified asking you to confirm that you want us to send you the newsletter. If you do not confirm your registration, it does not become active and you do not receive the newsletter. We also store the time of the registration and confirmation. The purpose of this process is to keep a record of your registration and to be able to trace any misuse of your personal data if needed.

Data that is processed for distribution of the newsletter is not disclosed to third parties. The data is used exclusively for the purpose of distributing the newsletter.

Please note that we analyze your user behavior during distribution of the newsletter. For analysis purposes, the e-mails that we send contain web beacons and tracking pixels featuring one-pixel image files that are stored on our website. To analyze behavior, we link the contact information on file and the web beacons to your e-mail address and an individual ID. Even the links in the newsletter contain this ID. We use the data obtained in this manner to create a user profile so that we can tailor the newsletter to your personal interests. We keep track of when you read your newsletter and which newsletter links you click on, and use this information to draw conclusions about your personal interests. We link this data to your activity on our website. We do not pass this data on to third parties outside the Atreus Group.

7. Legal basis for data processing

The legal basis for processing of data after the user registers for the newsletter is provided by Article 6 (1) (a) GDPR, where consent has been given by the user.

The legal basis for the tracking is our “legitimate interest” pursuant to Article 6 (1) (f) GDPR.

Within the scope of contracted data processing under Article 28 GDPR, your data is forwarded to Adobe/Marketo Inc., 901 Mariners Island Blvd Suite 500, San Mateo, CA 94404, U.S.A. Marketo falls under the EU–U.S. Privacy Shield, which ensures an appropriate level of data protection.

8. Purpose of data processing

We collect the user’s e-mail address in order to deliver the newsletter.

We collect other personal data during the registration process in order to prevent misuse of the services or the used e-mail address.

We use tracking for the purpose of optimizing the content of the e-mail newsletter and tailoring it to the user’s personal interests.

9. Retention period

The data is erased as soon as it is no longer required to serve the purpose of its collection. Hence the user’s e-mail address is stored for as long as the newsletter subscription is active.

10. Objection and removal options

You may withdraw your consent to transmission of the newsletter at any time pursuant to Article 7 (3) GDPR and unsubscribe to the newsletter. You may give notice of withdrawal by clicking on the link provided in every newsletter e-mail, by e-mailing kontakt@atreus.de or by sending a message to the address mentioned in the legal notice.

You may cancel the tracking at any time pursuant to Article 21 GDPR by e-mailing us at kontakt@atrova.de to give notice. Your information will be stored for as long as you have subscribed to the newsletter. Once a subscription has been canceled, we store the data anonymously purely for statistical purposes.

VI. Portal registration

Description and scope of data processing

Our website offers users (particularly candidates/managers and (prospective) customers) the option of registering with us by submitting their personal data. The data is entered into an input screen, forwarded to us and stored on file. Additional personal information and details (such as CVs, certificates and qualifications) may also be uploaded to our portal.

When you send personal information to us, we give you the option of sending the information in encrypted format. This encryption safeguards the confidentiality of the data exchange between yourself and our web server, and helps to prevent misuse of the information, e.g. through interception. The encryption method we use is SSL (Secure Sockets Layer). This is a recognized and widely used technology.

These processes are outlined in a separate business privacy notice (link).

VII. Contact form, e-mail contact and telephone

Description and scope of data processing

There is a contact form available on our website that can be used to contact us electronically. If a user chooses this option, the data that is entered in the input screen is forwarded to us and stored on file. This data includes the following:

Title, name, contact details, message.

The following additional information is stored when the message is sent:

The user’s IP address and the date and time of registration.

Your consent for processing of the data is obtained during the submission process and you are made aware of this privacy notice.

Alternatively, you can contact us using the e-mail address provided. In this case, we store the user’s personal data that is sent in the e-mail.

If a user contacts us by e-mail to apply for a job at our company, the user’s personal data is stored along with the submitted application documents.

When you send personal information to us, we give you the option of sending the information in encrypted format. This encryption safeguards the confidentiality of the data exchange between yourself and our web server, and helps to prevent misuse of the information, e.g. through interception. The encryption method we use is SSL (Secure Sockets Layer). This is a recognized and widely used technology.

You can also contact us using the telephone number provided.

Data that is provided for this purpose is not disclosed to third parties. The data is used exclusively to process the conversation.

 

11. Legal basis for data processing

The legal basis for processing of data provided when the user contacts us is the consent provided for in Article 6 (1) (a) GDPR.

The legal basis for processing of data for applications is provided for by Section 26 (1) and (2) of the Federal Data Protection Act (BDSG) as amended.

The legal basis for processing of data that is sent to us in an e-mail is provided by Article 6 (1) (f) GDPR. If the purpose of the e-mail contact is to enter into a contract, an additional legal basis for processing is provided by Article 6 (1) (b) GDPR.

12. Purpose of data processing

We process personal data from the input screen solely for the purpose of contacting you. If we are contacted by e-mail, we also have a necessary legitimate interest in processing the data. If we receive an e-mail application, we have a legitimate interest in processing the application.

Other personal data that is processed during the submission process or during the telephone call is used to prevent misuse of the contact form and to maintain the security of our IT/telecommunication systems.

13. Retention period

The data is erased as soon as it is no longer required to serve the purpose of its collection.

In the case of an application where the candidate is rejected, all personal data will be erased by no later than six months after the decision.

14. Objection and removal options

Users have the option of withdrawing their consent to processing of their personal data at any time. When users contact us by e-mail or telephone, they may object to retention of their personal data at any time. If this occurs, the conversation cannot be continued.

All personal data that was stored during the period of contact is erased in that case.

VIII. Web analysis and social media plugins

MyFonts Counter

On this website, we use MyFonts Counter, a web analysis service of MyFonts Inc., 500 Unicorn Park Drive, Woburn, MA 01801, U.S.A., on the basis of Article 6 (1) (f) GDPR. The license terms allow for page view tracking where the number of visits to the website are counted for statistical purposes and forwarded to MyFonts. MyFonts collects only anonymized data. You can enable JavaScript code in your browser to allow data forwarding, where required. To prevent MyFonts from running JavaScript code altogether, you can install a JavaScript blocker (e.g. www.noscript.net). For more information about MyFonts Counter, please consult the MyFonts privacy policy at http://www.myfonts.com/info/terms-and-conditions/#Privacy.

Google Tag Manager

This website uses Google Tag Manager. Google Tag Manager is a Google Inc. tool that allows companies to manage website tags via a user interface. Google Tag Manager is a cookieless domain that does not collect any personal data. Google Tag Manager allows you to deploy other tags that may collect your data. We point this out to you specifically. Google Tag Manager does not access this data. If the user has disabled certain domains or cookies, this setting will remain in place for all tracking tags implemented with Google Tag Manager.

Google Analytics

This website uses features of the Google Analytics web analysis service. This service is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses cookies. Cookies are text files stored on your computer that can be used to analyze your use of the website. The information generated by the cookie in respect of your use of this website is generally transferred to a Google server in the U.S., where it is stored.

The storage of Google Analytics cookies and the use of this analytical tool is based on Article 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its web services and its advertising. Where consent has been queried (e.g. consent to store cookies), the data shall be processed solely on the basis of Article 6 (1) (a) GDPR; consent may be withdrawn at any time.

IP anonymization

We have enabled the IP anonymization feature on this website. This means that within Member States of the European Union or in other countries that are party to the Agreement on the European Economic Area Google will truncate your IP address before it is transferred to the U.S. Only in exceptional instances is the full IP address transferred to a Google server in the U.S., where it is then truncated. Google will use this information on behalf of the operator of this website in order to analyze your use of the website, compile reports on website activity, and render further services to the website operator that relate to website and internet use. The IP address transferred from your browser within the parameters of Google Analytics is not merged with other Google data.

Browser plugin

You can prevent storage of cookies by adjusting the settings of your browser software accordingly. We would like to point out, however, that in such an instance you may not be able to use all features of this website in their entirety. You can, furthermore, prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address), as well as Google’s processing of such data, by downloading and installing the browser plugin available at the following link:

https://tools.google.com/dlpage/gaoptout?hl=de

Opting out of data collection

You can prevent Google Analytics from collecting your information by clicking on the following link. An opt-out cookie will be set in order to prevent your data from being collected on future visits to this website:

For more information on how Google Analytics uses user data, please refer to Google’s privacy policy:

https://support.google.com/analytics/answer/6004245?hl=de

 

Contracted data processing

We have concluded a contract with Google for contracted data processing and we fully implement the strict requirements of the German data protection authorities for the use of Google Analytics.

Google Analytics demographics

This website uses the Google Analytics “demographics” feature. This allows reports to be generated that contain statements about the age, gender and interests of website users.

This data comes from interest-related advertising by Google and user data from third parties. This information cannot be associated with any specific individual. You can disable this feature at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described under “Opting out of data collection”.

Retention period

Google will anonymize or erase any user-level and event-level data associated with cookies, user identifiers (e.g. User ID) and advertising identifiers (e.g. DoubleClick cookies, Android’s Advertising ID) that it has stored after 14 months. Details on this are available at the following link:

https://support.google.com/analytics/answer/7667196?hl=de

Google Analytics Remarketing

This website uses the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and Google DoubleClick. This service is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

This feature makes it possible to link target audiences for promotional marketing created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. This allows advertising tailored to your personal interests, which have been identified based on your previous user and surfing behavior on one device (e.g. your cell phone), to be displayed on other devices (such as a tablet or computer).

Once you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. That way, the same personalized promotional messaging can be displayed on any device that signs in to your Google account.

To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion.

You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising; follow this link:

https://www.google.com/settings/ads/onweb

The combining of the data collected in your Google account is based solely on your consent, which you may give or withdraw from Google (Article 6 (1) (a) GDPR). For data collection operations not merged into your Google account (for example, because you do not have a Google account or have objected to the merge), the collection of data is based on Article 6 (1) (f) GDPR. The website operator has a legitimate interest in anonymously analyzing the behavior of website users for promotional purposes.

For more information and data protection provisions, please refer to Google’s privacy policy:

https://policies.google.com/technologies/ads?hl=de

Google AdWords and Google conversion tracking

This website uses Google AdWords. AdWords is an online advertising program provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

As part of Google AdWords, we use conversion tracking. When you click on an ad displayed by Google, a conversion tracking cookie is set. Cookies are small text files that the web browser stores on the user’s computer. These cookies expire after 30 days and are not used for personal identification of the user. If the user visits certain pages of this website and the cookie has not yet expired, Google and our company can tell that the user clicked on the ad and proceeded to the webpage.

Each Google AdWords advertiser has a different cookie. Thus, cookies cannot be tracked using the website of an AdWords advertiser. The information obtained using the conversion cookie is used to create conversion statistics for the AdWords advertisers who have opted for conversion tracking. Advertisers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, advertisers do not obtain any information that can be used to personally identify users. If you do not want to participate in tracking, you can opt out of this by easily disabling the Google conversion tracking cookie by changing your browser settings. This means that you will not be included in the conversion tracking statistics.

The storage of conversion cookies and the use of this tracking tool is based on Article 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its web services and its advertising. Where consent has been queried (e.g. consent to store cookies), the data shall be processed solely on the basis of Article 6 (1) (a) GDPR; consent may be withdrawn at any time.

For more information on Google AdWords and Google conversion tracking, please refer to Google’s privacy policy:

https://policies.google.com/privacy?hl=de

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

IX. Rights of the data subject

If your personal data is being processed, you are the data subject as defined in the GDPR and the controller shall afford you the following rights:

Right of access

You may request from the controller confirmation as to whether or not personal data about you is being processed by our company.

If we are processing data about you, you may request the following information from the controller:

(1) the purposes for which the personal data is being processed;

(2) the categories of personal data that are being processed;

(3)  the recipients or categories of recipient to whom the personal data about you has been or will be disclosed;

(4)  the intended retention period for which the personal data about you will be stored or, if this cannot be ascertained, the criteria used to determine the retention period;

(5) the existence of the right to request from the controller rectification or erasure of personal data about you, or the right to restrict the processing of this data or to object to such processing;

(6) the right to lodge a complaint with a supervisory authority;

(7) where the personal data is not collected from the data subject, any available information as to its source;

(8)  the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to be informed as to whether or not personal data about you is being transferred to a third country or to an international organization. You shall have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer in this regard.

1.  Right to rectification

You have the right to have data rectified and/or completed by the controller, if the personal data about you that is being processed is incorrect or incomplete. The controller shall rectify the data without undue delay.

2.  Right to restriction of processing

You may request that the processing of personal data about you be restricted under the following circumstances:

(1)  if you contest the accuracy of the personal data about you for a period enabling the controller to verify the accuracy of the personal data;

(2)  if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;

(3)  if the controller no longer needs the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defense of legal claims; or

(4)  if you have objected to processing pursuant to Article 21 (1) GDPR pending the verification of whether the legitimate grounds of the controller override your own.

Where processing of personal data about you has been restricted, this data shall – with the exception of retention – only be processed with your consent, or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

Where processing has been restricted under the circumstances mentioned above, you shall be informed by the controller before the restriction of processing is lifted.

3. Right to erasure

Erasure obligation

You may request from the controller the erasure of personal data about you without undue delay, and the controller has an obligation to erase this data without undue delay where one of the following grounds applies:

(1) The personal data about you is no longer required in relation to the purposes for which it was collected or otherwise processed.

(2)  You withdraw your consent on which the processing is based pursuant to Article 6 (1) (a) or Article 9 (2) (a) GDPR, and there are no other legal grounds for the processing.

(3)  You object to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) GDPR.

(4)  The personal data about you has been unlawfully processed.

(5)  The personal data about you has to be erased for compliance with a legal obligation by Union or Member State law to which the controller is subject.

(6)   The personal data about you has been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.

a) Disclosure to third parties

Where the controller has made the personal data about you public and is obliged pursuant to Article 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, copies of or reproductions of this personal data.

b) Derogations

The right to erasure shall not apply to the extent that processing is necessary

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation that requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health in accordance with Article 9 (2) (h) and (i) and Article 9 (3) GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) GDPR in so far as the right referred to in (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(5)  for the establishment, exercise or defense of legal claims.

4. Right to be informed

If you have exercised your right to rectification, erasure or restriction of processing against the controller, the controller has an obligation to communicate this rectification or erasure of data or restriction of processing to each recipient to whom the personal data about you has been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to have the controller inform you about these recipients.

atrova GmbH
Landshuter Allee 8
80637 München

© 2020 BY ATROVA GMBH - ALL RIGHTS RESERVED  |   IMPRINT    DATA PROTECTION

                                                          BACK TO TOP