Cenit WebsiteCenit Website

Data privacy statement

This data privacy statement informs users about the type, scope and purposes of the collection and use of personal data by the responsible provider on this website and our other online offerings (hereinafter "offering").

Responsible provider:

CENIT AG

Industriestraße 52-54
70565 Stuttgart
Tel.: +49 711 7825-30
Fax: +49 711 7825-4000
E-Mail: info@cenit.com

Peter Schneck - CEO

Axelle Mazé - CFO

Contact information of the data protection officer:

intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg
E-Mail: datenschutzbeauftragter@cenit.com

The use of our website is normally possible without providing personal data.

To the extent that personal data is collected on our pages (e.g. name, postal address or email addresses), this always takes place on a voluntary basis, insofar as possible.

Personal information we receive from you about others

If you book trainings or webinars not only for yourself, but for another participant, a colleague or an employee, these data are processed exactly as you specify them.

We must point out that it is your responsibility that the persons about whom you provide personal information are aware of this process and have accepted how CENIT AG uses their information (as described in this helpful Privacy Policy).

We also collect navigation information. This is the data on your computer relating to your visit to our website, particularly your IP address, your location, the browser that you used, referral source, duration of your visit and pages visited by you.

In addition to the other types of use that are listed in this data privacy statement, we use your personal data to improve your use of the browser with personalization of websites and for improvement of the registration service.

By filling out a registration form on our website, you agree to receive emails from CENIT.

The emails contain information about new products and offers.

We do not provide third parties with your personal data that we process for the delivery of emails. You can unsubscribe from these emails at any time with effect for the future.

We use navigation information in order to operate and improve the websites and our registration service. We use navigation information by itself or in combination with personal data in order to send you personalize information about our company.

This data is not given to third parties without your express consent.

The provider (and/or their webspace provider) collects data each time the offering is accessed (so-called server log files). The access data includes:

  • the name of the visited website, file, date and time of the visit, quantity of data transmitted, notification of a successful visit, browser type and version, operating system of the user, referrer URL (previously visited site), IP address and the inquiring provider.

The provider uses the log data exclusively for statistical evaluations for the purpose of operation, security and optimization of the offering. The provider reserves the right to review the log data retroactively if there is a justifiable suspicion of illegal use based on concrete indications.

Where we require affected individuals to consent to the processing of personal data, the legal basis is Art. 6 para. 1 lit. a of the EU’s General Data Protection Regulation (GDPR).

When we process personal data in the course of fulfilling a contract to which the affected individual is a party, the legal basis is Art. 6 para. 1 lit. b GDPR. This also applies to processing in the context of pre-contract activities.

Where processing of personal data is required to fulfill a legal obligation on our enterprise, the legal basis is Art. 6 para. 1 lit. c GDPR.

Where vital interests of the affected person or other natural persons require the processing of personal data, the legal basis is Art. 6 para. 1 lit. d GDPR.

Where the processing of data is required to safeguard a legitimate interest of our enterprise or a third party and where the interests, fundamental rights and basic freedoms do not outweigh the aforenamed interest, the legal basis of data processing is Art. 6 para. 1 lit. f GDPR. 

Personal data of affected individuals shall be deleted or barred from access as soon as the purpose of data storage is fulfilled. Additionally, data may be stored if and when required by European or national legislation, i.e. European regulations, statutes or other provisions to which the responsible party is subject. Data shall also be deleted or barred from access upon lapse of a storage period prescribed by one of the aforementioned legal instruments, provided that further storage is not required for purposes of the conclusion or fulfillment of a legal contract.

Our website features a contact form which may be used to contact us electronically. Where a user avails himself/herself of this opportunity, the data entered in the input fields will be transmitted to and stored by us. These data could be:

Given Name
Surname
Email Address
Company
City
Country
Phone

When you transmit such data to us, we will request your consent to process said data and refer you to this declaration of data confidentiality.

Alternatively, you may contact us via the provided email address. In this case, the person-related data you transmit in the email message will be stored.

There shall be no disclosure of the above data to third parties, except to the subsidiaries of CENIT AG and their majority shareholdings. The data shall be used exclusively for purposes of processing the respective communication.

Once the user issues his or her consent to data processing, the legal basis for such processing is Art. 6 para. 1 lit. a GDPR.

For the processing of data transmitted by way of email communication, the legal basis is Art. 6 para. 1 lit. f GDPR. Where the purpose of the email communication is the conclusion of a contract, an additional legal basis for data processing is Art. 6 para. 1 lit. b GDPR.

For our part, we use personal data from the input fields only to process the respective communication. Where contact is initiated by email, this also constitutes a legitimate interest in processing said data.

Other personal data processed during dispatch of the communication serve to prevent misuse of the contact form and to safeguard the security of our information technology systems.

The data are deleted as soon as they are no longer required for attaining the purposes for which they were gathered. For personal data contained in the input fields and for those transmitted via email, this occurs when the respective communication with the user ends. This is the case when circumstances indicate that the matter at hand is conclusively resolved.

The user may revoke his or her consent to our processing of personal data at any time. Where the user contacts us vie email, he or she may reject storage of his or her personal data at any time. In such cases, we will be unable to continue the communication.

Please see below for a description of how consent may be revoked and how storage may be rejected.

In either case, all personal data stored in the course of the communication shall be deleted.

Our website offers you the opportunity to subscribe to a free newsletter. When registering for such a subscription, you transmit the data from the input fields to us. We require the following as mandatory information:

Appellation
Given Name
Surname
Company
Email Address

We request that you consent to our processing of said data and refer you to this declaration of data confidentiality.

We will not disclose data processed in the context of newsletter dissemination to third parties. The data shall be used exclusively for purposes of newsletter dissemination and will be saved to our CRM system exclusively for this purpose.

Cookies are small files that make it possible to store specific device-related information on the access device of the user (PC, smart phone, etc.). They are used to improve user-friendliness of websites (e.g. saving of login data). They also collect statistical data about use of the website and can be analyzed for the purpose of improving the offering. Users can influence the use of cookies. Most browsers have an option with which the storage of cookies can be limited or blocked altogether. However, it should be taken into consideration that the use of websites and, in particular, convenience, can be limited without cookies.

You can manage many online advertising cookies of companies via the US web page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/uk/your-ad-choices/.

You can find more information about our cookies here cookie notice and further details.

This offering uses Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. Google analytics uses so-called "cookies", text files that are stored on the computers of the users and which enable an analysis of the use of the website by them. The information generated by the cookie about the use of this website by the users is normally transferred to a Google server in the USA and stored there.

However, if IP anonymization is activated on this website, the IP addresses of the users are truncated beforehand within Member States of the European Union or in other Treaty States party to the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the USA and truncated there in exceptional cases. IP anonymization is activated on this website. Google uses this information on behalf of the operator of this website in order to evaluate the use of the website by the users in order to compile reports on the website activity and in order to provide the website operator additional services related to the website use and internet use.

The IP address communicated by your browser within the scope of Google Analytics is not combined with other data by Google. Users can prevent the storage of cookies with an appropriate setting in their browser software; however, it should be taken into that it may not be possible to use all functions of this website to the full extent. Users can also prevent collection of the data generated by the cookie and related to their use of the website (including their IP addresses) by Google and the processing of said data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

As an alternative to the browser add-on or within browsers on mobile devices, please click on this link https://tools.google.com/dlpage/gaoptout?hl=en in order to prevent future collection of data by Google Analytics within this website. In the process, an opt-out cookie will be stored on your device. If you delete your cookies, you have to click on this link again.

This Website uses the map service Google Maps via an API. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.

To use the functions of Google Maps it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.

You can find more information on the handling of user data in Google's data protection declaration: https://policies.google.com/privacy?hl=en&gl=en.

This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.

The use of Google Maps is in the interest of an appealing representation of our online offers and at an easy findability of the places indicated by us on the website.

The IP addresses are usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.

Some of our web pages feature embedded YouTube videos. YouTube is a service provided by the US company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. For all YouTube videos on our web pages, we have activated the so-called “advanced privacy settings”. These advanced privacy settings are provided by YouTube with the assurance that YouTube will not save cookies containing personal data to the user’s computer unless and until he or she has clicked on and played a video using the YouTube video player. When calling up the websites and for purposes of embedding videos, their IP address will be transmitted. This IP address cannot, however, be assigned to users personally unless they have logged on to YouTube or another Google service before calling up the web page and/or are continually logged on to these services.

As soon the user starts an embedded YouTube video it, YouTube will, due to the advanced privacy settings, save only such cookies to his or her computer as contain no personally identifiable data. These cookies can be blocked by way of appropriate browser settings and expansions.

For further information on embedded YouTube videos, please refer to the data privacy information of YouTube.

Some of our web pages feature embedded Vimeo videos. Vimeo is a service provided by the US company Vimeo.com, Inc., Data Protection Officer, 555 West 18th Street, New York, New York 10011. For all Vimeo videos on our web pages, we have activated the so-called “advanced privacy settings”. These advanced privacy settings are provided by Vimeo with the assurance that Vimeo will not save cookies containing personal data to the user’s computer unless and until he or she has clicked on and played a video using the Vimeo video player. When calling up the websites and for purposes of embedding videos, their IP address will be transmitted. This IP address cannot, however, be assigned to users personally unless they have logged on to Vimeo service before calling up the web page and/or are continually logged on to these services.

As soon the user starts an embedded Vimeo video it, Vimeo will, due to the advanced privacy settings, save only such cookies to his or her computer as contain no personally identifiable data. These cookies can be blocked by way of appropriate browser settings and expansions.

For further information on embedded Vimeo videos, please refer to the data privacy information of Vimeo.

We utilize ZoomInfo for our online marketing activities on this web site. ZoomInfo is ZoomInfo Technologies LLC, and we are located at 805 Broadway St, Suite 900, Vancouver, WA 98660. ZoomInfo is a registered data broker in the State of California. We are using the WebSignal function to track the traffic on our webpage. The Websignal is using our baseline cookies.

More information on the privacy policies of ZoomInfo: https://www.zoominfo.com/about-zoominfo/privacy-policy

If you do not want any collection of data by ZoomInfo in general, you can prevent the storage of cookies at any time through your browser settings.

Scope of processing personal data

We manage a “Fan Page” on the Facebook social network at URL https://www.facebook.com/CENITNorthAmerica

This privacy statement is provided to inform the users of our Fan Page pursuant to the General Data Protection Regulation (GDPR) of the type, scope and purpose of the personal data that we collect and use.

Legal basis for processing personal data

In its decision of June 5, 2018, the European Court of Justice (ECJ) stated that operators of a Facebook page are responsible together with Facebook for processing personal data.

We as the operators of the Fan Page have no interest in collecting and further processing your personal data for analysis and marketing purposes.

The Facebook page is managed on the basis of our legitimate interests in offering informational and interaction opportunities for and with our readers and visitors pursuant to Art. 6 (1) (f) GDPR that are up-to-date and supportive.

Type of data processing 

For storage and further processing, Facebook uses cookies, meaning small text files that are stored on the user’s various end devices. If the user has a Facebook profile and is logged into Facebook, his/her data are stored and analyzed on all of his/her devices.

We are aware that Facebook processes the data of its users for the following purposes:

• Advertising (analysis, creation of personalized advertising)

• Preparation of user profiles

• Market research

Facebook Inc., the US parent company of Facebook Ireland Ltd. is certified under the EU-U.S. Privacy Shield, thus guaranteeing that it upholds European data protection regulations. More information on Facebook’s privacy shield status can be found here: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

We as the operator of the page cannot exclude that our users’ personal data will not be transferred and further processed to third countries, such as the USA, nor can we exclude the potential risks associated with any such transfer.

The Facebook privacy policy includes additional information on data processing: https://www.facebook.com/policy.php

Option to object

If you are a member of Facebook and you do not want Facebook to collect data about you through our Fan Page and link such data with your membership data stored on Facebook, you must:

  • Log off of Facebook or deactivate the function “remain logged off” before visiting our Fan Page on Facebook
  • Delete any existing cookies on your device
  • Restart your browser

This way, according to information provided by Facebook, all Facebook information that would allow you to be identified is deleted.

Statistical data

The so-called “Insights” linked to the Facebook page allows us to access statistical data of various categories. These statistics are generated and provided by Facebook. We as the operator of this page have no influence on how such data are generated and presented. We cannot discontinue this function, nor can be prevent the generation and processing of such data.

Facebook provides us with the following data that we can select for a period of time and for each category of followers, subscribers, number of people reached and page engagement relating to our Facebook page:

Total number of page views, “Like” details, page activities, post interactions, reach, video views, post reach, comments, shared content, responses, percentage of men and women, origin broken down by country and city, page access and clicks, clicks on trip planner, clicks on phone numbers.

Data on the Facebook pages linked to our Facebook page are also provided in this manner. Because Facebook is continuously further developed, the data availability and preparation also changes, and so we refer to the Facebook privacy policy already mentioned above for further details.

We use the data made available in aggregated form to make our posts and activities on our Fan Page more appealing to our users. For example, we make use of distributions by age and gender to adjust how we address our followers, and to also analyze the peak visiting times by our users to optimally plan the timing of our posts. Information about the type of end devices used by visitors assist us in visually optimizing the design of the posts for presentation on such end devices. In accordance with the Facebook terms of use, which each user must consent to when creating a Facebook profile, we can identify the subscribers and fans of the page and view their profiles and other information shared by them depending on the privacy settings the user has set.

Rights of the users

When rights of the data subject are asserted, Facebook is primarily responsible for the processing of Insights data, and as such the rights of the data subject defined in Art. 15 to 22 GDPR are met by Facebook. Generally, this relates to the right to information, rectification, blocking, notification, data transfer, objection and automated decisions in individual cases, including profiling.

If you would like to assert these rights, you may either contact us or you can contact Facebook directly. If you choose to contact us, we will ensure that Facebook is immediately notified that rights of a data subject are being asserted.

For more information about this, please refer to the addendum on the Insight pages by clicking on the link below:

www.facebook.com/legal/terms/page_controller_addendum

If in the future you no longer wish for your data to be processed as described herein, we ask that you please revoke the connection between your user profile and our Fan Page by using the functions “Unlike this page” and/or “Unsubscribe from this page”.

Some of our internet products contain hyperlinks to other websites which are not operated by CENIT AG. We do not monitor these websites and are not responsible for their content or their treatment of personal data.

In this context, data processing serves to protect a justified interest of our enterprise, and this interest is not outweighed by the interests, fundamental rights and basic freedoms of the user. The legal basis for the processing of personal data via the use of hyperlinks is Art. 6 para. 1 lit. f GDPR.

To ensure an attractive user experience, our digital offer also includes “social plugin” functions.

Regarding the Facebook network: This is offered and operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. The content of widgets is transmitted by Facebook directly to your browser and also displayed in our systems without our having any influence on the content. 

Regarding the Twitter network: This is offered and operated by Twitter Inc., One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. The content of widgets is transmitted by Facebook directly to your browser and also displayed in our systems without our having any influence on the content. 

Regarding the YouTube network: This is offered and operated by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. The content of widgets is transmitted by Facebook directly to your browser and also displayed in our systems without our having any influence on the content. 

To protect your privacy, we offer these social plugins as HTML-linked button clicks. For you, this means that your data are transmitted only when you actively click the plugin button (share, like, etc.), are registered with the relevant provider and have visited its websites in the past. Prior to your click, no data are transmitted.

The social plugins also let you share our content via your personal social media account. When you use this feature, no personal data pertaining to you will be processed by CENIT AG. 

The respective social media provider is able to allocate any visit to our website to your user account. We hereby inform you that CENIT AG has no influence on this fact and receives no information on the content of the transferred data or their use by the social media provider.

The data shall be deleted as soon as they are no longer required to attain the purpose for which they were collected.

For further information on the type, purpose and extent of data collection as well as the processing and use of your data by the respective social media provider, please refer to the provider’s data confidentiality information. Here you will also learn more about your rights and settings that protect your privacy.

Data privacy information for Facebook

Data privacy information for Twitter

Data privacy information for YouTube

Data privacy information for XING

Data privacy information for LinkedIn

Data privacy information for Pocket

1. Information on the processing of personal data in the application process

As part of your online application, our company processes the personal data you provide to us contact data, qualification data, content data (such as. name, address, marital status, age, nationality, qualification, resume, work experience, certificates, etc.), to the extent necessary for the application process. In detail, these are

Contact details:                 Name, address, telephone, mail address

Qualification data:          Education/studies, previous employment, professional development, professional qualifications/certificates, job references.

Content data:                    Cover letter, interview information

If you inform us, we will also store other voluntary given information, such as the characteristic of a severe disability, an equalization with a severely disabled person or other special categories of personal data related to your application, e.g. if you submit a motivational video to us. This video file created in the application process will be added to your application. You also have the option to transfer your resume, which you have published on LinkedIn/Xing, to us. This transferred data will be stored together with your application. A so-called pre-employment screening of your person only takes place in job-oriented networks such as XING or LinkedIN.

Insofar as we use recruiters or you apply via a recruiter, we receive your application data from them.

2. Purpose of the data processing and indication of the legal basis

Our company processes the aforementioned personal data exclusively in accordance with the GDPR and the German Federal Data Protection Act (BDSG). The purpose of the data processing is the implementation of the application process and the establishment of any employment relationship that may follow.

Data processing as part of the application process and to establish the employment relationship in accordance with § 26 (1) BDSG.

The legal basis for this is Art. 88 GDPR in conjunction with. § 26 (1) BDSG, the legal basis for the storage of special categories of personal data is Art. 88 GDPR in conjunction with. § 26 para. 3 BDSG. Your data will not be used for any other purpose. The necessity of data collection and processing results from the specific position for which you are applying, so in the case of positions with a higher degree of confidentiality, higher financial/personal responsibility, further data collection may take place from you or also from authorities if a certificate of good conduct should be necessary. For data minimization reasons, we only collect and process such data once the selection of applicants for the position has been completed, i.e. immediately before or shortly after recruitment.

Data processing on the basis of consent pursuant to Art. 6 Para. 1 lit. a GDPR in conjunction with § 26 (2) BDSG

In some cases, we process your personal data on the basis of a specific and voluntary given consent from you related to a processing purpose named therein, for example in the case of data processing via the Pitch you software (see below). The legal basis for the data processing is then the consent voluntarily given by you for the specific case before the data processing in an informed manner. In particular, we have also informed you about your right of revocation which you might execute at any time.

The consent then serves us as a legal basis, if we want to include you in the applicant pool for futurous possible job offers, or if we carry out your application process with Pitch you (see below). 

Data processing based on our legitimate interest according to Art. 6 (1) lit. f GDPR.

We process your personal data on behalf of our legitimate interest or in a legitimate interest of a third party if your interests in not processing your personal data do not outweigh our interests in processing your personal data. This is the case, if we process your data to defend us against legal claims, for example under the General Equal Treatment Act (AGG) in Germany or for evidence purposes in a legal dispute.

3 Recipients of the data

Within our company, your data will only be accessed by those departments or personnel that absolutely need it, to carry out the application process. These are primarily the responsible employee in the HR department and the responsible managers in the hiring department, who got access rights to the relevant applications. All of our employees who have access to application data are also obligated to maintain confidentiality and have received special training.

For certain technical processes of data processings, our company uses the support of external service providers who, as part of the provision of the service owed, may receive access to your personal data or may be able to view it in the event of support; these are, for example, maintenance and hosting service providers, disposal service providers for files or data. We have entered into order processing agreements with these. All our order processors are carefully selected and meet high data protection and data security standards. They are likewise bound to secrecy and privacy as well and only process personal data on behalf of and in accordance with the instructions of our company. They are subject to our regular monitoring.

As part of the application process you will be free to scan the QR code located in the job advertisement and thus applying by using Pitch you a software from SBS Software und Beratung GmbH, represented by the Managing Directors Thorsten Schatz, Gunnar Basner, Alexander Bauer, Bahnhofstraße 7, 95119 Naila, so that your application will be processed with Whats-App in the Version of Business API. For more details on data protection and privacy policy at Pitch you, please visit www.pitchyou.de/pitchyou-dsgvo. Pitch you thus receives the application data listed above under 1

„Information on the processing of personal data in the application process“) contact data, qualification data and content data.

Pitch you processes your personal data in the context of the your application on our behalf in German data centers at Hetzner Online GmbH, Industriestrasse 25, 91710 Gunzenhausen. You can find out more about data protection and privacy at Hetzner at data protection (hetzner.com). For the Whats-App Business API, contracts have also been concluded with certified providers of the Business API. (see above data protection at Pitch you).

Pitch you uses Whats-App in the version of Whats-App Business API. This is a more privacy-friendly solution in comparison to the usual Whats-App, because Pitch you does not transmit any personal data to Whats-App via the Whats-App Business API. Nevertheless, you must be aware that if you use for your job application the possibilitiy to send the application via Whats-App Business API, that even in this case Whats-App may also process your personal data sent to us via your private Whats-App profile, so that these personal datas provides through your Whats-App Profile are processed in the USA or other third countries and that US authorities may gain access to your personal data, too. Although the content data of the communication via Whats App is secured via end-to-end encryption according to Whats-App, the access and data processing depends on your configuration and there is a wide variety of data which is nevertheless sent to Meta Ireland Limited and there are at least metadata of the communication with your private Whats-App profile which are stored on US servers. More details about data processing with Whats-App can be found here www.whatsapp.com/legal.

The USA does not have an equal data protection level comparable to the EU. For this reason, we use the opt-in consent function via Pitch you before the application process begins. When you open the home page or scan the link, your voluntary informed consent is therefore obtained with regard to data processing with the Whats App Business API. For this purpose, your IP address will be stored as long as this is necessary for the proof of consent. You can revoke your consent at any time without disadvantage to you vis-à-vis Cenit at datenschutzbeauftragter@cenit.com as well as at Pitch you, see contact details in the imprint of Pitch you. However, the revocation is only for the future, the previous data processing is not affected.

Before the interview process via Whats App, we will additionally check whether you are already 16 years old by entering your date of birth and obtain consent for the Whats App use and confirmation that you have read and understood the terms of use before the interview starts. As far as the age limit is not reached and the consent as well as the confirmation of the knowledge of the terms of use is not given, the interview will be aborted. You will be informed that a short recording of the interview will be made.

An application via Whats App is not mandatory. It is possible for you to choose another application channel at any time.  Your data will always be deleted from Pitch you even if the communication is not continued within 24h, the command to end the communication was given by you.

In Whats-App Business API, the data is deleted immediately after it has been transferred to Pitch you.

4. Data transfer to a third country or to an international organization

Data transfer to countries outside the EU/EEA (so-called third countries) or to international organizations only take place if this is necessary for the execution of existing employment or training contracts, or is required by law, or if you have given us your consent. If service providers in third countries are used by us, they will be held accountable in accordance with Art. 44 et seq. GDPR to comply with European data protection standards within the framework of a written contract based on the EU Standard Contracts or the Binding Corporate Rules, unless there is an adequacy decision by the EU Commission.

5 Duration of data storage

If Cenit AG concludes an employment or training contract with you, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. The legal basis for data processing is Art. 88 GDPR in conjunction with. § 26 (1) BDSG. If no employment or training contract is concluded with you as an applicant, the application documents will be deleted no later than 6 months after the conclusion of the application process, provided that no other legitimate interests of our company oppose deletion that allow longer data processing. Furthermore, we will only process and use your data if you have given us your explicit consent to do so and for the period specified therein. If you have given your consent for inclusion in the applicant pool, the data will be stored for a period of 12 months from the date on which you gave your consent. After this period, the data will be deleted.

If an employment contract is concluded, your data will be transferred to the personnel file and processed there within the framework of the existing employment contract in accordance with § 26 (1) BDSG.

6. Data protection rights of the data subjects

Every data subject has the right of access pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR, the right to object pursuant to Art. 21 GDPR, the right to revocation pursuant to Art. 7 para. 3 GDPR and the right to data portability pursuant to Art. 20 GDPR. With regard to the right of access and the right of erasure, the restrictions pursuant to Sections 34 and 35 BDSG apply. In addition, there is a right to lodge a complaint with a supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).

Consent given to our company can be revoked in accordance with Art. 88 GDPR in conjunction with. § 26 para. 2 BDSG, Art. 7 para. 3GDPR at any time. This also applies to the revocation of declarations of consent given to us before the applicability of the GDPR, i.e. before May 25, 2018. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected. If you wish to exercise your right of revocation, this is possible without any formalities; for example, an e-mail to datenschutzbeauftragter@cenit.com is sufficient.

7. Obligation to provide data

As part of the application process, you must provide the personal data that is required for the application process or that we are legally obligated to collect. Without this data, we will generally not be able to invite you for an interview and will have to refuse to conclude an employment or training contract.

8. Existence of automated decision-making (including profiling)

In order to carry out the application process, we generally do not use fully automated decision-making pursuant to Art. 22 GDPR. Profiling is not used by our company either in the application process or in the employment relationship.

Description and Scope of Data Processing

On our website, we offer users the opportunity to register for trainings; this requires the user to submit personal data. These data are entered into an input mask, transmitted to us and stored by us. There shall be no disclosure of the data to third parties.

The following data are collected as part of the registration process:

First name
Surname
Company / street / house number / postcode / city
Phone
Email Address
Name(s) of participant(s)

This data is required to process the training contract.

Description and Scope of Data Processing

On our website, we offer users the opportunity to register for webinars; this requires the user to submit personal data. These data are entered into an input mask, transmitted to us and stored by us.

The following data are collected as part of the registration process:

First name
Surname
Company
Email Address
Name of participant

As part of the registration process, we require that the user consent to our processing of this information.

For webinars we work together with the US provider LogMeIn Inc. (GoToWebinar). You receive your dial-in data directly from LogMeIn. To this purpose, we transfer your login information to LogMeIn in California/USA. LogMeIn Inc. is certified under the EU-U.S. Privacy Shield.

For the integration between different tools we use also Zapier (to send user data to GoToWebinar, for registering you to the webinars), a service of Zapier Inc, 548 Market St #62411, San Francisco, California  CA 94104-5401, USA. Zapier fully supports the privacy rights of our customers and our users and is fully GDPR-compliant. Further information on data protection at Zapier can be found at zapier.com/privacy.

To ensure an adequate level of data protection, we have entered into a contract processing agreement with LogMeIn and Zapier based on the EU Standard Contract Clause. The legal basis for the use of LogMeIn Inc. is Art. 6 Para. 1 GDPR.

Furthermore our data protection information applies.

The user has the right to receive information on request about their personal data which has been collected and stored. The user also has the right to correct incorrect data or the blocking and deletion of their personal data, insofar as there are no contradictory statutory retention obligations.

Right of appeal to the supervisory authority

Additionally, the user is entitled to register a complaint with the data privacy supervisory authority regarding our processing of his or her personal data.