DATA PRIVACY STATEMENT
This data privacy statement informs users about the type, scope and purposes of the collection and use of personal data by the responsible provider on this website and our other online offerings (hereinafter "offering").
Tel.: +49 711 7825-30
Fax: +49 711 7825-4000
Peter Schneck - CEO
Axelle Mazé - CFO
CONTACT INFORMATION OF THE DATA PROTECTION OFFICER:
intersoft consulting services AG
Beim Strohhause 17
The use of our website is normally possible without providing personal data.
To the extent that personal data is collected on our pages (e.g. name, postal address or email addresses), this always takes place on a voluntary basis, insofar as possible.
Personal information we receive from you about others
If you book trainings or webinars not only for yourself, but for another participant, a colleague or an employee, these data are processed exactly as you specify them.
We also collect navigation information. This is the data on your computer relating to your visit to our website, particularly your IP address, your location, the browser that you used, referral source, duration of your visit and pages visited by you.
In addition to the other types of use that are listed in this data privacy statement, we use your personal data to improve your use of the browser with personalization of websites and for improvement of the registration service.
By filling out a registration form on our website, you agree to receive emails from CENIT.
The emails contain information about new products and offers.
We do not provide third parties with your personal data that we process for the delivery of emails. You can unsubscribe from these emails at any time with effect for the future.
We use navigation information in order to operate and improve the websites and our registration service. We use navigation information by itself or in combination with personal data in order to send you personalize information about our company.
This data is not given to third parties without your express consent.
The provider (and/or their webspace provider) collects data each time the offering is accessed (so-called server log files). The access data includes:
- the name of the visited website, file, date and time of the visit, quantity of data transmitted, notification of a successful visit, browser type and version, operating system of the user, referrer URL (previously visited site), IP address and the inquiring provider.
The provider uses the log data exclusively for statistical evaluations for the purpose of operation, security and optimization of the offering. The provider reserves the right to review the log data retroactively if there is a justifiable suspicion of illegal use based on concrete indications.
Where we require affected individuals to consent to the processing of personal data, the legal basis is Art. 6 para. 1 lit. a of the EU’s General Data Protection Regulation (GDPR).
When we process personal data in the course of fulfilling a contract to which the affected individual is a party, the legal basis is Art. 6 para. 1 lit. b GDPR. This also applies to processing in the context of pre-contract activities.
Where processing of personal data is required to fulfill a legal obligation on our enterprise, the legal basis is Art. 6 para. 1 lit. c GDPR.
Where vital interests of the affected person or other natural persons require the processing of personal data, the legal basis is Art. 6 para. 1 lit. d GDPR.
Where the processing of data is required to safeguard a legitimate interest of our enterprise or a third party and where the interests, fundamental rights and basic freedoms do not outweigh the aforenamed interest, the legal basis of data processing is Art. 6 para. 1 lit. f GDPR.
Personal data of affected individuals shall be deleted or barred from access as soon as the purpose of data storage is fulfilled. Additionally, data may be stored if and when required by European or national legislation, i.e. European regulations, statutes or other provisions to which the responsible party is subject. Data shall also be deleted or barred from access upon lapse of a storage period prescribed by one of the aforementioned legal instruments, provided that further storage is not required for purposes of the conclusion or fulfillment of a legal contract.
Our website features a contact form which may be used to contact us electronically. Where a user avails himself/herself of this opportunity, the data entered in the input fields will be transmitted to and stored by us. These data could be:
When you transmit such data to us, we will request your consent to process said data and refer you to this declaration of data confidentiality.
Alternatively, you may contact us via the provided email address. In this case, the person-related data you transmit in the email message will be stored.
There shall be no disclosure of the above data to third parties, except to the subsidiaries of CENIT AG and their majority shareholdings. The data shall be used exclusively for purposes of processing the respective communication.
Once the user issues his or her consent to data processing, the legal basis for such processing is Art. 6 para. 1 lit. a GDPR.
For the processing of data transmitted by way of email communication, the legal basis is Art. 6 para. 1 lit. f GDPR. Where the purpose of the email communication is the conclusion of a contract, an additional legal basis for data processing is Art. 6 para. 1 lit. b GDPR.
For our part, we use personal data from the input fields only to process the respective communication. Where contact is initiated by email, this also constitutes a legitimate interest in processing said data.
Other personal data processed during dispatch of the communication serve to prevent misuse of the contact form and to safeguard the security of our information technology systems.
The data are deleted as soon as they are no longer required for attaining the purposes for which they were gathered. For personal data contained in the input fields and for those transmitted via email, this occurs when the respective communication with the user ends. This is the case when circumstances indicate that the matter at hand is conclusively resolved.
The user may revoke his or her consent to our processing of personal data at any time. Where the user contacts us vie email, he or she may reject storage of his or her personal data at any time. In such cases, we will be unable to continue the communication.
Please see below for a description of how consent may be revoked and how storage may be rejected.
In either case, all personal data stored in the course of the communication shall be deleted.
Our website offers you the opportunity to subscribe to a free newsletter. When registering for such a subscription, you transmit the data from the input fields to us. We require the following as mandatory information:
We request that you consent to our processing of said data and refer you to this declaration of data confidentiality.
We will not disclose data processed in the context of newsletter dissemination to third parties. The data shall be used exclusively for purposes of newsletter dissemination and will be saved to our CRM system exclusively for this purpose.
You can manage many online advertising cookies of companies via the US web page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/uk/your-ad-choices/.
You can find more information about our cookies here cookie notice and further details.
This offering uses Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. Google analytics uses so-called "cookies", text files that are stored on the computers of the users and which enable an analysis of the use of the website by them. The information generated by the cookie about the use of this website by the users is normally transferred to a Google server in the USA and stored there.
However, if IP anonymization is activated on this website, the IP addresses of the users are truncated beforehand within Member States of the European Union or in other Treaty States party to the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the USA and truncated there in exceptional cases. IP anonymization is activated on this website. Google uses this information on behalf of the operator of this website in order to evaluate the use of the website by the users in order to compile reports on the website activity and in order to provide the website operator additional services related to the website use and internet use.
The IP address communicated by your browser within the scope of Google Analytics is not combined with other data by Google. Users can prevent the storage of cookies with an appropriate setting in their browser software; however, it should be taken into that it may not be possible to use all functions of this website to the full extent. Users can also prevent collection of the data generated by the cookie and related to their use of the website (including their IP addresses) by Google and the processing of said data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
As an alternative to the browser add-on or within browsers on mobile devices, please click on this link https://tools.google.com/dlpage/gaoptout?hl=en in order to prevent future collection of data by Google Analytics within this website. In the process, an opt-out cookie will be stored on your device. If you delete your cookies, you have to click on this link again.
This Website uses the map service Google Maps via an API. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.
To use the functions of Google Maps it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.
You can find more information on the handling of user data in Google's data protection declaration: https://policies.google.com/privacy?hl=en&gl=en.
This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
The use of Google Maps is in the interest of an appealing representation of our online offers and at an easy findability of the places indicated by us on the website.
The IP addresses are usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.
We utilize HubSpot for our online marketing activities on this web site. HubSpot is a software company from the USA with a subsidiary in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Telephone: +353 1 5187500.
This involves an integrated software solution, with which we cover various aspects of our online marketing. This includes, among other things:
The legal basis for the use of services from HubSpot is Art. 6 I f of DS-GVO (data protection basic regulation) - legitimate interest. Our legitimate interest in the use of this service is the optimization of our marketing activities and the improvement of our service quality on the web site.
More information on the privacy policies of HubSpot.
More information from HubSpot with respect to the EU privacy policies.
If you do not want any collection of data by HubSpot in general, you can prevent the storage of cookies at any time through your browser settings.
Some of our web pages feature embedded YouTube videos. YouTube is a service provided by the US company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. For all YouTube videos on our web pages, we have activated the so-called “advanced privacy settings”. These advanced privacy settings are provided by YouTube with the assurance that YouTube will not save cookies containing personal data to the user’s computer unless and until he or she has clicked on and played a video using the YouTube video player. When calling up the websites and for purposes of embedding videos, their IP address will be transmitted. This IP address cannot, however, be assigned to users personally unless they have logged on to YouTube or another Google service before calling up the web page and/or are continually logged on to these services.
As soon the user starts an embedded YouTube video it, YouTube will, due to the advanced privacy settings, save only such cookies to his or her computer as contain no personally identifiable data. These cookies can be blocked by way of appropriate browser settings and expansions.
For further information on embedded YouTube videos, please refer to the data privacy information of YouTube.
Some of our web pages feature embedded Vimeo videos. Vimeo is a service provided by the US company Vimeo.com, Inc., Data Protection Officer, 555 West 18th Street, New York, New York 10011. For all Vimeo videos on our web pages, we have activated the so-called “advanced privacy settings”. These advanced privacy settings are provided by Vimeo with the assurance that Vimeo will not save cookies containing personal data to the user’s computer unless and until he or she has clicked on and played a video using the Vimeo video player. When calling up the websites and for purposes of embedding videos, their IP address will be transmitted. This IP address cannot, however, be assigned to users personally unless they have logged on to Vimeo service before calling up the web page and/or are continually logged on to these services.
As soon the user starts an embedded Vimeo video it, Vimeo will, due to the advanced privacy settings, save only such cookies to his or her computer as contain no personally identifiable data. These cookies can be blocked by way of appropriate browser settings and expansions.
For further information on embedded Vimeo videos, please refer to the data privacy information of Vimeo.
We utilize ZoomInfo for our online marketing activities on this web site. ZoomInfo is ZoomInfo Technologies LLC, and we are located at 805 Broadway St, Suite 900, Vancouver, WA 98660. ZoomInfo is a registered data broker in the State of California. We are using the WebSignal function to track the traffic on our webpage. The Websignal is using our baseline cookies.
More information on the privacy policies of ZoomInfo: https://www.zoominfo.com/about-zoominfo/privacy-policy
If you do not want any collection of data by ZoomInfo in general, you can prevent the storage of cookies at any time through your browser settings.
Scope of processing personal data
We manage a “Fan Page” on the Facebook social network at URL https://www.facebook.com/CENITNorthAmerica
This privacy statement is provided to inform the users of our Fan Page pursuant to the General Data Protection Regulation (GDPR) of the type, scope and purpose of the personal data that we collect and use.
Legal basis for processing personal data
In its decision of June 5, 2018, the European Court of Justice (ECJ) stated that operators of a Facebook page are responsible together with Facebook for processing personal data.
We as the operators of the Fan Page have no interest in collecting and further processing your personal data for analysis and marketing purposes.
The Facebook page is managed on the basis of our legitimate interests in offering informational and interaction opportunities for and with our readers and visitors pursuant to Art. 6 (1) (f) GDPR that are up-to-date and supportive.
Type of data processing
We are aware that Facebook processes the data of its users for the following purposes:
• Advertising (analysis, creation of personalized advertising)
• Preparation of user profiles
• Market research
Facebook Inc., the US parent company of Facebook Ireland Ltd. is certified under the EU-U.S. Privacy Shield, thus guaranteeing that it upholds European data protection regulations. More information on Facebook’s privacy shield status can be found here: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
We as the operator of the page cannot exclude that our users’ personal data will not be transferred and further processed to third countries, such as the USA, nor can we exclude the potential risks associated with any such transfer.
Option to object
If you are a member of Facebook and you do not want Facebook to collect data about you through our Fan Page and link such data with your membership data stored on Facebook, you must:
- Log off of Facebook or deactivate the function “remain logged off” before visiting our Fan Page on Facebook
- Delete any existing cookies on your device
- Restart your browser
This way, according to information provided by Facebook, all Facebook information that would allow you to be identified is deleted.
The so-called “Insights” linked to the Facebook page allows us to access statistical data of various categories. These statistics are generated and provided by Facebook. We as the operator of this page have no influence on how such data are generated and presented. We cannot discontinue this function, nor can be prevent the generation and processing of such data.
Facebook provides us with the following data that we can select for a period of time and for each category of followers, subscribers, number of people reached and page engagement relating to our Facebook page:
Total number of page views, “Like” details, page activities, post interactions, reach, video views, post reach, comments, shared content, responses, percentage of men and women, origin broken down by country and city, page access and clicks, clicks on trip planner, clicks on phone numbers.
Rights of the users
When rights of the data subject are asserted, Facebook is primarily responsible for the processing of Insights data, and as such the rights of the data subject defined in Art. 15 to 22 GDPR are met by Facebook. Generally, this relates to the right to information, rectification, blocking, notification, data transfer, objection and automated decisions in individual cases, including profiling.
If you would like to assert these rights, you may either contact us or you can contact Facebook directly. If you choose to contact us, we will ensure that Facebook is immediately notified that rights of a data subject are being asserted.
For more information about this, please refer to the addendum on the Insight pages by clicking on the link below:
If in the future you no longer wish for your data to be processed as described herein, we ask that you please revoke the connection between your user profile and our Fan Page by using the functions “Unlike this page” and/or “Unsubscribe from this page”.
Some of our internet products contain hyperlinks to other websites which are not operated by CENIT AG. We do not monitor these websites and are not responsible for their content or their treatment of personal data.
In this context, data processing serves to protect a justified interest of our enterprise, and this interest is not outweighed by the interests, fundamental rights and basic freedoms of the user. The legal basis for the processing of personal data via the use of hyperlinks is Art. 6 para. 1 lit. f GDPR.
To ensure an attractive user experience, our digital offer also includes “social plugin” functions.
Regarding the Facebook network: This is offered and operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. The content of widgets is transmitted by Facebook directly to your browser and also displayed in our systems without our having any influence on the content.
Regarding the Twitter network: This is offered and operated by Twitter Inc., One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. The content of widgets is transmitted by Facebook directly to your browser and also displayed in our systems without our having any influence on the content.
Regarding the YouTube network: This is offered and operated by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. The content of widgets is transmitted by Facebook directly to your browser and also displayed in our systems without our having any influence on the content.
To protect your privacy, we offer these social plugins as HTML-linked button clicks. For you, this means that your data are transmitted only when you actively click the plugin button (share, like, etc.), are registered with the relevant provider and have visited its websites in the past. Prior to your click, no data are transmitted.
The social plugins also let you share our content via your personal social media account. When you use this feature, no personal data pertaining to you will be processed by CENIT AG.
The respective social media provider is able to allocate any visit to our website to your user account. We hereby inform you that CENIT AG has no influence on this fact and receives no information on the content of the transferred data or their use by the social media provider.
The data shall be deleted as soon as they are no longer required to attain the purpose for which they were collected.
For further information on the type, purpose and extent of data collection as well as the processing and use of your data by the respective social media provider, please refer to the provider’s data confidentiality information. Here you will also learn more about your rights and settings that protect your privacy.
With the following information we give you an overview of the processing of your personal data within the online application process at CENIT AG and your rights with regard to data protection.
1. Name and contact details of the data controller and the data protection officer
D-70565 Stuttgart, Germany
Phone: +49 711 7825-30
Fax: +49 711 7825-4000
- Company data protection officer:
D-70565 Stuttgart, Germany
Phone: +49 711 7825-30
Fax: +49 711 7825-4000
2. Information on the categories and sources of personal data that we process
As part of your online application, our company will first store the data you provide (such as name, address, marital status, age, nationality, qualification, curriculum vitae, work experience, certificates, etc.) so we can evaluate your application accordingly. If you inform us about the characteristic of a severe disability, an equality with a severely disabled person or other special categories of personal data in connection with your application will also be stored. You also have the opportunity to create and submit a motivation video. The resulting video file will be added to your application. You also have the opportunity to submit your CV, which you have published on LinkedIn/Xing, to us. The transferred data will be saved together with your application. A so-called pre-employment screening of your person only takes place in professionally oriented networks such as XING or LinkedIN. Further screenings, especially of leisure-oriented networks such as Facebook, Google+, Instagram and the like, do not take place. In the further application processes, in particular through telephone, electronic/written contacts with you or during job interviews, further personal data is generated which is evaluated and stored accordingly for the purpose of the application process.
3. Purpose of data processing and indication of legal basis
Our company processes the aforementioned personal data exclusively in accordance with the GDPR and the German Federal Data Protection Act (BDSG). The purpose of data processing is to carry out the application procedure and any subsequent employment relationship. The legal basis for data processing is Art. 88 GDPR in conjunction with § Section 26 (1) BDSG, the legal basis for the storage of special categories of personal data is Art. 88 GDPR in conjunction with Art. 88 GDPA § Section 26 para. 3 BDSG. Any further use of your data will not take place.
4. Recipient of the data
Within our company, only those positions that absolutely need your data in order to carry out the application procedure will have access to your data. These are primarily employees of the HR department as well as the responsible managers who receive access rights to relevant applications on a case-by-case basis. All our employees are also obliged to maintain confidentiality. For certain technical data processing processes, our company makes use of the support of external service providers, who may have access to your personal data in order to provide these services. All of our contract processors are carefully selected and meet high data protection and security standards. They are also bound to secrecy and process data only on behalf of and in accordance with the instructions of our company.
With regard to the passing on of data to third parties, it should always be noted that we only pass on information about you if (i) in accordance with Art. 88 GDPR in conjunction with § 26 para. 1 BDSG is necessary to initiate the execution of a contract or to safeguard our legitimate interests, (ii) there is a legal obligation, (iii) you according to art. 88 DS-GVO in conjunction with § 26 para. 2 BDSG have given your consent, (iv) and/or contract processors carefully selected by us will act for us under strict confidentiality and in compliance with the obligations resulting from Art. 28 GDPR.
Under these conditions, recipients of personal data may be, for example:
- Public authorities and institutions where there is a legal or official obligation.
- Lawyers, insofar as this is necessary to safeguard the legitimate interests of our company.
5. Transfer of data to a third country or to an international organization
Data will only be transferred to countries outside the EU/EEA (so-called third countries) or to international organizations if this is required by law for the execution of existing employment or training contracts, if you have given us your consent or as part of order processing. If service providers are employed in third countries, they are subject to the provisions of Art. 44 et seq. of the German Civil Code. DS-GVO to comply with the European data protection standards, unless the EU Commission has taken a decision on adequacy.
6. Duration of data storage
If CENIT AG concludes an employment or training contract with you, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the legal provisions. The legal basis for data processing is Art. 88 GDPR in conjunction with § 26 para. 1 BDSG. If no employment or training contract is concluded with you as the applicant, the application documents will be deleted not later than 6 months after notification of the rejection decision, provided that no other legitimate interests of our company stand in the way of deletion. Furthermore, we will only process and use your data if you have given us your explicit consent to do so (opt-in not preset in the online application form "consent extended use"). The data will then be stored, processed and used for the purpose of contacting you again in the event of a (training) position suitable for you. In this case, the data will be stored for a period of 12 months beyond the end of the original application procedure. After this period has expired, the data will be deleted if no employment or training contract has been concluded with you and if there are no other legitimate interests of our company which prevent deletion. Other legitimate interests of our company may arise, for example, from the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz - AGG).
7. Data protection rights of the persons concerned
Each affected Person has the right of inquiry pursuant to Art. 15 GDPR, the right of rectification pursuant to Art. 16 GDPR, the right of deletion pursuant to Art. 17 GDPR, the right of limitation of processing pursuant to Art. 18 GDPR, the right of opposition pursuant to Art. 21 GDPR and the right of data portability pursuant to Art. 20 GDPR. The restrictions under §§ 34 and 35 BDSG apply to the right to information and the right to cancellation. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).
Any consent given to our company can be used in accordance with Art. 88 GDPR in conjunction with § 19 BDSG. § 26 (2) BDSG Art. 7 GDPR may be revoked at any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into force, i.e. before 25 May 2018. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected by this. If you wish to make use of your right of withdrawal, this can be done without any formal requirements; an e-mail to firstname.lastname@example.org, for example, is sufficient.
8. Obligation to provide data
As part of the application process, you must provide the personal information that is necessary to complete the application process or that we are legally required to collect. Without this information, we will generally not be able to invite you for an interview and will be required to decline an employment or training contract.
9. Existence of automated decision making (including profiling)
In principle, we do not use fully automated decision-making in accordance with Art. 22 GDPR to carry out the application procedure. Should we use these procedures in individual cases, we will inform you separately if this is required by law. Profiling is not used by our company either in the application procedure or in the employment relationship.
Description and Scope of Data Processing
On our website, we offer users the opportunity to register for trainings; this requires the user to submit personal data. These data are entered into an input mask, transmitted to us and stored by us. There shall be no disclosure of the data to third parties.
The following data are collected as part of the registration process:
Company / street / house number / postcode / city
Name(s) of participant(s)
This data is required to process the training contract.
Description and Scope of Data Processing
On our website, we offer users the opportunity to register for webinars; this requires the user to submit personal data. These data are entered into an input mask, transmitted to us and stored by us.
The following data are collected as part of the registration process:
Name of participant
As part of the registration process, we require that the user consent to our processing of this information.
For webinars we work together with the US provider LogMeIn Inc. (GoToWebinar). You receive your dial-in data directly from LogMeIn. To this purpose, we transfer your login information to LogMeIn in California/USA. LogMeIn Inc. is certified under the EU-U.S. Privacy Shield.
For the integration between different tools we use also Zapier (to send user data to GoToWebinar, for registering you to the webinars), a service of Zapier Inc, 548 Market St #62411, San Francisco, California CA 94104-5401, USA. Zapier fully supports the privacy rights of our customers and our users and is fully GDPR-compliant. Further information on data protection at Zapier can be found at zapier.com/privacy.
To ensure an adequate level of data protection, we have entered into a contract processing agreement with LogMeIn and Zapier based on the EU Standard Contract Clause. The legal basis for the use of LogMeIn Inc. is Art. 6 Para. 1 GDPR.
Furthermore our data protection information applies.
The user has the right to receive information on request about their personal data which has been collected and stored. The user also has the right to correct incorrect data or the blocking and deletion of their personal data, insofar as there are no contradictory statutory retention obligations.
Right of appeal to the supervisory authority
Additionally, the user is entitled to register a complaint with the data privacy supervisory authority regarding our processing of his or her personal data.