Data protection and privacy policy

We take the protection of your personal data very seriously and treat your personal information confidentially and in compliance with the legal data protection regulations of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG), as well as this data protection policy.

The following information provides an overview of how we process your personal data and your rights.

Who is responsible for processing the data and who can I contact?

The responsible body is:

Projektron GmbH
Charlottenstraße 68
10117 Berlin
Germany

Tel.: +49 30 3 47 47 64-0
Fax: +49 30 3 47 47 64-999

Email: datenschutz(at)projektron.de

You can contact our external data protection officer at:

Projektron GmbH
C. Rocco Wittig
Charlottenstraße 68
10117 Berlin
Germany

To whom does this data protection policy apply?

This privacy policy applies to all visitors to this website, to applicants, and to persons with whom we conduct online meetings via platforms we offer.

Which data do we use?

You can generally use our web pages without disclosing your identity, unless you send us an email or a message via the contact form, or give your consent to receive information (newsletters), register for our events, or apply for a job vacancy. In these cases, we only process the data which is necessary to answer your inquiry or to provide our information. Which data is collected can be seen in the respective entry form. The respective fields are marked as mandatory. If we request you to provide additional information, the provision occurs on a voluntary basis. We use this information to provide more tailored offers or adjust them to the needs of our customers.

What are the specific purposes for using your data and upon which legal basis do we use it?

We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). Please also note our information on your right of objection in accordance with Article 21 GDPR.

a) For the fulfillment of contractual obligations (Art. 6 Para. 1b GDPR)

Personal data is processed for the performance of a contract, as well as to conduct pre-contractual measures at your request, e.g. for the registration for and organization of events.

b) As part of the balancing of interests (Art. 6 Para. 1f GDPR)

Whenever necessary, we process your data beyond the fulfillment of our contractual obligations for the purposes of legitimate interests pursued by us or by a third party.

To assert or defend legal claims in case of a legal dispute
To guarantee IT security
For direct marketing
To answer your inquiry

c) Based on your consent (Art. 6 Para. 1a GDPR)

Insofar as you have given your consent to the processing of personal data for specific purposes, this processing is lawful based on your consent. You have the right to revoke your consent at any time. Please note that the revocation is only effective for future processing. Processing which has taken place prior to the revocation is not affected.

Sending of informational material
Processing of your job application
Provision of newsletters: You have the option of canceling your subscription immediately with every newsletter.

d) Based on legal requirements (Art. 6 Para.1c GDPR) or in the public interest (Art. 6 Para.1e GDPR)

The company is also subject to various legal obligations (e.g. the Commercial Code, tax laws).

Who receives access to my data?

Access to your data is provided to those within Projektron who need it in order to fulfill our contractual and legal obligations or as part of the balancing of interests. Service providers and agents utilized by us may receive access to the data for these purposes if they observe our confidentiality and our provisions regarding data protection laws. Transfer of data to third parties only occurs within the framework of the provisions by the GDPR and BDSG.

Is the data transferred to a third country?

Data is transferred to countries outside the EU or the EEA (so-called third countries) in the case of individual processing operations.

How long is my data stored?

We process and store your personal data as long as it is needed to fulfill our contractual and legal obligations or as part of the balancing of interests. If the data is no longer required for these purposes, it is deleted regularly, unless its – restricted – further processing is required to fulfill storage periods in accordance with commercial law or tax law, such as the German Commercial Code and the German Fiscal Code. The storage and documentation periods specified there range from six to ten years.

Which data protection rights do I have?

In accordance with Article 15 GDPR, you have a right to be provided with information on your stored data, according to Article 16 GDPR you have a right to rectification, according to Article 17 GDPR you have a right to erasure, according to Article 18 GDPR you have a right to the restriction of processing of your data, according to Article 21 GDPR you have a right to object and the right to data portability according to Article 20 GDPR. Furthermore, you have the right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR in conjunction with § 19 BDSG).

Consent given for the processing of personal data may be revoked at any time. Please note that the revocation is only effective for future processing. Processing which has taken place prior to the revocation is not affected. Please also note our information on your right of objection in accordance with Article 21 GDPR.

Is there an obligation to provide data?

As part of a contact inquiry or the ordering of information, you are obligated to provide the personal data which is required to process these requests (marked mandatory fields). Without this data, we are unable to answer your inquiry or provide you with the requested information.

Is there an automated decision-making process which includes profiling?

We generally do not use any fully automated decision-making processes including profiling in accordance with Article 22 GDPR.

Information on your right to object in accordance with Article 21 GDPR

a) Individual right to object

You have the right to object to the processing of your personal data for reasons arising from your particular special situation, provided that the processing of the data is done for reasons of public interest or based on the balancing of interests. This includes profiling. In case of an objection, we will no longer process your personal data, unless we can prove compelling legitimate grounds for processing this data, which outweigh your interests, rights and freedoms. Or your personal data serves for the assertion, exercise or defense of legal claims.

b) Objection to the processing of your data for direct advertising

In individual cases, we may use your personal data for our direct advertising. You have the right to object to this at any time, including against profiling if it is related to direct advertising. In case of an objection, we no longer process your personal data for these purposes. The objection need not follow any particular form and should be addressed to our data protection officer, whose contact address is specified above.

Which data is processed when using the website?

a) Use-related information

We obtain usage data when our web pages are opened. This includes information on screen resolution, browser version, internet access, operating system, language, plug-ins used, origin by country/region and on search engines. This data is exclusively processed for statistical purposes and for optimizing our web pages. Data is not transferred to third parties and no user-related evaluation takes place. Furthermore, we save the communication data to our web pages (IP addresses) for a short period of several days to ensure IT security.

b) Use of cookies

Session cookies are used when calling up individual pages to facilitate navigation. These cookies expire after your session has ended and do not contain any personal data, i.e. the contents of the cookies are not evaluated in relation to the user. You can adjust your browser settings to only allow cookies in individual cases or not at all.

Cookies required for the electronic communication process or for providing certain functions are stored on the basis of Art. 6 Para. 1 lit. f GDPR. In this case, cookies are stored for optimizing the provision of our services and ensuring they are free from technical errors. Deactivating cookies may limit the functionality of this website.

How secure is my data?

In order to protect the personal data of our customers and interested parties, we use a secure online-transferring method known as “Secure Socket Layer” (SSL) technology. All information transferred with this secure method is encrypted prior to being sent. Your personal data is exclusively processed in computing centers and on computers which are protected by security technologies that comply with the industry standard (e.g. Firewalls, password protection, access control, etc.).

Which plug-ins and tools are used on the website?

YouTube with expanded data protection

This website embeds videos provided by YouTube. The site is operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in the expanded data protection mode. According to YouTube, this mode ensures that YouTube does not store any information on the visitors to this website before the users watch the video. However, forwarding of data to YouTube partners is not explicitly excluded by the expanded data protection mode. This means that YouTube – regardless of whether you watch a video – establishes a connection to the Google DoubleClick network.

A connection to YouTube servers is established as soon as you start watching a YouTube video on this website. Information on which of our pages you have visited is provided to the YouTube server. When you are logged in to your YouTube account, you make it possible for YouTube to directly link your surf behaviour to your personal profile. You can prevent this from occurring by logging out of your YouTube account.

Moreover, YouTube can store various cookies on your end device when you start a video. These cookies allow YouTube to obtain information on visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent any attempted frauds. The cookies remain on your end device until you delete them.

It may occur that additional data processing activities are triggered when starting a YouTube video; we cannot influence these activities.

Using YouTube is intended to provide an appealing representation of our online offering. This represents a legitimate interest in the meaning of Art. 6(1) lit. f of the GDPR. Additional information on data protection at YouTube is available in its data protection declaration at: https://policies.google.com/privacy?hl=en-GB.

Matomo

This website uses the web analysis service Matomo. Matomo is an analysis tool that is used to analyze the surfing behavior of users and to obtain information about the use of the individual components of the website. This enables us to constantly optimize the website and its user-friendliness. As a self-hosted analytics service, Matomo does not send any data to third parties and only collects anonymized user data.

The use of Matomo is based on our legitimate interest Art. 6 para. 1 lit. f GDPR.

Contacting us (Powermail & Netup Projektron)

When contacting us (e.g. via contact form, e-mail, telephone or via social media), the user's details are used to process the contact request and its processing in accordance with. Art. 6 para. 1 lit. b. (in the context of contractual/pre-contractual relationships), Art. 6 para. 1 lit. f. (other requests) GDPR. The plugins Powermail and Netup Projektron are used for this. User information can be stored in a customer relationship management system (“CRM system”) or a comparable request organization. We delete the requests if they are no longer required. We review the necessity every two years; furthermore, the statutory archiving obligations apply.

Data processing for job applications

We offer you the opportunity to apply for a job with us. If you send us an application, we will process your associated personal data (contact and communication data, curriculum vitae, certificates, notes taken during job interviews), insofar as this is necessary to decide whether to establish an employment relationship.

Should the data be required after the application process has been completed, for example for the purposes of legal proceedings, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests in accordance with Art. 6 (1) (f) GDPR. In this case, our interest lies in the assertion of or defense against claims.

By agreeing to the processing of your application by clicking on the “Send application” button, you declare your consent to us storing and processing your data for the purposes of the application, filling the position and hiring. You can revoke this consent and withdraw your application at any time.

The personal data you enter in the application form will be processed by us exclusively for the purposes of processing your application and in the staffing process. Staffing is carried out in collaboration with the responsible employees of our human resources department and the managers of the specialist departments.

Your data will be deleted six months after the application process has been completed, unless you agree to a longer storage period so that we can consider you for future job advertisements. If you are hired, your data will be transferred from the application management system to our personnel management system.

Data processing for online meetings

We use the Cisco WebEx and Microsoft Teams applications to conduct video conferences and online meetings.

In doing so, we and the providers process both connection data and content data. The connection data is the IP address of the respective end device and other data, especially when a login with a personal account and registered participation in video conferences or online meetings takes place. At the content level, moving images, profile pictures, the voice and spoken word, chat messages and shared content from the participants' screens may be processed. We only record content data if the participants give their consent.

The recipients of the connection and content data are administrators and, if applicable, other participants in the video conferences and online meetings.

The deletion of the connection and content data takes place after the purpose has ceased to exist.

The legal bases for data processing are our legitimate interest (Art. 6 (1) sentence 1 f) GDPR) and consent (Art. 6 (1) sentence 1 a) GDPR).

A transfer to third countries takes place. Cisco Systems, Inc. and Microsoft Corporation, as system operators, are based in the United States and thus in a third country. Both companies are part of the EU-US Data Privacy Framework. This means that the data processing by these companies is covered by the EU adequacy decision (Art. 45 GDPR).

Links to the websites of other providers

For the purpose of providing further information, our website may contain links to websites by other providers. We have no influence as to their compliance with the data protection and security regulations. Our data protection policy therefore does not cover these websites.