As of: 03/06/2020
- Who is responsible for the processing of my data?
- Which data is collected?
- Which cookies are used?
- What data is collected and for what purposes?
- Who receives my data?
- What privacy rights do I have?
- Final/version information
1. Who is responsible for the processing of my data?
81929 München (Munich)
E-mail: info (at) coloyal.de
D-81929 München (Munich)
is responsible for the processing of your data on this website (hereinafter referred to as “company”). The company processes personal data in accordance with the provisions of the GDPR and the Federal Data Protection Act (hereafter referred to as “BDSG”).
Contact for data protection is the following place.
D-81929 München (Munich)
E-mail address: email@example.com
2. Which data is collected?
When you visit the website, the calling computer automatically collects information (hereinafter referred to as “access data”). This access data includes server log files, which usually include information about the browser type and version, the operating system, the internet service provider, the date and time of use of the website, the previously visited websites and websites subsequently accessed via the website and the IP address of the computer. With the exception of the IP address, the server log files are not personally identifiable. An IP address is personally identifiable if it is permanently assigned to a person when using the Internet connection.
If you continue to use the services of the website, pseudonymous usage profiles and/or the data you enter on the website (e.g., search words, form input, click data) will be processed.
Some services of the website require you to provide personal information to the company. In these cases, the information you provided is going to be used to provide you with the service you required or to handle your request. The following personal data is processed on the website: User data such as salutation, first and last name, e-mail address, company, position, telephone number, and information in the free text field.
3. Which cookies are used?
Basically, cookies are only an online identifier without personal reference. Personal cookies are then, if in addition to the information generated by the cookies with other data, merged. A distinction can be made between the cookies required to support the functionality of the website and the cookies required for other purposes, such as user behavior analysis or advertising.
The cookies required to support the functionality of the website include, but are not limited to:
- Cookies temporarily storing certain user input (e.g. content of an on-line form);
- Cookies that store certain user preferences (such as search or language settings);
- Cookies that store data to ensure trouble-free playback of video or audio content.
The cookies that are required for further purposes include in particular the following:
- Analytics cookies in order to be able to record the usage behavior (e.g. clicked advertising banners, visited subpages, asked search queries) of our users and to evaluate them in statistical form.
4. What data is collected and for what purposes?
The purposes of the data processing may result from technical, contractual or legal requirements as well as from consent.
We use the data mentioned in paragraph 2 for the following purposes:
- To support the functionality of the website and to provide technical security, in particular to remedy technical errors and to ensure that unauthorized persons do not gain access to the systems of the website;
- For range measurements and web analytics to make the website more efficient, interesting and to undertake market research for you;
- For communication, contract initiation and customer care.
4.1 Technical provision of the website
4.1.1 Description and scope of data processing
For the functionality of the website, the performance of security analyzes and the defense against attacks, the server log files are automatically recorded as part of the accruing access data according to section 2 from the computer system of the calling computer when entering and using the website and stored at short notice. Storage of the server log files together with other data does not take place. The company uses the server log files for statistical analysis to analyze and correct technical incidents, to ward off attacks and fraud attempts and to optimize the functionality of the website.
4.1.2 Purposes and legal basis of data processing
The legal basis for the collection of the server log files is Art. 6 para. 1 lit. f GDPR. The functionality of the website, the performance of security analyses and the prevention of danger are the legitimate interests of the company.
4.1.3 Duration of storage or criteria for determining this duration
After accessing the web pages, the server log files are stored on the web server and the IP address contained therein is deleted after 7 days at the latest. An evaluation during this storage period takes place exclusively in the case of a cyberattack.
4.1.4 Opposition and removal option
You have the right to object to the processing of your data in the context of server log files, if there are reasons for this which arise from your particular situation. If you would like to exercise your right of objection, please contact the contact address specified in section 1.
4.2 Contact form, e-mail and telephone contact
4.2.1 Description and scope of data processing
On the website, there is the possibility to contact the company via a contact form, an e-mail address or a telephone number. If this option was available, data entered in the contact form, your e-mail address and/or your telephone number and your concerns will be transmitted to the company. Depending on the request (for example, questions about the company’s products and services, assertion of your rights, such as information) your contact details will be processed further (with the help of service providers). To the extent necessary to process your request, your contact information may be shared with third parties (such as affiliates).
4.2.2 Purposes and legal basis of data processing
The legal basis for the processing of your contact data is based on Art. 6 para. 1 lit. f GDPR. Your legitimate interests lie in the processing of your request and further communication. If your contact is aimed at concluding a contract with the company, the legal basis for the processing of your contact data is Art. 6 para. 1 lit. b GDPR.
4.2.3 Duration of storage or criteria for determining this duration
After processing your request and terminating further communication, the contact details will be deleted. Otherwise, if your contact is aimed at concluding a contract with the company or you assert your rights such as information. For this purpose, the data will be stored until the contractual and/or legal obligations have been fulfilled and statutory retention periods do not preclude deletion.
4.2.4 Opposition and removal options
You have the right to object to the processing of your contact details, provided that there are reasons for this arising from your particular situation. If you would like to exercise your right of objection, please contact the contact address specified in section 1. If you object, the communication cannot be continued if the storage of your contact data for the contract initiation or fulfillment of a contract or assertion of your data subject rights is required.
4.3 Web tracking
On the website there are built-in services that optimize the user-friendliness and measure the reach of the website. Your access data (see section 2) will be recorded and the usage behavior will be evaluated using analysis cookies (see section 3). For web tracking, a personal identification is basically not required, so that when you enter your access data, the stored IP address is either not used or only shortened and pseudonymous usage profiles are created. These are not merged with other data and you have the option of revocation at any time. The creation of personal usage profiles is carried out only in exceptional cases and if you have given your consent.
The web tracking services are usually provided by service providers who process the data only as directed by the person responsible and not for their own purposes as a so-called processor. This is ensured by contract processing contracts. If the service providers outside the European Union or the European Economic Area (hereinafter referred to as “EU or EEA”) process their data, a so-called third-country transfer takes place. This is permissible, provided that they have consented, the company has provided guarantees for a data protection level that is appropriate to the European standard or the EU Commission has classified the respective third country as a safe third country. The third country transfer of the respective service is indicated below. Further information on the recipients of your data can be found in section 7.
The web tracking services of the website are described in more detail below.
4.3.1 Google Analytics
The website uses the service Google Analytics. Provider of Google Analytics is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Google Analytics creates a pseudonymous usage profile to optimize the user-friendliness of the website. The pseudonymity is ensured by the fact that before you submit your data to Google, the IP address is shortened and so a conclusion to your person cannot be drawn. The pseudonymous usage profile is evaluated after delivery for the purpose of optimizing usability. A merge with other data from Google does not take place. Through a contract processing contract, the company ensures that Google processes the data only as instructed.
Through the use of Google Analytics, third-country transfers take place (see section 4.3). However, with certification under the EU-US Privacy Shield, Google ensures that the third-country transfer guarantees the European level of data protection.
4.3.2 Purposes and legal basis of data processing
The legal basis for recording and evaluating pseudonymous usage profiles is Art. 6 para. 1 lit. f GDPR. Optimizing the user-friendliness of the website and measuring the range are the legitimate interests of the company. Insofar as personal usage profiles are recorded and evaluated, the legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
4.3.3 Duration of storage or criteria for determining this duration
The data collected and evaluated when using the web tracking services are usually stored until you object to their use. If the data processing is based on your consent, your data will be stored until you revoke your consent.
4.3.4 Opposition and removal options:
You may opt-out of using the web tracking services at any time by modifying your browser settings and/or by using the following link(s) to download and install the available browser plug-ins: http://tools.google.com/dlpage/gaoptout?hl=en
If the data processing is based on your consent, you can revoke your consent at any time by clicking on the following link: Deactivate Google Analytics.
5. Who receives my data?
Within the company, those entities gain access to your data, which need to fulfill the purposes described in section 4 above. Also, service providers employed by the company may gain access to your data (so-called “processors”, e.g., data centers, customer service centers). Order processing contracts ensure the adherence to instructions, data security and the confidential handling of your data by these service providers.
A data transfer to other recipients, for example advertising partners, providers of social media services or credit institutions (so-called “third parties”), will take place if required by law or if you have consented.
The following third parties are included in the data transfer:
- Providers of social media services that for their own purposes merge their data from the website with the data already stored there.
- Providers of measurements and web analytics, who for their own purposes measure the reach of websites and create user profiles.
- Public bodies and institutions, such as law enforcement agencies, who receive access to your data due to compliance with legal or regulatory obligations.
Further information on the transfer of data to the respective third party can be found in the individual purposes according to Section 4.
6. Will my data be processed outside the EU or EEA (third country transfer)?
If the service providers listed in section 5 and/or third parties outside the EU or the EEA process your data for the purposes specified in paragraph 4, this may result in your data being transmitted to a country where none of the EU or the EEA reasonable level of data protection can be guaranteed. However, such a level of data protection can be ensured with a suitable guarantee. For example, standard contractual clauses provided by the EU Commission may qualify as a suitable guarantee. You may request a copy of these warranties from the contact details in section 1, if requested. Exceptionally, any warranty may be waived if you agree to it or if the third country transfer is required to fulfill your contract with the Company. The EU Commission has also recognized certain third countries as safe third countries, so that it is not possible at this point to provide any suitable guarantees from the company.
The following service providers process their data outside the EU or EEA:
- The use of web-tracking services involves service providers whose rights centers are located in a third country or who have access to data centers within the European Union or the EEA from a branch in a third country. The services, which are certified according to the EU-US Privacy Shield, ensure that the third-country transfer guarantees the European level of data protection.
7. What privacy rights do I have?
You have the right to get information about the personal data stored with us about you at any time. If any personal information about you is false or out of date, you have the right to ask for its correction. You also have the right to request the deletion or restriction of the processing of your data in accordance with Art. 17 or Art. 18 GDPR. You may continue to have the right to have the data you provided returned to you in a common and machine-readable format (right to data portability).
If you have given consent to the processing of personal data for specific purposes, you may revoke your consent at any time with future effect. The revocation must be send to the company at the contact address specified in section 1. Consents that you have given on the website can also be withdrawn at info (at) coloyal.de.
In accordance to Art. 21 GDPR, you have the right, at any time, for reasons arising from your particular situation, to object to the processing of your data, according to the legal basis of Art. 6 para. 1 lit. f GDPR. You also have the right to object to the processing of your personal data for the purpose of direct mail at any time. The same applies to the automated procedures when using individual cookies, as long as they are not absolutely necessary for the provision of the website.
In addition, you have the option to contact a data protection authority and file a complaint. The authority responsible for the company is the Bavarian State Office for Data Protection Supervision.
PO Box 606
Promenade 27 (castle)
E-mail Address: poststelle (at) lda.bayern.de
You can also contact the relevant data protection authority for your place of residence.
Final note/version information
Data protection information for job applications
Information on data protection regarding our processing of applicant data in accordance with Articles 13, 14 and 21 of the Basic Data Protection Regulation (DSGVO)
Dear applicant, thank you for your interest in our company. In accordance with the provisions of Articles 13, 14 and 21 of the Basic Data Protection Regulation (DSGVO), we hereby inform you about the processing of the personal data provided by you in the context of the application process and, if applicable, personal data collected by us and your rights in this regard. In order to ensure that you are fully informed about the processing and storage of your personal data within the application process, please take note of the following information.
1) Contact details of the person responsible
(Article 13(1)(a) of the DSGVO)
E-mail: info (at) coloyal.de
Phone: +49 (89) 40192 1300
2) Contact details of the data protection officer
(Article 13(1)(b) DPA)
e-mail: firstname.lastname@example.org or by post at the above address, stating ‘to the Data Protection Officer
3) Purpose and legal basis of the data processing
(Article 13(1)(c) of the DSGVO)
3.1) Purpose of the data processing
Execution of the processing of applications for a job, necessary processing in connection with pre-contractual legal relationships, which arise in connection with the initiation of a contract or its con-clusion or under certain circumstances also for the defence of asserted legal claims (e.g. from AGG) against us.
3.2) Legal basis of data processing
The legal basis is derived from Section 26 BDSG in conjunction with Art. 88 DSGVO as well as Art. 6 para. 1 lit b, lit c or lit f DSGVO, if applicable, and is based on the legal relationship that arises in the application or initiation phase of the employment contract.
4) Categories of personal data
We only process such data that is related to your application. This may include general personal data (name, address, contact details, etc.), details of your qualifications and schooling, details of further vocational training and, if applicable, other data which you provide us with in connection with your application.
5) Data sources
We process personal data which we receive in the course of contacting you or your application, which you send us via our application form, provided by our administration tool of HRworks GmbH, Waldkircher Str. 28, 79106 Freiburg, or which you send us with your Xing profile. The processing of the data entered in the contact form is thus exclusively based on your consent (Art. 6 Asb.1 lit a DSGVO).
6) Recipients or categories of recipients
(Article 13(1)(e) DSGVO)
Within our company, we only pass on your personal data to those areas and persons who require this data to fulfil contractual and legal obligations or to implement our legitimate interests.
We will not pass on your personal data to third parties, unless this is necessary to fulfil legal obligations. A transfer to data processors (e.g. personnel consultants) as well as to persons who are obliged to maintain special confidentiality, such as lawyers, may occur under certain circumstances.
7) Embedding of Social Media Plugins
Plugins from social networks are integrated on the application form. Currently we use the follo-wing plugins: LinkedIn, Kununu and Xing. When you visit our site, no personal data is passed on to the providers of the plugins. You can recognize the provider of the plugin by its initial letter or logo on the icon. Only if you click on the marked field and thereby activate it, the plugin provider receives the information that you have called up the corresponding websi-te of our online offer. In addition, further data, in particular your IP address, is transmitted. By activating the plugin, your personal data is transmitted to the respective plugin provider and stored there.
We have no influence on the collected data and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of processing, the storage periods. We also have no information on the deletion of the collected data by the respective network. You will find further information on this in the data protection declaration of the respective network.
8) Transfer to a third country
A transfer to a third country is not intended.
9) Duration of storage
(Article 13(2)(a) of the DSGVO)
The storage of your data takes place for the duration of the processing of the pre-contractual legal relationships or applications. Your personal data or application documents will be deleted at the latest six months after the end of the application procedure (e.g. the notification of the rejection decision). Furthermore, they will be stored until it is certain that no more legal consequences can arise which make it necessary for us to provide evidence and proof.
Due to legal pendency and/or limitation periods, the period may also extend over years.
If applicable, you will receive an invitation to join our talent pool following the application process. If you have then agreed to be included in our talent pool, this will allow us to continue to consider you for suitable vacancies in our selection of applicants. If we have your consent, we will store your application data in our talent pool in accordance with your consent or any future consent.
10) Right to information, correction, deletion, revocation and data transferability
(Article 13(2)(b) and (c) DPA)
You have the right of access (Art. 15 DSGVO) to the personal data concerning you from the person in charge, as well as the right of rectification (Art. 16 DSGVO), deletion (Art. 17 DSGVO) or limitation of processing (Art. 18 DSGVO) and the right to object to processing and the right of transferability (Art. 20 DSGVO). to your personal data.
If you have given us your consent to process your personal data for one or more specific purposes, you may revoke this consent at any time.
The right to revoke your consent to data processing does not affect the lawfulness of the data pro-cessing carried out up to your revocation.
Your right to delete the data will regularly be opposed by our legitimate interest in asserting, exer-cising or defending legal claims which make it necessary to store and retain data.
11) Right of appeal
(Article 13(2)(d) of the DSGVO)
You have the right (Art. 77 DSGVO) to complain to a supervisory authority regarding our data pro-cessing of your personal data, if you believe there has been an infringement of the law.
12) Legal and/or contractual requirement to provide the data
(Article 13(2)(e) DSGVO)
Without the provision of your personal data, your application cannot be processed.
13) Automated decision making
There is no automated decision in individual cases in the sense of Art. 22 DSGVO.