Privacy Policy (Information to be provided according to Art. 13 of the General Data Protection Regulation – GDPR)
We believe that data privacy should be transparent, easy to understand and, above all, fair to all parties. We believe that data privacy should be transparent, easy to understand and, above all, fair to all parties. Therefore, in this Privacy Policy, we would like to tell you what personal information we collect from you and how we use it, whether we share it with third parties and if so, with whom, how long we store it, and what your rights are if at any time you do not agree with our responsible handling of your information. If you have any questions after reading this detailed Privacy Policy, please do not hesitate to contact us using the details below.
1. Name and contact details of the data controller
Summiteer GmbH
Theodor-Krumm-Str. 18
88213 Ravensburg
You can reach us by post, by e-mail at info@summiteer.com or by phone at 0751/36656-0
2. Collection of personal data for informational purposes
Each time you access our website, we collect the following information about your computer: The IP address of your computer, the request of your browser and the time of this request. In addition, the status and the amount of data transferred are recorded as part of this request. We also collect product and version information about the browser and operating system used on your computer. Moreover, we record the website from which our website was accessed. The IP address of your computer is only stored for the duration of your use of the website and is then immediately deleted or anonymised by truncation. We use this data to operate our website, in particular, to identify and eliminate website errors, to measure website usage and to make adjustments or improvements. The legal basis for this processing is Art. 6 (1) (f) GDPR.
3. Cookies & Local Storage
3. 1
We may also collect information about your use of our website through the use of so-called browser cookies. These are small text files that are stored on your data carrier. They save certain settings and data for exchange with our system via your browser. A cookie usually contains the name of the domain from which the cookie data has been sent as well as information about the age of the cookie and an alphanumeric identifier. Cookies enable our systems to recognise the user’s device and make any preferences available immediately. As soon as a user accesses the platform, a cookie is transferred to the hard disk of the user’s computer. Cookies help us to improve our website and provide you with a more personalised service. They allow us to recognise your computer when you return to our website and enable us to:
- Store information about your preferred activities on the website to help us tailor our site to your individual interests. This includes, for example, advertising that addresses your personal interests.
- Speed up the processing of your requests.
3. 2
The cookies we use store only the data described above about your use of the website. This is not done by assigning it to you personally, but by assigning an identification number to the cookie.(„cookie ID“). The cookie ID is not merged with your name, your IP address or similar data that would enable the cookie to be assigned to you.
3. 3
There are two types of cookies: session cookies, which are deleted as soon as you close your browser, and persistent cookies, which are stored beyond the individual session. Cookies are also distinguished on the basis of their function:
- Technical Cookies: These are mandatory to navigate the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes nor do they store information about the web pages you have visited;
- Performance Cookies, Statistic Cookies: These collect information about how you use our website, which pages you visit and, for example, whether errors occur during website use; they do not collect information that could identify you – all information collected is anonymous and is only used to improve our website and to identify the interests of our users;
- Advertising Cookies, Targeting Cookies: These are used to offer the website user needs-based advertising on the website or third-party offers and to measure the effectiveness of these offers; advertising and targeting cookies are stored for a maximum of 13 months;
- Sharing Cookies: These are used to improve the interactivity of our website with other services (e.g. social networks); sharing cookies are stored for a maximum of 13 months.
3. 4
Any use of cookies that is not absolutely necessary from a technical point of view constitutes data processing that is only permitted with your express and active consent pursuant to Section 25 (1) of the German Telecommunications Digital Services Data Protection (TDDDG) and will only be carried out in compliance with this statutory provision. This applies in particular to the use of advertising, targeting or sharing cookies. Furthermore, we will only disclose your personal data processed by cookies to third parties if you have given your express consent to do so in accordance with Section 25 (1) TDDDG.
3. 5
Below you will find an overview of the cookies used on our website and your current consent status.
3. 6
You can use your browser settings to determine whether cookies can be set and retrieved. For example, you can completely disable storage of cookies in your browser, limit it to certain websites, or set your browser to automatically notify you when a cookie is about to be set and ask for your acknowledgement. You can block or delete individual cookies. However, this may adversely affect some features of our website and they may not be fully functional due to technical reasons.
3. 7
If you want our website to use cookies only with your consent, you can also make the settings mentioned in 4.6 in our Cookie Consent Tool. To do this, click on the Cookiebot icon at the bottom left of the browser window.
4. Data security
All the information that you submit to us is stored on servers within the European Union. Unfortunately, transmission of information via the Internet is not completely secure and we therefore cannot guarantee the security of data transmitted to our website via the Internet. However, we secure our website and other systems by using technical and organisational measures to safeguard your data against loss, destruction, access, modification or distribution by unauthorised persons. In particular, we encrypt your personal data during transmission. We use the SSL (Secure Socket Layer) or TLS (Transport Layer Security) coding system.
5. Use of Cookiebot
5. 1
We have integrated the consent management tool „Cookiebot“ (www.cookiebot.com) of Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark on our website to request consent for data processing or for the use of cookies or comparable functions. „Cookiebot“ offers you the option of giving or refusing your consent for certain functionalities of our website, e.g., for the purpose of integrating external elements, integrating streaming content, statistical analysis, coverage measurement and personalised advertising. You can use „Cookiebot“ to give or refuse your consent for all functions or to give your consent for individual purposes or individual functions. You can also later change the settings you have made via the icon at the bottom left of the visited website.
5. 2
The purpose of integrating „Cookiebot“ is to allow users of our website to decide about the aforementioned matters and to offer them the option of changing selected settings for further use of our website. In the course of using „Cookiebot“, personal data as well as information of the end devices used (IP address, language, browser, etc.) are processed and sent to Usercentrics A/S. Information about the settings you have made is also stored in your end device.
5. 3
The legal basis for the processing is Art. 6 para.1 sentence 1 (c), Art. 6 para.3 sentence 1 (a), Art. 25, Art. 5 para.2 GDPR in conjunction with Art. 6 para.1 (f) GDPR. We store the cookie required to store your consent on the basis of Section 25 (2) no. 2 TDDDG. Cookiebot helps us process our users‘ data to comply with our legal obligations (e.g., obtaining informed consent as well as the obligation to prove it). Apart from obtaining and proving that consent was obtained, our legitimate interests in processing include the evaluation of consent rates and further functionalities.
5. 4
„Cookiebot“ stores your data as long as your user settings are active. Consent will be requested again after a period of one year has elapsed from the time the user settings were made. The user settings made will then be stored again for this period, unless you delete the user settings yourself in the end device capacities provided for this purpose. We have concluded a data processing agreement with Cookiebot.
5. 5
You may object to the processing insofar as the processing is based on Art. 6 para.1 sentence 1 (f) GDPR. You have the right to object on grounds relating to your particular situation. To object, please contact us by e-mail at privacy@cookiebot.com
6. No disclosure of your personal data
We do not disclose your personal data to third parties unless you have consented to the disclosure of data or we are entitled or obliged to disclose data due to statutory provisions and/or official or court orders. In particular, this may include providing information for the purposes of criminal prosecution, for averting danger or for the enforcement of intellectual property rights.
7. Data privacy and third-party websites
The website may contain hyperlinks to and from third-party websites. If you follow a hyperlink to one of these websites, please note that we cannot accept any responsibility or liability for third-party content or privacy policies. Please check the applicable Privacy Policy before submitting any personal data to these websites.
8. Use of our website functions
8. 1
In addition to the use of our website for purely informational purposes, we offer various services that you can use if you are interested. This usually requires you to provide further personal data, which we use to provide the respective service. If additional voluntary information can be provided, this will be marked accordingly.
8. 2
When you contact us by e-mail or via the contact form, we will store your e-mail address and, if you provide it, your name and telephone number, in order to answer your questions. (The legal basis is Art. 6 para.1 sentence 1 (b) GDPR)
9. Social media profiles
9. 1
We are present on various so-called social media platforms. We operate our sites on:
9. 1. 1
LinkedIn, operated by Linkedin Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland; Privacy Policy at https://de.linkedin.com/legal/privacy-policy?trk=content_footer-privacy-policy
9. 1. 2
Xing, operated by New Work SE, Am Strandkai 1, 20457 Hamburg; privacy policy at https://privacy.xing.com/de/datenschutzerklaerung
9. 2
We use the technical platform and services of the providers for these information services. We would like to point out that you use our sites on social media platforms and its functions on your own responsibility. This applies in particular to the use of interactive functions (e.g., commenting, sharing, rating). When you visit our sites, the providers of the social media platforms collect, inter alia, your IP address as well as other information that is present on your end device, in the form of cookies. This information is used to provide us, as operators of the accounts, with statistical information about your interaction with us. The legal basis in each case is your consent: for the setting of cookies this is Section 25 para. 1 TDDDG, for the subsequent data processing this is Art. 6 para. 1 (a) GDPR.
9. 3
The data collected about you in this context will be processed by the platforms and may be transferred to countries outside the European Union, in particular the USA. All of the above providers claim to maintain an adequate level of data privacy equivalent to the former EU-US Privacy Shield and we have agreed on standard data privacy clauses with the companies (with the exception of Xing, as this provider is based within the EU). We are not aware of how the social media platforms use the data from your visit to our account and interaction with our posts for their own purposes, how long this data is stored and whether data is disclosed to third parties. The data processing may differ depending on whether you are registered and logged in to the social network or visit the site as a non-registered and/or non-logged-in user. When you access a post or the account, the IP address assigned to your end device is transmitted to the provider of the social media platform. If you are currently logged in as a user, a cookie on your end device can be used to track how you have moved around the web. Buttons embedded in websites enable the platforms to record your visits to these website pages and assign them to your respective profile. This data can be used to offer you customised content or advertising. If you want to avoid this, you should log out or disable the „stay logged in“ function, delete the cookies present on your device and restart your browser.
9. 4
Apart from this, as the provider of the information service, we only process the data obtained from your use of our service when you provide it to us and it requires interaction. For example, if you ask a question that we can only answer by e-mail, we will store your information in accordance with the general principles of our data processing, which are described in this Privacy Policy. The legal basis for the processing of your data on the social media platform is Art. 6 para. 1 sentence 1 (f) GDPR.
9. 5
To exercise your rights as the data subject, you can contact us or the provider of the social media platform. If one party is not responsible for answering or has to receive the information from the other party, we or the provider will then forward your request to the respective partner. Please contact the operator of the social media platform directly for questions about profiling and processing of your data when using the website. If you have any questions about the processing of your interaction with us on our site, please write to us using the contact details we have provided above.
9. 6
The information received by the social media platforms and how it is used is described by the providers in their privacy policies (see link in the table above). There you will also find information on contact options as well as on setting options for advertisements. You can also find more information on social networks and how to protect your data at www.youngdata.de.
10. Application process
10.1
We process the data you send us in connection with your application in order to assess your suitability for the position (or for other open positions in our company, if applicable) and to carry out the application process.
10.2
The legal basis for the processing of your personal data in this application procedure is primarily Section 26 of the Federal Data Protection Act (BDSG). According to this, data may be processed if this is necessary to decide about the establishment of an employment relationship. Should the data be required for legal prosecution after completion of the application process, data may be processed pursuant to Art. 6 GDPR, in particular, to safeguard legitimate interests pursuant to Art. 6 para. 1 (f) GDPR. Our interest then consists in asserting or defending claims.
10.3
Data of applicants will be deleted after 6 months in case of rejection.
10.4
If you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. Data in this pool will be deleted after two years.
10.5
If you have been awarded a position during the application process, the data from the applicant data system will be transferred to our personnel information system.
10.6
Your applicant data will be viewed by the HR department after receipt of your application. Suitable applications will then be forwarded internally to the department heads for the respective open position. This will be followed by further procedures. In principle, only those people within the company who need to access your data in order to properly process your application will have access to it.
10.7
If you use our application tool, we will use a specialised software provider for the application process. This company acts as our service provider and may also receive access to your personal information in connection with the maintenance and upkeep of the systems. We have concluded a so-called data processing agreement with this provider, which ensures that the data processing is carried out in an approved manner. More details about this are given in item 11.10
11. Third-party tools
11. 1 Use of Google Tag Manager
11. 1. 1
This website uses Google Tag Manager, a cookie-less domain that does not collect any personal data.
11. 1. 2
The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If you have opted out at the domain or cookie level, this will apply to all tracking tags implemented with Google Tag Manager.
11. 1. 3
Google Tag Manager is used to facilitate the administration and development of our website. Google Tag Manager provides efficient control of content across multiple pages, reduces potential errors, eliminates outdated processes and thus ensures a safe user experience. The legal basis for the use is Art. 6 para. 1 (a) GDPR.
11. 2 Use of Google Analytics
11. 2. 1
This website uses Google Analytics, a web tracking service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google“). We use this tool to enable us to analyse user interactions with our websites and apps, and to use the statistics and reports we obtain to improve our service and make them more relevant to you as a user.
11. 2. 2
We collect the interactions between you as a user of the website and our website primarily through cookies, device/browser data, IP addresses and website or app activities. Google Analytics also collects your IP addresses in order to ensure the security of the service and to provide us, as the website operator, with information about the country, region or location from which the respective user originates (so-called „IP location determination“). However, for your protection, we use the anonymisation function („IP masking“), i.e. Google truncates the IP addresses by the last octet within the EU/EEA.
11. 2. 3
Google acts as a data processor and we have concluded a corresponding contract with Google. The information generated by the cookie and the (usually truncated) IP addresses about your use of this website are usually transmitted to a Google server in the USA and processed there. Google states that in these cases it is subject to a standard that is equivalent to the former EU-US Privacy Shield and has promised to comply with applicable data privacy laws when transferring data internationally. We have also agreed on so-called standard contractual clauses with Google to ensure that an adequate level of data privacy is maintained in the third country.
11. 2. 4
The legal basis for the collection and further processing of the information (which takes place for a maximum of 14 months) is your consent (Art. 6 para. 1 sentence 1 (a) GDPR). Moreover, any necessary cookies will only be set with your consent in accordance with Section 25 para. 1 TDDDG. You can revoke your consent at any time without affecting the permissibility of the processing until the time of revocation. In apps, you can reset the advertising ID under the Android or iOS settings. The easiest way to revoke your consent is to use our Consent Manager or to install Google’s browser add-on, which can be accessed via the following link: tools.google.com/dlpage/gaoptout?hl=de/.
11. 2. 5
For more information on the scope of services provided by Google Analytics, please visit https://marketingplatform.google.com/about/analytics/terms/gb/ Google provides information on data processing when using Google Analytics at the following link: support.google.com/analytics/answer/6004245?hl=en/. General information on data processing, which according to Google also applies to Google Analytics, can be found in Google’s privacy policy at https://policies.google.com/privacy?hl=en&gl=en.
11. 3 Integration of YouTube Videos
11. 3. 1
We have integrated YouTube videos into our online offer. These videos are stored on YouTube.com and can be played directly from our website. [All of these are integrated in „extended data privacy mode“, i.e. no data about you as a user is transmitted to YouTube if you do not play the videos. The data mentioned in paragraph 2 will be transmitted only when you play the videos. We have no influence on this data transmission] The legal basis for the display of the videos is Art. 6 para. 1 sentence 1 (a) GDPR, i.e. integration only takes place after you have given your consent. We set the required cookie for playing the videos in accordance with Section 25 para. 2 no. 2 TDDDG, as this is mandatory for technical reasons.
11. 3. 2
When you visit the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. In addition, the above-mentioned basic data such as IP address and time stamp are transmitted. This takes place regardless of whether YouTube provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish the data to be assigned to your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses it for the purposes of advertising, market research and/or for designing its website to meet user needs. Such an evaluation is carried out in particular (even for users who are not logged in) for the provision of needs-based advertising and to inform other social network users about your activities on our website. You have the right to object to the creation of these user profiles. You must contact YouTube to exercise this right.
11. 3. 3
The information collected is stored on Google servers, also located in the USA. The provider states that in these cases it is subject to a standard that is equivalent to the former EU-US Privacy Shield and has promised to comply with applicable data privacy laws when transferring data internationally. We have also agreed on so-called standard data privacy clauses with Google to ensure that an adequate level of data privacy is maintained in the third country.
11. 3. 4
For more information on the purpose and extent of data collection and processing by YouTube, please refer to the privacy policy. This will also provide further information on your rights and setting options to protect your privacy: www.google.de/intl/de/policies/privacy.
11. 4 Use of Vimeo
11. 4. 1
On our website we integrate the service „Vimeo“, which is provided by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
11. 4. 2
We use plugins from the provider Vimeo on some of our pages. When you access pages of our online offer that are provided with such a plugin, a connection to the Vimeo servers is established and the plugin is displayed. This tells the Vimeo server which of our pages you have visited. If you are logged in as a Vimeo member, Vimeo assigns this information to your personal user account. When you use the plugin, e.g. when you click on the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.
11. 4. 3
The privacy policy of Vimeo Inc. can be viewed here: vimeo.com/privacy
11. 4. 4
The data processing is based on our legitimate interest, i.e. to optimise our offer and our website according to Art. 6 para. 1 (f) GDPR. Likewise, technically required data is transmitted to Vimeo on the same legal basis. The technically required cookie for playing the videos is set on the basis of Section 25 para. 2 no. 2 TDDDG.
11. 4. 5
In order to ensure an appropriate level of data privacy when transferring data to the USA, we have concluded the EU standard contractual clauses with the provider of Vimeo in the so-called „controller to controller“ variant. As further protective measures, we always integrate videos from Vimeo in the „Do Not Track“ variant, so that minimal personal data is transmitted to Vimeo. In addition, the provider of Vimeo has given us an undertaking that it will continue to comply with the self-imposed obligations under the former so-called Privacy Shield agreement.
11. 5 Application tool Personio
11. 5. 1
We use the service provider Personio SE & Co. KG, Seidlstraße 3, 80335 Munich, Germany for application management.
11. 5. 2
If you use our online application process, the associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) will be collected and processed to the extent necessary for a decision to be made regarding the establishment of an employment relationship. The legal basis for this is Section 26 of the Federal Data Protection Act (BDSG) in conjunction with Art. 6 para. 1 (b) GDPR. Your personal data will only be disclosed to persons in our company who are involved in processing your application. If the application is successful, we will store the data submitted by you in our data processing systems on the basis of Section 26 BDSG for the purpose of implementing the employment relationship. Otherwise, we will delete the data after a period of 6 months after your application.
11. 5. 3
Possibility of setting cookies: If a cookie is required for data processing, it is set in accordance with Section 25 para. 1 TDDDG, i.e. after you have given your consent. You can revoke your consent at any time with effect for the future. To do this, click on the Cookiebot icon at the bottom left of the browser window.
11. 5. 4
More detailed data privacy information on the service provider Personio SE & Co. KG can be found at https://www.personio.de/datenschutzerklaerung/
12. Recipients or categories of recipients
If we disclose your personal data to third parties, you will be explicitly informed of this in the description of the respective data processing (e.g. when using our contact form). Of course, for technical and organisational processing we also use external service providers with whom we have concluded corresponding data processing agreements within the meaning of Art. 28 GDPR. These are, e.g., service providers for web hosting, sending emails, maintenance and care of our IT systems, etc.
13. Storage period
13. 1
Your data will be stored for as long as it is absolutely necessary to achieve the respective purpose. However the period will not exceed the period for which we are required to store it under any statutory provisions (e.g. under commercial law we are obliged to store business letters, which may also include e-mails, for 10 years).
13. 2
As soon as the purpose of storage ceases to apply or a storage period prescribed by the aforementioned regulations expires, the personal data is routinely blocked or deleted.
14. Your rights
14. 1
You have extensive rights with regard to the processing of your personal data. First of all, you have a comprehensive right to information and, if necessary, you can demand that your personal data be corrected and/or deleted and/or blocked. You can also request restricted processing and have a right to object and a right to data portability. If you would like to exercise any of your rights and/or receive more information about them, please contact us at info@summiteer.com.
14. 2
In addition, you have the right to lodge a complaint with a supervisory authority. Should you have any questions, comments or requests regarding how we collect, process and use your personal data, please do not hesitate to contact us using the contact details provided.
14. 3 Right to Object
Right to object on a case-by-case basis:
- You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which is carried out on the basis of Article 6 para. 1 (e) or (f) of the GDPR; this also applies to profiling based on these provisions.
- We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
Right to object to processing of data for direct marketing purposes:
- If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
- If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
- In the context of the use of information society services, you can – notwithstanding Directive 2002/58/EC – exercise your right to object by means of automated procedures using technical specifications.
15. No obligation to provide personal data
We do not require you to provide us with personal data before entering into a contract with us. As a customer, you are basically under no legal or contractual obligation to provide us with your personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data. Should this exceptionally be the case for any of the products and services offered by us above, we will notify you separately.