Design Offices GmbH, Königstorgraben 11, 90402 Nürnberg (hereinafter: "we") as the operator of the website are the controller responsible for website users' personal data (hereinafter: "you") under the Federal Data Protection Act ("Bundesdatenschutzgesetz" – BDSG) and the General Data Protection Regulation of the European Parliament (GDPR).
The GDPR is Regulation (EU) 2016/679 by the European Parliament and Council issued on 27.04.2016 for the protection of natural persons in the processing of personal data, the free movement of data and the suspension of Directive 95/46/EC (Data Protection Directive).
We welcome you to our website and we are pleased you are interested in our company. We regard data privacy as a customer-oriented quality feature. The protection your personal data and the safeguarding of your personal rights are factors to which we attach importance.
It is essentially possible to use our website without submitting any personal data. However, if you use the services provided by our company via our website, it may be necessary for us to process your personal details.
Whether data is collected automatically when you visit our website or personal data is submitted by you when making use of our services, the data is always processed in accordance with the currently valid statutory requirements relating to the protection of personal data.
If processing of your personal data is required and there is no legal basis for such processing, we always obtain your consent for the processing purpose in question. We only collect such personal data as is required by us in order to handle orders or respond to your enquiry, meet contractual obligations, ensure the operation of the website, pursue our legitimate interests or process data with your consent. The legal basis derives from Article 6 Paragraph 1 a), b), f) GDPR.
If you give us your consent, we collect data to the extent approved by you. If you make contact with us via the contact options provided (request form, e-mail), your details are saved so that they can be used in order to handle and respond to your enquiry.
We adhere to the principles of data avoidance and data economy. For this reason, we only save your personal data for as long as this is necessary for the purposes listed here or as is required by the various retention periods specified by the legislative authorities. Once the purpose in question ceases to apply or these retention periods have expired, the data in question is deleted or blocked as a matter of routine and in accordance with statutory requirements.
As the company responsible for processing, we have established technical and organisational measures in order to ensure that the level of protection of your personal data is as high as possible.
However, we should like to point out that data transfer via the World Wide Web can always involve security gaps.
If you would like to use our company's services but do not wish to transfer data via the World Wide Web, it is also possible to contact us by telephone.
1. Contact data of the controller responsible for data processing
The controller according to the General Data Protection Regulation is: Company: Design Offices GmbH Street: Königstorgraben 11 Tel.: +49 (0)911 323950 E-mail: firstname.lastname@example.org The Data Privacy Officer is: Mr. Stephan Hartinger Coseco GmbH Telephone: 08232 80988-70 E-mail: email@example.com
2. Collection of general access information
Every time our website is accessed, server logfile information is automatically recorded which your browser sends to us. This includes the following:
1. IP address (Internet Protocol Address) of the accessing computer
2. The website from which you are visiting us (referrer)
3. The page you are visiting on our website
4. The date and duration of your visit
5. Browser type and browser settings
6. Operating system
Please note that this data cannot be attributed to a particular person. We use this technical access information solely for the following purposes:
1. To improve the appeal and usability of our web pages
2. To identify technical problems on our website early on
3. To deliver the content of our website correctly
4. To provide law enforcement authorities the information they require for the purpose of criminal prosecution in the event of a cyber-attack
As a technical precaution, this data is saved for a maximum of seven days in order to protect the data processing systems from unauthorised access. We use Google Analytics, a web analysis service provided by Google Inc. ("Google").
Our website uses functions of the Google Analytics web analysis service. The use of this service is based on Article 6 Paragraph 1 Sentence 1 f) GDPR. The provider is Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Cookies are also used in connection with Google Analytics.
A so-called opt-out cookie is installed which prevents the data generated on this website from being checked. The function remains in place until the cookie is deleted. If the cookie is deleted, it is sufficient to activate the link again. On the pages below you will find further information regarding the terms and conditions of use and data privacy
(http://google.com/analytics/terms/de.html ; www.google.dd/intl/de/policies/)
In the cookies we use, only the data relating to your use of the website is saved, as explained in Section 2 "Google Analytics". This is not carried out by attributing the data to your person but by allocating an ID number to the cookie ("cookie ID"). The cookie ID is not associated with your name, your IP address or similar data which would allow the cookie to be attributed to you personally.
Naturally, you can access our website without cookies being used. You can set your browser so that you are notified when cookies are installed and you can only allow this to occur in individual instances. Furthermore, you can rule out acceptance of cookies in specific cases or in general. It is also possible to have cookies deleted automatically when the browser is closed.
To find out about the settings required for this in the internet browser you are using, please refer to the help function or documentation of your browser.
Please be aware that rejection or display of cookies can influence the functionality of our website.
Please note: cookies help us improve our website and provide you with an enhanced service which is tailored even more closely to your needs. They enable us to recognise your computer when you return to our website so that we can:
• save information about your preferred activities on the website, enabling us to gear our website to your individual interests
• accelerate handling
You can stop tracking by Google Analytics on our pages by clicking on the link below. An opt-out cookie is installed on your device. This will prevent Google Analytics from collecting data for this website and for this browser in future as long as the cookie remains installed in your browser:
3. Collection and disclosure of personal data
The following input screens exist on our website for the collection of personal data:
3.1.1 Newsletter subscription
On our website, we offer you the option to subscribe to our newsletter, which we send out at regular intervals and which contains details of the offers, products and information provided by our company.
In order to receive our newsletter you require a valid e-mail address.
We require the following details from you in order to be able to send you a personalised newsletter:
1. First and last name (optional
2. E-mail address (required for the newsletter to be sent out)
When you have sent us your registration, you will receive a confirmation e-mail from us for legal reasons that enables us to complete your registration request for the newsletter subscription. The data specified here is used solely for the purpose of sending out the newsletter.
If we receive your e-mail address in connection with the sale of a product or service and you have not objected to this, we reserve the right to regularly e-mail you offers relating to products from our range that are similar to those already purchased.
3.1.2 Transfer of application documents
When you apply for a job (online or by e-mail), we collect and process various items of application data.
These particularly include the following:
· Contact details (name, address, telephone number and e-mail)
· Application documents (cover sheets, application letter, CV, references and other training certificates/qualifications)
After you have submitted your application, you will receive an e-mail to confirm receipt of your application documents.
Collection and processing of your personal application data is carried out solely for the purpose of filling vacant positions in our company. Your data is only passed onto internal offices and departments in our company responsible for the application procedure in question. Your personal application data is not shared with other companies without you having given your express prior consent.
Your personal application data is always deleted automatically three months after completion of the application procedure. This is does not apply if statutory provisions prevent erasure, continued saving is required for the purpose of providing evidence or you have expressly consented to your data being saved for longer, e.g. for future job vacancies.
If an employment contract is drawn up with an applicant, the data is saved for the purpose of handling the employment contract in accordance with statutory requirements.
In the event of an online application: based on a separate agreement concerning the processing of personal details under contract, your personal data is collected, processed and used by softgarden e-recruiting GmbH, Tauentzienstraße 14, D-10789 Berlin on our behalf in the form of contract data processing pursuant to Section 11 BDSG in line with the relevant statutory requirements. However, this does not involve any transfer of your personal data to third parties as defined by data protection law. We, Design Offices GmbH, remain responsible under data protection law.
In addition, however, you can allow softgarden e-recruiting GmbH to collect, save, process and use your personal data submitted as part of the application process (Section 2) according to Section 28 BDSG for your own professional purposes. This requires you to give your express consent separately.
Giving your consent in this manner is always voluntary. If you do not give your consent to softgarden e-recruiting GmbH, this has no influence whatsoever on the application procedure in connection with our company.
3.1.3 Contact by e-mail or request form and event registration
On our website we offer you the option to contact us by e-mail and/or using a request form.
If you submit room requests to us using the request form or register for an event via our website, your details from the form are saved by us, including the contact data you submit, for the purpose of processing the request and in the event of follow-up questions.
The basis for processing this data is derived from Article 6 Paragraph 1 b) GDPR. We do not share this data without your consent. Once your request has been dealt with or, in the case of event registration, after the event has been held, we delete your data unless you have given your consent for us to make further use of the data.
3.1.4 Social media plug-ins
We currently use the following social media plug-ins: Facebook and XING. They are only used to forward data when the user clicks on the relevant symbol. In other words, no personal data is initially passed on to the providers of these plug-ins when you visit our website. You can recognise the provider of the plug-in by the marking on the black box based on the initial (f for Facebook and X for XING). Personal data is only transferred if you click on one of the plug-ins: you are referred to the provider when you activate the plug-in; only then is data automatically sent to the respective plug-in provider and saved by that provider. We do not have any influence on the data collected and the data processing operations carried out by these providers. We do not have full knowledge of the complete extent of data collection, the purposes pursued or the retention periods. Since the plug-in provider carries out data collection via cookies in particular, we recommend deleting all cookies in your browser's security settings before clicking on the black box.
The plug-in provider saves your data as use profiles and uses it for the purpose of advertising, market research and/or the needs-oriented design of its website. Such analysis (also in the case of users who are not logged in) serves the purpose of providing needs-oriented advertising and of informing other social network users about your activities on our website. You have a general right of objection to the creation of these user profiles; you must contact the plug-in provider in question in order to exercise this right.
You will find further information on the purpose and extent of the collection and processing of data by the plug-in providers in the data privacy policies of these providers shown below. Here you will also find further information about your rights as well as settings options to protect your privacy.
These are the addresses of the respective providers and the URLs with their data privacy policies:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; www.facebook.com/policy.php; further information on data collection: www.facebook.com/about/privacy/your-info, and XING AG, Dammtorstraße 30, 20354 Hamburg; www.xing.com/privacy. , and Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA, help.instagram.com/478745558852511, and Twitter Twitter International Company One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, legal.twitter.com/imprint.
4. Erasure, blocking and period of storage of personal data
We process and save your personal data only for the period of time required in order to achieve the respective purpose of saving or as is required by the various retention periods imposed by the legislative authorities.
As soon as a purpose of saving ceases to apply or the legally required retention period expires, the personal data is blocked or deleted as a matter of routine and in accordance with statutory requirements.
5. Data protection rights of the data subject
If you have questions regarding your personal data, you can contact us at any time in writing. You have the following rights under GDPR:
5.1 Right to information (subsection, Article 15 GDPR)
You have the right at all times to obtain information on which categories and information from your personal data are processed by us and for what purpose, for how long and according to which criteria this data is saved and whether automated decision-making including profiling is carried out in this connection. You also have the right to find out which recipients or categories of recipient your data has been disclosed to or will be disclosed to, in particular in the case of recipients in third countries or international organisations In this case, you also have the right to be notified of suitable guarantees in connection with the transfer of your personal data.
In addition to the right to lodge a complaint with the supervisory authority and the right to obtain information on the source of your data, you have the right to erasure and correction of your personal data and the right to the restriction of processing and the right of objection to the processing of your personal data.
In all the above instances you have the right to obtain from the data processor a free copy of your personal data processed by us. For all additional copies you have requested or extending beyond the right of information of the data subject, we are entitled to charge an appropriate administration fee.
5.2 Right to correction (Article 16 GDPR)
You have the right to request immediate correction of inaccurate personal data pertaining to you and, in consideration of the purposes of processing, require the completion of incomplete personal data, also by means of a supplementary statement.
If you wish to exercise the right of correction you can contact our Data Privacy Officer or the party responsible for processing.
5.3 Right of erasure (Article 17 GDPR)
You have the right to have your data deleted without undue delay ("right to be forgotten") in particular if the saving of your data is no longer necessary, if you withdraw your consent to data processing, if your data is being processed unlawfully or if it was collected unlawfully and erasure is required under EU or national law.
However, the right to be forgotten is not applied if there is an overriding right to freedom of expression and information, it the saving of the data is necessary in order to meet a legal obligation (e.g. retention periods), if erasure is not possible for archiving reasons or if the saving of the data serves the purpose of establishing, exercising or defending legal claims.
5.4 Right to restriction (Article 18 GDPR)
You have the right to restrict the processing of your data by the controller responsible for processing your data if the accuracy of the data is disputed by you, if processing is unlawful, if you reject erasure of your personal data and instead request restriction of processing, if the necessity of the processing purpose no longer applies or if you have objected to processing under Article 21 Paragraph 1, providing it is has not yet been established that legitimate grounds on our part override yours.
5.5 Right to data portability (Article 20 GDPR)
You have the right to the portability of your personal data provided to our company in a commonly used format so that you can have the data forwarded to another controller without hindrance, providing you have given your consent, for example, and the processing is carried out by means of an automated method.
5.6 Right to object (Article 21 GDPR)
You have the right to object to the collection, processing or use of your personal data at all times for the purposes of direct advertising or market and opinion research as well as general data processing for business purposes, unless we are able to prove compelling legitimate grounds for processing which override your interests, rights and freedoms.
In addition, you cannot exercise your right to object if a statutory obligation involves or requires the collection, processing or use of the data.
5.7 Right to lodge a complaint with the data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG)
You are granted the right to lodge a complaint with the supervisory authority responsible if you believe a violation has occurred in the processing of your personal data.
5.8 Right to withdraw consent under data protection law (Article 7 Paragraph 3 GDPR)
If you give your consent to the processing of your personal data, you can withdraw this consent at any time without stating reasons. This also applies to the withdrawal of statements of consent issued to us prior to the EU General Data Protection Regulation coming into force.
6. Legal basis for processing
Article 6 Paragraph 1, Sentence 1 a) of the General Data Protection Regulation (GDPR) is the legal basis for processing personal data for which we obtain the consent of the data subject.
For the processing of personal data required to meet contractual obligations where the data subject is a contractual party, Article 6 Paragraph 1, Sentence 1 b) GDPR is the legal basis. This also applies to processing measures required to implement pre-contractual measures.
Insofar as the processing of personal data is required in order to meet a statutory requirement to which our company is subject, Article 6 Paragraph 1 Sentence 1 c) GDPR is the legal basis.
If processing is required in order to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and basic freedoms of the data subject do not override the first-mentioned interest, Article 6 Paragraph 1 Sentence 1 f) GDPR is the legal basis for processing. The legitimate interest of our company lies in the implementation of our business operations as well as in analysing, optimising and maintaining the security of our website.
7. Transfer of data to third parties
We only transfer data if there is a legal obligation to do so. This is the case if state authorities (e.g. law enforcement authorities) request information in writing or a court order is issued to this effect.
There is no transfer of personal data to so-called third countries outside the EU/ EEA.
8. Statutory or contractual requirements that involve the provision of personal data and potential consequences of non-provision
Please note that the provision of personal data is required by law in certain cases (e.g. tax regulations) or can derive from contractual provisions (e.g. information about or provided by the contractual partner). For example, it might be necessary for the data subject/contractual partner to make their personal data available if a contract is to be concluded in order for the request to be processed by us in the first place (e.g. when ordering a product or service). An obligation to provide personal data arises in particular when contracts are concluded. If no personal data is provided in this instance, it is not possible to draw up the contract with the person concerned. Prior to the data subject providing personal data , they can contact our Data Privacy Offer or the party responsible for processing. The Data Privacy Officer or the party responsible for processing then informs the data subject whether the provision of the personal data requested is a statutory or a contractual requirement for conclusion of the contract and whether the wishes of the data subject give rise to an obligation to provide the personal data, as well as what the consequences of non-provision of the required data are for the data subject.
9. Changes to our data privacy regulations