Data protection policy
1.1. Introduction
Thank you for visiting our website. We take data protection very seriously and make every effort to protect your personal data as part of our web offering.
We understand personal data to be all data concerning a natural person’s personal and factual relationships. Personal data that are collected on our website are exclusively used for our own purposes
1.2. Legal basis for data processing
Consent: If your consent was obtained for personal data collected for processing, Article 6 Paragraph 1 lit. a of the EU General Data Protection Regulation (GDPR) is the legal basis for data processing.
Contract: When processing personal data to fulfil a contract to which you are a contractual party, Article 6 Paragraph 1 lit. b GDPR is the legal basis. This also applies to processing that is required to implement measures in advance of a contract.
Statutory obligation: If personal data is processed to fulfil a legal obligation to which our company is subject, Article 6 Paragraph 1 lit. c GDPR is the legal basis.
In the event that your existential interests - or those of another natural person - make the processing of personal data necessary, the legal basis is Article 6 Paragraph 1 lit. d GDPR.
Justified interest: If the processing is required to maintain a justified interest of our company or a third party and the interests, basic rights, and freedoms of the affected person do not outweigh the interest stated first, Article 6 Paragraph 1 lit. f GDPR is the legal basis for the processing. The justified interest of our company is in implementing our business activity.
We process your data for the following company interests:
- Optimization of the website for a better user experience
- Measurement of goals of our sales campaigns
- Communication to carry out our business activities
1.3. Rights of those affected
Your personal data is processed by us as part of our data processing. You have the rights from the Third Chapter of the GDPR with regard to our company.
We comply with the rights to information, correction, restriction of processing, deletion, or the ability to transfer your personal data. You can asset these rights as follows:
Right to information
You have the right to request a confirmation from us on whether we process your personal data. If this is the case, you have the right to receive information on this personal data and the following information:
a) the processing purposes;
b) the categories of personal data that were processed;
c) the recipients or categories of recipients to whom the personal data was published or will be published, in particular for recipients in third countries or international organizations;
d) if possible the planned duration for which the personal data is stored, or, if this is not possible, the criteria for setting this term;
e) the existence of a right to correction or deletion of your personal data or a right to restrict the processing by the responsible person or a right to object to this processing;
f) the existence of a complaint right to a supervisory authority;
g) if the personal data are not collected from the affected person, all information available on the origin of the data;
h) the existence of automated decision-making including profiling under Art. 22 Para. 1 and 4 GDPR and - at least in these cases - meaningful information on the logic involved, extent, and the desired effects of such processing for the affected person.
If personal data is transferred to a third country or international organization, you have the right to be informed about suitable guarantees under Article 46 GDPR in relation to the transfer.
We provide a copy of the personal data that are subject to the processing. For all further copies that you request, we may require an appropriate fee based on the administrative costs. If you make a request for information electronically, and if you have not stated anything further, we have to provide the information in a common electronic format.
The right to receive a copy may not adversely affect the rights and freedoms of other people.
Right to correction
You also have the right to request the correction without delay of incorrect personal data relating to you. Whilst taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data - even using an additional declaration.
Right to deletion (“right to be forgotten”)
You also have the right to request that we delete your personal data without delay and we are obligated to delete the data without delay if one of the following reasons applies:
a) Your affected personal data are no longer required for the purposes for which they were collected or any other processing.
b) You revoke your consent on which the processing is based as per Art. 6 I lit. a or Art. 9 Para. 2 lit. a GDPR and there is no other legal basis for the processing.
c) You object to the processing under Art. 21 Para. 1 GDPR and there are no other priority justified reasons for the processing or you object to the processing under Art. 21 Para. 2 GDPR.
d) Your personal data was processed illegally.
e) The deletion of your personal data is required to fulfil a legal obligation under Union law or the law of the member state to which we are subject.
f) Your personal data were collected for information company services offered under Art. 8 Para. 1 GDPR.
(2) If we have published your personal data and are obliged to delete it under Art. 1, whilst taking into account the available technology and implementation costs, we must undertake appropriate measures, including of a technical nature, to inform the person responsible for data protection who is processing the personal data that you have requested the deletion of all links to this personal data or copies or replications of this personal data. This does not apply if the processing is required a) to execute the right to freedom of expression and information; b) to fulfil a legal obligation that requires processing under the law of the Union or member states to which we are subject or to undertake a task that is in the public interest or to execute public authority that was transferred to us; c) for reasons of public interest relating to public health under Article 9 Paragraph 2 Letters h and i and Article 9 Paragraph 3; d) for archive purposes in the public interest, academic or historic research purposes, or for statistical purposes under Article 89 Paragraph 1 if the right stated in Paragraph 1 is expected to make the implementation of the objectives of this processing impossible or seriously adversely affect them, or e) to assert, exercise, or defend legal claims.
Right to restriction on processing
(1) The affected person has the right to request the restriction of processing from the person responsible if the following requirements are met:
a) the correctness of the personal data is disputed by the affected person for the duration it takes the person responsible to check the correctness of the personal data
b) the processing is illegal and the affected person rejects the deletion of the personal data and instead requests a restriction on the use of the personal data;
c) the responsible person no longer requires the personal data for the processing purposes but the affected person does require them to assert, exercise, or defend legal claims, or
d) if you have submitted an objection against the processing under Article. 21 Paragraph. 1 GDPR and it is not yet clear whether the justified reasons of the responsible person outweigh your reasons.
(2) If the processing was restricted, this personal data - apart from its storage - can only be processed with the consent of the affected person or to assert, exercise, or defend legal claims or to protect the rights of another natural person or legal entity, or due to the important public interest of the Union or a member state. 4.5.2016 L 119/44 Official Journal of the European Communities DE
(3) An affected person that has brought about a restriction on processing is informed by the person responsible before the restriction is lifted.
Article 19 Notification obligation relating to the correction or deletion of personal data or restricting its processing
The person responsible informs all recipients whose personal data was published of all corrections to or deletions of the personal data or a restriction on the processing under Article 16, Article 17 Paragraph 1, and Article 18 unless this proves to be impossible or is associated with disproportionate costs. The person responsible informs the affected person about these recipients if the affected person requests this.
Article 20 Right to data transfer
(1) The affected person has the right to receive their personal data that they provided to a responsible person in a structured, common, machine-readable format and they have the right to transfer these data to another responsible person without hindrance by the person responsible to whom the person data was provided, if
a) the processing is based on consent under Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a or a contract based on Article 6 Paragraph 1 Letter b and
b) the processing takes place using automated processes.
(2) In executing your right to transfer data under Paragraph 1, the affected person also has the right to ensure that your personal data is transferred directly from one responsible person to another if this is technically feasible.
(3) The utilization of the right in Paragraph 1 of the Article stated above does not affect Article 17. This right does not apply to processing personal data that are required to undertake a task that is in the public interest or to exercise public authority that has been transferred to the person responsible.
(4) The right under Paragraph 2 may not adversely affect the rights and freedoms of other people.
You also have the right to call on our data protection officer for advice on the stated rights and all questions related to the processing of your personal data.
In addition, our customers can also assert their complaint right to the responsible supervisory authority.
Right to objection
You have the right for reasons arising from your special situation to object to the processing of your personal data at any time as a result of Art. 6 Para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. The responsible person no longer processes your personal data unless they can demonstrate binding reasons requiring protection for the processing that outweigh your interests, rights, and freedoms or the processing is used to assert, exercise or defend legal claims.
If your personal data is processed for direct advertising purposes, you have the right to object to the processing of your personal data for such advertising purposes at any time; this also applies to profiling if it is in connection with direct advertising.
If you object to the processing for the purposes of direct advertising, your personal data is no longer processed for these purposes.
You have the opportunity to exercise your objection right in relation to the use of the services of the information company - notwithstanding Directive 2002/58/EU - when technical specifications are used for automated processes.
You have the right for reasons arising from your specific situation to object to the processing of your personal data for academic, historic research, or statistical purposes under Art. 89 Para. 1 unless the processing is required in the public interest.
Notwithstanding any other administrative law or legal assistance, you have the right to complain to a supervisory authority if you are of the opinion that the processing of your personal data infringes the GDPR.
1.4. Web server logs
When using our website the connection information is stored in the server log files.
This information includes:
• IP address of the system used to call up
• Browser information such as operating system used and screen resolution
• Website called up
• Originating website
• Time of call up
The web server logs are only processed for security purposes.
We use the logged data only for statistical analyses for the purposes of operating, securing, and optimizing the offering. However, we reserve the right to check the logged data subsequently if there are specific concerns leading to a justified suspicion of illegal use.
1.5. Cookies
This website uses cookies. Cookies are text files that are stored on your device. Cookies can be read, transferred, or modified by the website when calling up the website. We only use cookies with random, pseudonym identification numbers. These identification numbers are used to analyze your usage behavior on our website. At no time is the usage profile assigned to the name of a natural person. If you use special functions (e.g. shopping basket or “stay logged in”) on our website, cookies are also used for these functions.
It is possible at any time to object to the setting of cookies by making the relevant change in the browser's settings. Set cookies can be deleted. It is emphasized that when deactivating cookies not all of the functions of our website may be fully available.
The precise functions of the cookies can be viewed from the more detailed information in this data protection policy.
1.6. Flash Cookie
This website uses Flash Cookies. These are not stored in your browser but rather by your flash plug-in. These store the necessary data independently of the browser you use and have no automatic end date. If you do not want processing by Flash Cookies you have to install the relevant add-on, e.g. “Better Privacy” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or Adobe-Flash-Killer-Cookie for Google Chrome.]
1.7. Google Analytics
If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
Scope of processing
Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.
We use the User ID function. With the help of the User ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyze user behavior across devices.
We use Google Signals. This allows Google Analytics to collect additional information about users who have enabled personalized ads (interests and demographics), and ads can be delivered to these users in cross-device remarketing campaigns.
Google Analytics 4 has IP address anonymization enabled by default. Due to IP anonymization, your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. During your website visit, your user behavior is recorded in the form of "events".
Events can be:
- Page views
- First visit to the website
- Start of session
- Your "click path", interaction with the website
- Scrolls (whenever a user scrolls to the bottom of the page (90%))
- Clicks on external links
- Internal search queries
- Interaction with videos
- File downloads
- Ads seen / clicked
- Language setting
Also recorded:
- Your approximate location (region)
- your IP address (in shortened form)
- technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
- your internet service provider
- the referrer URL (via which website/advertising medium you came to this website)
Purposes of the processing
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website.
Recipients
Recipients of the data are/may be
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 DSGVO).
- Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
- Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
It cannot be ruled out that US authorities may access the data stored by Google. Third country transfer Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses [links to: https://business.safety.google/adsprocessorterms/sccs/c2p/] with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.
Storage period
The data sent by us and linked to cookies are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.
Legal basis
The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit.a GDPR.
Revocation
You can revoke your consent at any time with effect for the future by calling up the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected. You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on this and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by a. not giving your consent to the cookie setting or b. downloading and installing the browser add-on to disable Google Analytics HERE. For more information on Google Analytics terms of use and Google's privacy policy, please visit https://marketingplatform.google.com/ about/analytics/terms/de/ and https:// policies.google.com/?hl=en.
1.8. Google Adwords
Our website uses Google AdWords Conversion Tracking. This is an analysis service of Google Inc., Amphitheater Parkway, Mountainview; California 94043, USA. The service sets a cookie on your computer if you have arrived at our page from a Google advert. We do not use the cookie to identify you personally. It is only used to detect whether a visitor has arrived at our website from an advert that we purchased. Which advert was used to visit our website and whether you then browsed our website again can therefore be tracked. We use the knowledge from this analysis to modify our adverts in a more targeted way.
You can find more information and the Google data protection policy at: http://www.google.de/policies/privacy/
1.9. Log-in area
If data is recorded as part of a user login, it is only used to provide the relevant service. An analysis only takes place to ensure comfortable and secure operation of the system.
1.10. Shop
Within the scope of our website you have the opportunity to store purchases temporarily in a shopping basket. For the period of the usage session your product choice is stored in a so-called session cookie. This cookie is deleted automatically when you close the website in your browser.
1.11. Data privacy during the application procedure
This data privacy statement, which refers exclusively to data collected as part of the online application process, is to inform you about how your personal data that is collected as part of the online application process is handled at our end.
The controller
The controller under data protection law is:
anynines GmbH Science Park 2 66123 Saarbrücken Phone: +49 (0) 681 - 309 64 190 Commercial register entry number: HRB 17413 Registration Court: Amtsgericht Saarbrücken
Data Protection Officer:
Sicoda GmbH Peter Mühlemeier Rochusstraße 198 53123 Bonn Phone: +49 (0) 228 - 28614060 E-mail: dataprivacy@anynines.com
Personal data collected as part of the application process
Personal data means any information concerning the personal or material circumstances of an identified or identifiable individual. This includes information such as, for example, your name, address, telephone number and date of birth, but also data relating to your specific career etc. by reference to which a specific inividual can be identified with reasonable effort. However, information which cannot be (in)directly associated with your real-life identity is not personal data.
Fundamentals and purposes of processing personal data collected from application documents and during the application process
If you apply to us electronically, i.e. via e-mail or using our online form, we will collect and process your personal data for the purpose of executing the application process and preparing contracts.
By submitting an application via our recruitment website, you express your interest in taking up work with us. In this context, you transmit personal data, which we will use and store exclusively for the purpose of your job search / application process.
In particular, the following data is collected during this process:
- name (first and last names)
- e-mail address
- phone number (optional)
- LinkedIn profile (optional)
Furthermore, you can choose to upload expressive documents such as a cover letter, your CV and reference letters. These may contain additional personal data such as date of birth, address etc.
Only authorized HR staff and/or staff involved in the application process have access to your data.
The personal data is stored, as a rule, exclusively for the purpose of filling the vacancy for which you have applied.
Your data will be stored for a period of 180 days after the application process has been concluded. This is usually done to fulfill legal requirements and/or defending ourselves against any claims arising from legal provisions. After this period, we are obligated to delete or anonymize your data. In case of anonymization, the data will only be available to us in the form of so-called metadata, without any direct personal reference, for statistical analysis (for example, share of male and/or female applicants, number of applications per specified period of time etc.).
Furthermore, we reserve the right to save your data for inclusion in our "Talent Pool" at the end of the application process in order to identify any other positions of interest to you. This includes, for example, applications for apprenticeships or internships. By accepting the data privacy statement, you consent to any further storage of your data as well as its inclusion in our Talent Pool.
Should you be offered and accept a position with us during the application process, we will store the personal data collected as part of the application process for at least the duration of your employment.
Disclosure of data to third parties
Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. This database is operated by Personio GmbH, which offers a human resource and applicant management software solution (https://www.personio.com/legal-notice/). In this context, Personio is our processor under Article 28 of the GDPR. In this case, the processing is based on an agreement for the processing of orders between us as the controller and Personio.
As part of the application process, we may work with service providers who support us in the recruitment process. Insofar as they obtain knowledge of your personal data, we have concluded an additional agreement for the processing of orders with the service providers, which ensures that they may only process your data on our behalf and that the protection of your data is guaranteed.
Rights of data subjects
If we as the controller process personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR.
To assert your rights as a data subject in relation to the data processed during this online application process, please refer to our Data Protection Officer (see item 2).
Concluding provisions
We reserve the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the application process or other processes. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.
In addition to this data privacy statement, please view our general data privacy statement at https://www.anynines.com/data-privacy.
1.12. Data protection contact
The responsible entity for data processing as defined by Art. 4 GDPR is
anynines GmbH Science Park 2 66123 Saarbrücken Germany
Phone: +49 (0)681 - 30964190 Fax: +49 (0)681 - 309 64 191 Mail: mail@anynines.com
Statutory representative
Dipl.-Inf.(FH) Julian Fischer Science Park 2 66123 Saarbrücken Germany
Phone: +49 (0)681 - 30964190 Fax: +49 (0)681 - 309 64 191 Mail: mail@anynines.com
Data protection manager
Sicoda GmbH Peter Mühlemeier Rochusstraße 198 53123 Bonn Germany
Phone: +49 (0)228 / 28614060 Mail: dataprivacy@anynines.com