Data Privacy Statement
The following information should give you an overview as a "data subject" of how your personal data is processed by us and which rights you have according to the General Data Protection Regulation. Our internet pages can actually be used without entering any personal data. However, if you want to use specific services offered by our company on the web pages, processing of personal data might be required. If this is required, and if there is no legal basis for processing these data, then we generally ask for your consent.
Processing personal data, such as your name, your address or e-mail address, always adheres to the General Data Protection Regulation (GDPR) and is in accordance with the German Data Protection Regulations mandatory for „UIC GmbH ". With this data privacy statement, we would like to inform you about how many of your personal data are collected and for which reason we are doing so.
Due to our responsibility for processing the data we have implemented numerous technical and organizational procedures in order to safeguard personal data that has been processed via our internet page. However, internet-based transfer of data can have security gaps, so complete data security cannot be guaranteed. Therefore, you have the option to submit personal data to us by phone or mail.
Controller according to GDPR is:
Am Neuen Berg 4
T: +49 6023 950-0
F: +49 6023 950-250
Head of the responsible unit/department:
3. Data Protection Officer
Contact details of Data Protection Officer:
c/o J.S. EDV-Systemberatung GmbH
Waldweg 34, 63843 Niedernberg, Deutschland
Telefon: 06028 97 45-0
Telefax: 06028 97 45 45
E-Mail: Datenschutz (at) JSGmbH.de
You can contact our Data Protection Officer directly at any time with any questions.
4. Definition of Terms
The Data Protection Statement uses the terminology introduced by the European regulative and directive authorities, who have created the General Data Protection Regulation (EU-GDPR). Our statement should be easy to read for the general public as well as for our clients and business partners. To ensure that, we would like to explain some of the terms beforehand.
The following terms, among others, are used in this Data Protection Statement:
a. Personal Data
Personal data encompasses all information that can be linked to an identifiable natural person. A natural person is identifiable when he/she can directly or indirectly be identified by an identifier such as a name, an identification number, location data, online-code, or by other specific features which are either expressed physically, physiologically, genetically, mentally, economically, culturally or socially as being part of the identity of this natural person.
b. Data Subject
A data subject is every identifiable natural person whose personal data is processed by the processor (our company).
Processing refers to each process that is automatized, with or without help, to collect, record, organize, sequence, store, adapt or amend, select, retrieve, use, publish by transfer, disseminate or make accessible, compare or connect, limit, erase or eradicate personal data.
d. Restrictions for processing
Restriction for processing means to label stored personal data with the aim to restrict future processing.
Profiling refers to every kind of automatic processing of personal data where the data are used to evaluate specific personal features that refer to a natural person. For instance, it is profiling when aspects of this natural person are used to analyze and predict his/her job performance, economic status, health, personal preferences, interests, reliability, behavior, whereabouts or change of location.
Pseudonymisation refers to a way of processing personal data so that it can no longer be linked to a specific person, unless further information is added that has been stored separately, and by applying technical and organizational procedures that ensure that these personal data cannot be assigned to an identifiable or natural identifiable person.
A Processor is a natural or judicial person, authority, entity or other office that processes data on behalf of a controller.
A Recipient is a natural or judicial person, authority, entity or other office which personal data is disclosed to, regardless of the fact if it is a third party or not. Authorities who have the authorization to conduct an investigation, according to union regulations or the legislation of a member state, and might therefore receive personal data, are not classified as recipients.
i. Third Party
A third party is any natural or judicial person, authority, entity or other office except for the data subject, the controller, the processor and any persons, who are entitled, under the direct responsibility of a controller or a processor, to process personal data.
Consent is a voluntary, and for this specific case, well-informed, declaration of intent or other form of clearly identifiable action that a person gives his/her permission to process his/her personal data.
5. Legal Basis for Processing Data
Article 6 EU-GDPR forms the legal basis which requires us to get consent for a specific processing purpose.
When personal data is required to fulfill a contract, such as product delivery or other services, and you are the contract partner, then processing of these data is based on Article 6 EU-GDPR. The same is valid for processing operations that require pre-contractual measures, such as when inquiring about our products or services.
When our company is legally obligated to process personal data, for example, due to tax responsibilities, then processing is based on Article 6 paragraph 1 lit. c EU-GDPR.
In rare cases, when vital interests of the data subject, or any natural person need to be protected, processing of personal data can be mandatory for instance, when a visitor to our company is injured and his/her personal data (e.g. name, age, health insurance data or any other vital information) are transferred to a medical doctor, hospital or any other third party involved, then processing is based on Article 6 paragraph 1 lit. d EU-GDPR
Processing operations, which are not included in any other legal framework, could be based on Article 6 paragraph 1 lit. f EU-GDPR, when processing is required to preserve a legitimate interest of our company or of a third party, so long as the interests, basic rights and basic freedom of the individual are not compromised. These processing operations are permitted because they have been specifically stated by the European legislator. They have expressed the view that a special interest can be assumed when you are a client of our company. (recital 47 sentence 2 EU-GDPR).
6 Technical Aspects
This page uses an SSL/TLS encryption to ensure that data processing and transfer of personal data is safe (e.g. for orders, login data or contact requests). You can recognize an encrypted connection when you see in the address line of your browser a https:// with a lock symbol instead of just "http://".
When the SSL and/or TLS encryption is activated, data that you send to us cannot be read by a third party.
6.2 Collecting Data when Visiting the Internet Page
When you only visit our webpage for informational purposes, without registering yourself or transferring data to us in any other way, then we only collect data that are transferred from your browser to our server (in so called „server-log files "). Our internet page collects a series of general data and information every time it is visited by you or by an automated system. These general data are stored in the log files of the server. The following data can be collected:
1. type and version of browser used
2. operating system used by the accessing system
3. the internet page which the accessing system uses to get onto our internet page (so called referrer)
4. the sub-web pages, which are controlled by an accessing system from our internet page
5. date and time when accessing the internet page
6. a shortened internet protocol address (anonymized IP address)
7. the internet service provider of the accessing system.
When using these general data and information we do not draw any conclusions about your person. This information is necessary to:
1. be able to deliver the content of the internet page correctly
2. optimize the content of the webpage and the advertisements
3. enable that our IT systems and its technology are working
4. be able to submit necessary information to a law enforcement agency in case of a cyber attack
These collected data and information are statistically evaluated by us with the aim to increase data protection and data security in our company, and also optimize data protection of personal data that is being processed by us. The anonymous data of the server log files are stored separately from the personal data.
The legal basis of data processing is Article 6 paragraph 1 page 1 lit. f EU-GDPR. Our legitimate interest derives from the above listed purposes to collect data.
7. Transfer of Data to a Third Party
Transferring data to a third party is only done for the purposes listed below.
We only transfer your personal data to a third party when:
1. you have given your consent according to Article 6 paragraph 1 page 1 lit. a EU-GDPR.
2. transferring your personal data is absolutely acceptable to protect our legitimate interests according to Article 6 paragraph 1 page 1 lit. f EU-GDPR, and when there is no reason to assume that you have an interest that needs to be protected in order not to transfer your data.
3. there is a legal obligation according to Article 6 paragraph 1 page 1 lit. c EU-GDPR to transfer your data.
4. it is permitted by law according to Article 6 paragraph 1 page 1 lit. b EU-GDPR to process a contract with you.
8.1 General Information about Cookies
Information is placed in a created cookie dependent on which end device you use. We do not receive any information about your identity.
Using cookies helps us to create our offer so that it is easier for you to use. Therefore, we use so-called session cookies that recognize when you have already visited individual pages of our website. When you leave our page they are automatically erased.
Additionally, we use temporary cookies to optimize usability of our webpage. These cookies are stored on your end device for a certain time. When you then use our services again, these cookies automatically help the system to recognize that you have already been here and which entries and feeds you have made so that you do not have to repeat them.
Data that are processed by cookies are necessary to preserve our legitimate interests and those of a third party according to Article 6 paragraph 1 page 1 lit. f EU-GDPR.
Most browsers accept cookies automatically. However, you can set your computer in a way that cookies are not stored in your computer, or that you always get notified before a cookie is stored. If you completely deactivate cookies, you cannot use all functions offered by our webpage.
9 Content of Our Webpage
9.1 Getting into Contact/Forms
When you get in contact with us (e.g. using the contact form or by e-mail) personal data is collected. The data that is collected when you fill in the contact form can be seen when opening the respective form. These data are only used to answer your request or to contact you and are stored and used by the technical administration. The legal basis for processing the data is our legitimate interest to answer your request according to Article 6 paragraph 1 page 1 lit. f EU-GDPR. When you get in contact to conclude a contract, then this is an additional legal reason according to Article 6 paragraph 1 page 1 lit. b EU-GDPR. Your personal data is erased after your request has been processed if there is no legal obligation to retain data as it is assumed that the issue has been resolved.
9.2 Application Management
We collect and process personal data of applicants to be able to handle application procedures. The processing can also be done electronically, which is the case when an applicant submits his/her application documents electronically by e-mail or by using the web form on our webpage. When we conclude an employment contract with an applicant the transferred data are stored to be used for the application procedure, respective of the legal requirements. When no employment contract is signed with the applicant the data collected by us are automatically erased two months after the respective applicant has been informed about the refusal, unless the erasure is against our legitimate interests. A legitimate interest, in that regard, is for example, the burden of proof in a proceeding under the General Equality Treatment Act (German Civil Law).
Data are processed based on our legitimate interest according to Article 6 paragraph 1 page 1 lit. f EU-GDPR
9.3 Google Maps
This page uses the map service Google Maps via an API. This service is offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
In order to be able to use this function your IP address is transferred to a Google server in the USA and stored there. The provider of this page has no influence on the transfer of that data.
We use Google Maps because it is in our interest to have an attractive online offer and so the locations indicated on our webpage can be more easily found. This is an eligible interest according to Article 6 paragraph page 1 EU-GDPR.
You can find more information about using data of users in the data privacy statement of Google: https://www.google.de/intl/de/policies/privacy/.
9.4 Web Analysis
This webpage uses Google Analytics, a web based analysis service of Google Inc. ("Google").
Google Analytics uses so-called "cookies", which are stored on your computer and enable analyzing the user of a webpage. The information that is generated by using the webpage is usually transferred to a Google server in the USA and stored there.
Due to the IP anonymization of this webpage, your IP address is shortened within the member states of the European Union or other countries that have signed a treaty with the European Economic Area by Google. Only in exceptional cases is the complete IP address transferred to Google in the USA and stored there.
On behalf of the operator of this webpage, Google is going to use this information to evaluate usage of the webpage, to create reports about activities on the webpage und to offer more services for the webpage provider that are related to using the webpage and the internet.
The IP address that is transferred from your browser by Google Analytics is not connected to any other data.
You can prevent cookies from being stored by utilizing a setting in your browser software. Additionally, you can prevent collection of data generated by the cookies used by Google Analytics by downloading and installing the following browser-plugin: http://tools.google.com/dlpage/gaoptout?hl=de
As the provider of this webpage we have an agreement with Google Analytics Germany according to the German Civil Law (BDSG) §11 concerning commissioned data processing.
10 Your Rights as A Data Subject
10.1 Right to Obtain Confirmation
You are entitled to request confirmation by us about whether your personal data are processed.
10.2 Right to Receive Information (Article 15 EU-GDPR)
You are entitled to receive information about your personal data we have stored as well as receive a copy of these data without any costs involved.
10.3 Right to Rectification (Article 16 EU-GDPR)
You are entitled to ask for rectification of specific personal data that are incorrect. Additionally, the data subject has the right to ask for completion of incomplete personal data when the data are being processed.
10.4 Erasure (Article 17 EU-GDPR)
You are entitled to request from us immediate erasure of any personal data, as long as the legal requirements are met and further processing is not required.
10.5 Right to Restriction of Processing (Article 18 EU-GDPR)
You are entitled to request restriction of processing from us, as long as the legal requirements are met.
10.6 Right to Data Portability (Article 20 EU-GDPR)
You are entitled to receive your personal data, which we have been provided with by you, in a structured and machine readable format. Furthermore, you have the right to transfer these data to another responsible party that has been provided with your personal data, without our interference, as long as consent has been given according to Article 6 paragraph 1 lit. a EU-GDPR or Article 9 paragraph 2 lit. a EU-GDPR, or it is based on a contract according to Article 6 paragraph 1 lit. b EU-GDPR and the transfer is conducted applying automated processes, as long as the processing is not necessary to assume a task in the interest of the public or when public violence is exercised.
Additionally, when you exercise your right to data portability, you are entitled to request direct data transfer from one responsible party to another, according to Article 20 paragraph 1 EU-GDPR. This applies only if it can be done technically and the rights and freedoms of other persons are not impaired.
10.7 Right to Object (Article 21 EU-GDPR)
You are entitled to object to processing of your personal data at any time for reasons that result from your special situation according to Article 6 paragraph 1 lit. e EU-GDPR e (data processing in the public interest) or f (data processing considering interests) EU-GDPR.
These same regulations apply to supported profiling based on Art. 4 Nr. 4 EU-GDPR.
When you object your personal data is no longer processed, unless legitimate reasons for processing can be proven, which outweigh your interests, rights and freedom, or the processing serves the purpose to justify, exercise or defend legal claims.
In individual cases, we process personal data for the purpose of direct advertising. You can object to processing of personal data for this purpose at any time. This is also true for profiling, as long as it is connected to direct advertising. If you object to our processing your personal data for the purpose of direct advertising your personal data will no longer be used for this purpose.
You are also entitled to object to our processing of your personal data when it concerns your personal situation, unless this processing is necessary to serve a task exercised in the public interest. This processing is conducted by us for scientific, historic or statistical purposes according to Article 89 paragraph 1 EU-GDPR.
When using services provided by the information society, notwithstanding guideline 2001/58/EG, you are entitled to opt out, via automated procedures, when technical specifications are used.
10.8 Right to Withdraw Consent to Data Privacy Statement
You are entitled to withdraw your consent to future processing of your personal data at any time.
10.9 Filing a Claim with The Supervisory authorities
You are entitled to file a claim with the respective supervisory authorities about our way of processing your personal data.
11 Routinely Storing, Erasing and Blocking Personal Data
We only process and store your personal data for the time that is necessary to achieve the aim of storing the data, or when it is necessary due to legal regulations that are obligatory for our company.
When the purpose of storage ceases or a prescribed storage period expires, personal data are automatically blocked and deleted according to the respective legal regulations.
12 Duration for storing personal data
The criterion for how long personal data are stored is the respective legal retention period. After this period expires, data are automatically erased if they are no longer necessary to fulfil any contractual requirements.
13 Timeliness and Changes to The Data Privacy Statement
This data privacy statement is currently applicable as of May 2018.
Due to further development of our webpage and offers, or laws and/or regulations that are changed, altering the data privacy statement might become necessary. The most current data privacy statement can always be accessed and printed from "https://www.uic-gmbh.de/en/data-privacy.php"