LOADING PLEASE WAIT..

Principles of Data Protection

    1. This privacy policy explains the type, scope and purpose of the processing of personal data within our online offering and the associated websites, functions and content (hereinafter jointly referred to as ‘online offering’ or ‘website’). The privacy policy applies regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) on which the online offer is executed.

    2. The terms used in this privacy policy correspond to the wording of the General Data Protection Regulation (GDPR), in particular the definitions in Art. 4 GDPR. For better understanding, we have defined the terms relevant to this statement below:

      1. Personal data


        Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as ‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

      2. Data subject

        Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

      3. Processing

        Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

      4. Restriction of processing


        Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.

      5. Profiling

        Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

      6. Pseudonymisation

        Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

      7. Controller or controller responsible for the processing

        Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

      8. Processor

        Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

      9. Recipient

        Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients.

      10. Third party

        A third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorised to process the personal data.

      11. Consent

        Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. The personal data of users processed in the context of this online offer includes inventory data (e.g., names and addresses of customers), contract data (e.g., services used, names of clerks, payment information), usage data (e.g., the websites visited on our online offer, interest in our products) and content data (e.g., entries in the contact form).

    3. We also use the term ‘user’ in this statement. This has the same meaning as the term ‘data subject’ within the meaning of the GDPR. This includes all visitors to our online offering, regardless of whether we already have a contractual relationship with them or not.

    4. All terms used in this statement, such as ‘user’, are to be understood as gender-neutral.

    5. As part of our business activities, we comply with the relevant data protection regulations. We therefore only process users' personal data if we are legally authorised to do so. According to the legal regulations, we are permitted to process personal data in particular if this processing is necessary for the provision of our contractual services (e.g. processing of orders) and online services, or if the processing is based on legal obligations imposed on us. In addition, we are permitted to process this data if the data subject has given consent and/or if we process the data on the basis of legitimate interests (e.g. to track criminal (cyber) attacks on our (computer) system).

    6. The party responsible for data processing is:

      workmatrix GmbH
      Jordanstrasse 18
      88444 Ummendorf
      Germany

      Register court:: Amtsgericht Ulm
      Register number: HRB 723554
      Managing Director: Stefan Elsner

      Telephone: 07351 421720
      E-Mail: monitor@workmatrix.de

    7. The legal basis for data processing in the context of the consent of the data subject is Art. 6 para. 1 lit. a. and Art. 7 GDPR, for processing for the fulfilment of our services and implementation of contractual measures Art. 6 para. 1 lit. b. GDPR, for processing for the fulfilment of our legal obligations Art. 6 para. 1 lit. c. GDPR, and for the legal basis for the processing for the protection of our legitimate interests Art. 6 para. 1 lit. f. GDPR.

  1. Security measures

    1. In order to protect the personal data of our users, we take organisational, contractual and technical security measures in accordance with the state of the art.

    2. These security measures include, in particular, the encrypted transmission of data between the browser of the respective user and our server.

    3. However, we would like to point out that e-mails can be stored and transmitted unencrypted.

  2. Disclosure of data to third parties and third-party providers

    1. Data is only passed on to third parties within the framework of the legal requirements. We only pass on user data to (external) third parties if this is necessary, for example, on the basis of Art. 6 para. 1 lit. b) GDPR for contractual purposes, if we are legally obliged to do so or if this transfer is based on our legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR. GDPR.

    2. If we use subcontractors to provide our services, we take appropriate legal precautions and corresponding technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal regulations. We also oblige our subcontractors to comply with data protection regulations, in particular by using the necessary technical and organisational measures.

    3. If content, tools or other means from other providers (hereinafter jointly referred to as ‘third-party providers’) are used as part of our website and their registered office is located in a country outside the scope of the GDPR (i.e. outside the European Union or the European Economic Area), it must be assumed that data is (also) transferred to this country. However, data is only transferred to such countries (‘third countries’) if an adequate level of data protection exists in these countries or if the user has consented to this transfer or is otherwise legally authorised to do so. At present, no such content, tools or other means are used on our website.

  3. Contacting us

    1. If personal data is sent to us by e-mail, we use it exclusively within the scope of legal permission, i.e. to process any enquiry or within the scope of consent given. Personal data obtained from users in this way is stored separately from other personal data obtained in other business operations during the processing procedure.

    2. If applications are sent to us electronically, we process the personal data contained therein solely for the purpose of handling the application process. If we subsequently conclude an employment contract with the applicant, the transmitted data will be further processed and stored for the purpose of processing the employment relationship in compliance with the legal requirements. If an employment contract is not concluded with the applicant, the application documents will be deleted by us if and as long as there are no legitimate interests on our part to the contrary, such as a burden of proof in proceedings under the General Equal Treatment Act (AGG).

  4. Collection of access data and log files

    1. We collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

    2. Log file information is stored for security reasons (e.g. to investigate misuse or fraud) for a maximum of seven days and then deleted. Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

    3. The collection of this data is necessary for the technical provision of our website, so that the data collection is based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR. DSGVO takes place.

  5. Rights of users

    1. Users have the right to obtain information free of charge at any time about:

      1. the purposes for which we process the personal data;

      2. the categories of personal data processed by us;

      3. the recipients or categories of recipients to whom the personal data have been or will be disclosed;

      4. the planned duration of storage of the personal data concerning them or, if specific information on this is not possible, criteria for determining the duration of storage;

      5. any available information as to the source of the data if the personal data are not collected from the data subject;

      6. the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

    2. In addition, users have the following rights:

      1. Right to rectification

        Users have a right to rectification and/or completion vis-à-vis us if the processed personal data concerning them is incorrect or incomplete. We will make the correction without delay.

      2. Right to restriction of processing

        Users may request the restriction of the processing of personal data concerning them under the following conditions:

        1. if they contest the accuracy of the personal data concerning them for a period enabling us to verify the accuracy of the personal data;

        2. the processing is unlawful and they oppose the erasure of the personal data and request the restriction of their use instead;

        3. we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or

        4. if you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether our legitimate grounds override those of the user.

        If the processing of personal data relating to users has been restricted, this data - apart from its storage - may only be processed with the consent of the user or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

        If the restriction of processing has been restricted in accordance with the above conditions, we will inform the users before the restriction is lifted.

      3. Right to cancellation

        1. Obligation to erase

          Users may request that we delete the personal data concerning them immediately and we are obliged to delete this data immediately if one of the following reasons applies:

          • The personal data in question is no longer necessary for the purposes for which it was collected or otherwise processed.

          • The users revoke their consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.

          • The users object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or they object to the processing pursuant to Art. 21 para. 2 GDPR.

          • The personal data concerning the user has been processed unlawfully.

          • The deletion of the personal data concerning the user is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.

          • The personal data concerning the user has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

        2. Information to third parties

          If we have made the personal data concerning a user public and we are obliged to erase it pursuant to Art. 17 (1) GDPR, we shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform other controllers processing the personal data that the user, as the data subject, has requested the erasure by such controllers of any links to, or copy or replication of, that personal data.

        3. Exceptions

          The right to erasure does not apply if the processing is necessary

          • for exercising the right of freedom of expression and information;

          • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

          • for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;

          • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or for the establishment, exercise or defence of legal claims.

      4. Right to information

        If a user has asserted the right to rectification, erasure or restriction of processing against us, we are obliged to notify all recipients to whom the personal data concerning the user has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

        The user has the right vis-à-vis us to be informed about these recipients.

      5. Right to data portability

        Users have the right to receive the personal data concerning them, which they have provided to us, in a structured, commonly used and machine-readable format. They also have the right to transmit this data to another controller without hindrance from us, provided that

        1. die Verarbeitung auf einer Einwilligung gem. Art. 6 Abs. 1 lit. a DSGVO oder Art. 9 Abs. 2 lit. a DSGVO oder auf einem Vertrag gem. Art. 6 Abs. 1 lit. b DSGVO beruht undthe processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and

        2. the processing is carried out by automated means.

        In exercising this right, users also have the right to obtain that the personal data concerning them be transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

        The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

      6. Right to objec

        Users have the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

        We will then no longer process the personal data concerning the user unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the user or for the establishment, exercise or defence of legal claims.

        If the personal data concerning users are processed for direct marketing purposes, they have the right to object at any time to the processing of personal data concerning them for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing. We do not currently carry out such processing.

        If users object to processing for direct marketing purposes, their personal data will no longer be processed for these purposes.

        Users have the option of exercising their right to object in connection with the use of information society services - notwithstanding Directive 2002/58/EC - by means of automated procedures that use technical specifications.

        Users can also revoke their consent at any time, generally with effect for the future, and object to the future use of their data, insofar as this is possible on the basis of legal regulations.

      7. Right to lodge a complaint with a supervisory authority

        Without prejudice to any other administrative or judicial remedy, users have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement if they consider that the processing of personal data relating to them infringes the GDPR.

        The supervisory authority responsible for us is:

        Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit
        Baden-Württemberg
        Postfach 10 29 32
        70025 Stuttgart

        Königstraße 10a
        70173 Stuttgart

        Tel.: 0711/61 55 41 – 0
        Fax: 0711/61 55 41 – 15
        E-Mail: poststelle@lfdi.bwl.de
        Internet: https://www.baden-wuerttemberg.datenschutz.de

        The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

  6. Deletion of data

    1. The data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the user's data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax law reasons.

    2. According to legal requirements, data is stored for 6 years in accordance with Section 257 (1) HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with Section 147 (1) AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).

  7. Changes to the privacy policy

    1. We reserve the right to amend the data protection declaration in order to adapt it to changed legal situations or in the event of changes to the service and data processing. However, this only applies with regard to declarations on data processing. If user consent is required or components of the privacy policy contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.

    2. Users are requested to inform themselves regularly about the content of the privacy policy.