Data Protection
This privacy notice informs you about our handling of your personal data. We would like to present you with an overview of this processing to ensure that it is transparent and verifiable. In order to ensure fair processing, this privacy notice contains general information about our processing of your personal data and information about your rights in accordance with the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
We will also inform you in detail about:
I. General information
II. Data processing on our website
III. Data processing on our social media sites
IV. Further data processing
Janz Tec AG, Im Dörener Feld 8, 33100 Paderborn, Germany (hereinafter referred to as “we” or “us”) is responsible for the data processing.
I. General information
1. Contact
If you have any questions or suggestions regarding this information, or if you want to contact us to assert your rights, please address your query to
Janz Tec AG
Im Dörener Feld 8
33100 Paderborn
Germany
Phone: +49 52 51 / 15 50 0
E-Mail:
2. Legal basis
We process personal data taking the relevant data protection provisions into account, in particular those of the GDPR and BDSG. Data processing conducted by us is only done on the basis of a legal permit. We only process personal data with your consent (section 25 para. 1 TDDDG or Art. 6 para. 1 sentence 1 a) GDPR) to fulfil a contract to which you are a party, or in order to take steps at your request prior to entering into a contract (Art. 6 para. 1 sentence 1 b) GDPR), to comply with a legal obligation (Art. 6 para.1 sentence 1 c) GDPR) or when processing is necessary to maintain the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms which require protection of personal data (Art. 6 para. 1 sentence 1 f) GDPR).
3. Duration of storage
Unless the following information specifies otherwise, we shall only store your personal data as long as is necessary for achieving the processing purpose or for the performance of our contractual or legal obligations. Legal storage obligations may in particular arise from commercial or tax-related regulations.
4. Recipient of the data
We make use of commissioned service providers for individual processing operations. This includes, for example, hosting, maintenance and support of IT systems, marketing measures or destruction of files and data carriers. These service providers will only process the personal data following explicit instructions and are contractually obligated to guarantee the implementation of sufficient technical and organisational data protection measures. In addition, we may transfer personal data of our customers to parties such as postal and delivery services, payment and information services, banks, tax consultants/auditors or the tax authorities. Should your data be transferred to further recipients, you can find this information under the description of the respective processing activity.
5. Data transfer to third countries
Our data processing operations may involve the transfer of certain personal data to third countries, i.e. countries where the GDPR is not applicable law. Such a transfer takes place in a permissible manner if the European Commission has determined that an adequate level of data protection is required in such a third country. If such an adequacy decision by the European Commission does not exist, a transfer of personal data to a third country will only take place if appropriate safeguards pursuant to Art. 46 GDPR are in place or if one of the conditions of Art. 49 GDPR is met.
Unless otherwise stated below, we use the EU standard data protection clauses as appropriate safeguards for the transfer of personal data to third countries. You have the possibility to obtain a copy of these EU standard data protection clauses or to inspect them. To do so, please contact us at the address given under Contact. If you consent to the transfer of personal data to third countries, the transfer is made on the legal basis of Art. 49 para. 1 a GDPR.
6. Processing in the exercise of your rights pursuant to Art. 15 to 22 GDPR
If you exercise your rights pursuant to Art. 12 to 22 GDPR, we will process the personal data transmitted for the purpose of implementing these rights by us and to be able to provide proof of this. For the purpose of providing information and preparing such information, we will process stored data only for this purpose and for purposes of data protection control and otherwise restrict processing in accordance with Art. 18 GDPR.
These processing operations are based on the legal basis of Art. 6 para. 1 c) GDPR in connection with Art. 15 to 22 GDPR and section 34 para. 2 BDSG.
7. Your rights
As an affected person, you have the right to assert your rights as an affected person vis-à-vis our company. You have the following rights in particular:
- In accordance with Art. 15 GDPR and section 34 BDSG, you have the right to demand information on whether we process your personal data, and if so, to what extent.
- You have the right, in accordance with Art. 16 GDPR, to demand the rectification of your personal data.
- You have the right, in accordance with Art. 17 GDPR and section 35 BDSG, to demand the deletion of your personal data. You have the right, in accordance with Art. 18 GDPR, to demand the limitation of the processing of your personal data. You have the right, in accordance with Art. 20 GDPR, to receive the data concerning your person which you have provided us with, in a structured, commonly used and machine-readable format, and to transmit this personal data to another controller.
- You can withdraw granted consent in accordance with Art. 7 para. 3 GDPR. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- If you are of the opinion that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.
8. Right to object
As stipulated in Art. 21 GDPR, you have the right to object to any processing which arises from the legal basis in Art. 6 para. 1 sentence 1 e) or f) GDPR. If we process personal data for direct marketing purposes, you can object to this processing in accordance with Art. 21 para. 2 and para. 3 GDPR.
9. Contact details data protection officer
E-Mail:
Herting Oberbeck Datenschutz GmbH
Hallerstraße 76, 20146 Hamburg
https://www.datenschutzkanzlei.de
II. Data processing on our website
When using the website, we collect information that you provide yourself. In addition, certain information about your use of the website is automatically collected during your visit to the website. In data protection law, the IP address is generally also considered a personal date. An IP address is assigned to every device connected to the internet by the internet provider so that it can send and receive data.
1. Processing of server log files
In case of a purely informative use of our website, general information which is transmitted by your browser to our server is automatically (hence not via registration) stored. By default, this includes: type of browser/version, operating system used, accessed page, previously accessed page (referrer URL), IP address, date and time of the server query and HTTP status code.
The processing is necessary for the purposes of pursuing our legitimate interests and is based on the legal foundation of Art. 6 para. 1 sentence 1 f) GDPR. This processing serves the technical administration and security of our website. The stored data is deleted when there are no specific indications that prompt us to suspect, on reasonable grounds, any illegal activity which requires the further review and processing of the information for this reason. We will not be able to identify you as a data subject from the information we hold. Therefore Art. 15 to 22 GDPR do not apply pursuant to Art. 11 para. 2 GDPR, unless you provide additional information to enable identification in order to exercise the rights set out in these articles.
2. Contact form
Our website contains a contact form which you can use to send us messages. The transfer of your personal data in these messages is encrypted. All data fields designated as mandatory fields are required to process your request. Your request cannot be processed if you do not provide all the necessary information. The disclosure of other personal data is voluntary. Alternatively, you can send us a message via the contact email address. We process the data for the purpose of responding to your request.
If your request is directed towards the conclusion or performance of a contract with us, Art. 6 para. 1 b) GDPR is the legal basis for the data processing. Otherwise, we process the data on the basis of our legitimate interest in contacting enquirers. The legal basis for the data processing is then Art. 6 para. 1 f) GDPR.
3. White Paper
You also have the option of receiving white papers on various specialist IT issues via our website. We collect the personal data available from the respective form in order to provide you with a white paper. The legal basis for the data processing is provided in Art. 6 para. 1 sentence 1 b) GDPR.
4. Support Platform
We offer a support platform through which our customers can submit support requests. Personalized access data (e-mail address and password) are required for use. Further personal data may be processed within the scope of use. The data will only be processed for the purpose of providing the service. The processing is based on the legal basis of Art. 6 para. 1 b) GDPR.
5. Newsletter
Our website also provides the option of subscribing to our newsletter. Once you subscribe, we will regularly provide you with news on our current offers. Subscribing to the newsletter requires a valid email address. If you subscribe to our newsletter on our website, we will process personal data such as your email address and possibly your name for dispatching purposes. We also track your reading behaviour and the access rates of our newsletter. Here, we analyse how often you accessed the newsletter and which links were clicked. The legal basis for this processing is provided in Art. 6 para. 1 sentence 1 a) GDPR. You can withdraw your consent at any time by unsubscribing from our newsletter.
To verify the email address, you will first receive a registration email which you must confirm via a link (double opt-in). When subscribing to the newsletter, we also store the IP address, as well as the date and time of the registration. Processing of this data is required to prove that consent has been issued. The legal basis arises from our legal obligation to document your consent (Art. 6 para. 1 sentence 1 c) in conjunction with Art. 7 para. 1 GDPR).
6. Cookies
We use cookies and similar technologies (“cookies”) on our website. Cookies are small sets of data that are stored by your browser when visiting a website. Through this your browser will be identified and can be recognized by webservers. You have full control over the use of cookies through your browser. You can delete the cookies in the security settings of your browser at any time. You can object to the use of cookies through your browser settings in general or for specific cases.
The use of cookies is partly technically necessary for the operation of our website and thus permissible without the consent of the user. In addition, we may use cookies to offer special features and content as well as for the purpose of analysis and marketing purposes. These may also include cookies from third party providers (so-called third-party cookies). We use such technically unnecessary cookies only with your consent pursuant to section 25 para. 1 TDDDG and, if applicable, Art. 6 para. 1 a) GDPR. You can find information about the purposes, providers, technologies used, data stored and the storage period of individual cookies in the cookie settings of our Consent Management Tool. You can access the Consent Management Tool again by going to “Cookie Settings” in the footer (baseboard) of the website.
7. Consent Management Tool
This website uses the Consent Management Tool Borlabs of Borlabs GmbH (Germany/EU) to control cookies and the processing of personal data.
The consent banner enables users of our website to give their consent to certain data processing procedures or to revoke their consent. By confirming the “Accept all” button or by saving individual cookie settings, you consent to the use of the associated cookies.
The legal basis under data protection law is your consent within the meaning of Art. 6 para. 1 a) GDPR.
In addition, the banner helps us to be able to provide evidence of the declaration of consent. For this purpose, we process information about the declaration of consent and further log data about this declaration. Cookies are also used to collect this data. The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis results from our legal obligation to document your consent (Art. 6 para. 1 c) in conjunction with Art. 7 para. 1 GDPR).
You can withdraw your consent for cookies here: Cookie settings
8. Google Tag Manager
We use the Google Tag Manager of the provider Google Ireland Limited (Ireland, EU) on our website. The Google Tag Manager is used to manage our website tags via an interface. The Google Tag Manager is a cookie-free domain to which the IP address is transmitted for technical reasons. The Google Tag Manager merely triggers other tags, which in turn may collect data without accessing this data themselves. If deactivation has been carried out at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.
Your data is processed based on Art. 6 para. 1 f) GDPR and is based on our legitimate interest in the optimization and economic operation of our website as well as the administration of our website services and the triggering of tags.
Further information on data processing can be found at: https://support.google.com/tagmanager/answer/7157428.
9. Google AdWords Conversion Tracking
We use the online advertising programme Google AdWords by Google Ireland Limited, (Irland/EU) to run advertisements with Google. If you access our website via a Google advertisement, Google will set a cookie on your end device (“conversion cookie”). Each AdWords customer is assigned a different conversion cookie so that the cookies cannot be tracked via the websites of other AdWords customers. The information obtained through the cookie is used to compile conversion statistics. We use this to determine the total number of users who clicked one of our Google advertisements. However, we do not receive any information which can be used to personally identify the user.
Insofar as personal data is processed in this context, this is based on your consent as the legal basis (Art. 6 para.1 a) GDPR). You have the right to withdraw your consent at any time with effect for the future by adjusting the settings on our Consent banner. You can open the Consent Management Tool by calling up “Cookie Settings” in the footer (baseboard) of the website. The withdrawal of your consent does not affect the lawfulness of the processing carried out on the basis of your consent until the withdrawal.
10. Google Analytics
We use the Google Analytics service of the provider Google Ireland Limited (Ireland, EU) on our website.
Google Analytics is a web analytics service that enables us to collect and analyse data about the behaviour of visitors to our website. Google Analytics uses cookies to analyse the use of our website. This involves the processing of personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about interaction with our website.
Some of this data is information stored in the terminal device you are using. In addition, further information is also stored on your end device via the cookies used. Such storage of information by Google Analytics or access to information already stored in your terminal device will only take place with your consent.
Google Ireland will process the data collected in this way on our behalf in order to evaluate the use of our website by users, to compile reports on the activities within our website and to provide us with other services associated with the use of our website and the use of the Internet. In doing so, pseudonymous user profiles of the users can be created from the processed data.
The setting of cookies and the further processing of personal data described here takes place with your consent. The legal basis for the data processing in connection with the Google Analytics service is therefore Art. 6 para. 1 a) GDPR. You can revoke this consent via our Consent Management Tool at any time with effect for the future.
The personal data processed on our behalf to provide Google Analytics may be transferred to any country in which Google Ireland or Google Ireland’s sub-processors maintain facilities. Please refer to the information in the section “Data transfer to third countries”.
We only use Google Analytics with IP anonymisation activated. This means that the IP address of the user is shortened by Google Ireland within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The IP address transmitted by the user’s browser is not merged with other data. Further information on the use of data for advertising purposes can be found in Google’s privacy policy at: www.google.com/policies/technologies/ads/.
We use the Google Analytics 4 variant, which allows us to track interaction data from different devices and from different sessions. This allows us to put individual user actions in context and analyse long-term relationships.
Data on user actions is stored for a period of 14 months and then automatically deleted. All other event data is stored for 2 months and then automatically deleted. The deletion of data whose storage period has expired takes place automatically once a month.
We also use the Google Analytics(remarketing) advertising features. This function enables us, in conjunction with the cross-device functions of Google, to display advertisements in a more targeted manner and to present users with ads that are tailored to their interests. Through remarketing, users are shown ads and products that have been identified as being of interest on other websites in the Google network. The function allows us to link advertising target groups created via Google Analytics Remarketing with the cross-device functions of Google Ads. In this way, interest-based, personalised advertising messages that have been adapted to a user depending on previous usage and surfing behaviour on one end device (e.g. mobile phone) can also be displayed on another end device of the user (e.g. tablet or PC).
If you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. In this way, the same personalised advertising messages can be displayed on every end device on which you log in with your Google account. The aggregation of the collected data in your Google Account is based solely on your consent, which you can give or revoke at Google. For these linked services, data is then collected via Google Analytics for advertising purposes. To support the remarketing function, Google Analytics collects users’ Google-authenticated IDs, which are temporarily linked to our Google Analytics data. This is used to define and create target groups for cross-device ad advertising.
11. Google reCAPTCHA
We use the reCAPTCHA service of Google Ireland Limited (Ireland/EU) when registering for the corporate customer portal. For such integration, processing of your IP address is technically necessary so that the content can be sent to your browser. Therefore, your IP address is transmitted to Google Ireland. In addition, Google Ireland collects further data, e.g., about your browser and your click patterns. For security reasons, we use the service to check whether form entries are submitted by a natural person. Thus, automated access attempts and attacks can be detected and warded off. We are required by law to take technically and commercially reasonable measures to ensure the security of the portal. The legal basis is Art. 6 (1) lit. c GDPR in conjunction with Art. 32 GDPR and section 19 para. 4 TDDDG.
When using the service, a transfer of your data to the USA cannot be ruled out. Please note the information in the section “Data transfer to third countries”. Further information on data protection at Google can be found in Google’s privacy policy at https://www.google.com/policies/privacy.
III. Data processing on our social media sites
We are represented on several social media platforms with company accounts. In this way, we would like to offer additional options for information about our company and for dialogue. Our company has company accounts on the following social media platforms:
- Facebook of Meta Platforms Ireland Limited, (Ireland, EU), hereinafter “Meta“;
- Instagram of Meta Platforms Ireland Limited, (Ireland, EU), hereinafter “Meta“;
- LinkedIn of LinkedIn Ireland Unlimited Company, (Ireland, EU), hereinafter “LinkedIn“;
- XING of NEW WORK SE, (Germany, EU), hereinafter “XING“.
When you visit or interact with an account on a social platform, personal data about you may be processed. The information associated with a social media account used also regularly constitutes personal data. This also includes messages and statements made using the profile. In addition, certain information is often automatically collected during your visit to a social media account, which may also constitute personal data.
1. Data processing during the visit of a social media account
When you visit our social media accounts, which we use to present our company or products from our portfolio, certain information about you is processed. Sole controllers for this processing of personal data are the operators of the social media platforms. Further information on the processing of personal data can be found in their privacy policies, which we link to below:
- Meta (https://www.facebook.com/privacy/policy/version/5601719079934335). Meta offers the option of objecting to certain data processing; information and opt-out-options can be found at https://www.facebook.com/settings?tab=ads;
- LinkedIn (https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy);
- XING (https://privacy.xing.com/en/privacy-policy).
The operators of the social media platforms collect and process event data and profile data and provide us with anonymized statistics and insights for our accounts, with help us to gain knowledge about the types of actions that people taken on our site (so-called “insights”). The insights are created based on certain information about people who have visited our site. This processing of personal data is carried out by the operators of the social media platforms and us as joint controllers. The processing serves our legitimate interest in analyzing the types of actions taken on our site and improving our site based on these findings. The legal basis for this processing is Art. 6 section 1 letter f) GDPR.
We cannot assign the information obtained through insights to individual user profiles that interact with our accounts. We have entered into agreements with the operators of the social media platforms on processing as joint controllers, in which the distribution of data protection obligations between us and the operators is specified. Details on the processing of personal data for the creation of insights and the agreement concluded between us and the operators can be found at the following links:
- Meta (https://www.facebook.com/legal/terms/information_about_page_insights_data);
- LinkedIn (https://legal.linkedin.com/pages-joint-controller-addendum);
- XING (https://www.xing.com/terms/onlyfy-one#h2-vereinbarung-zur-gemeinsamen-datenschutzrechtlichen-verantwortlichkeit).
You also have the option of asserting your rights against the operators. You can find further information on this under the following links:
- Meta (https://www.facebook.com/privacy/explanation);
- LinkedIn (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de);
- XING (https://privacy.xing.com/de/datenschutzerklaerung/welche-rechte-koennen-sie-geltend-machen).
We have agreed with Meta and LinkedIn that the Irish Data Protection Commission is the lead supervisory authority for the processing for insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see https://www.dataprotection.ie/) or any other supervisory authority.
2. Communication via social media accounts
We also process information that you have made available to us via our company accounts on the respective social media platform. Such information may include the username used, contact details or a message to us. This processing is carried out by us as the sole controller. We process this data based on our legitimate interest in contacting enquiring persons. The legal basis for this data processing is Art. 6 section 1 letter f) GDPR. Further data processing may take place if you have given your consent (Art. 6 section 1 letter a) GDPR) or if this is necessary to fulfil a legal obligation (Art. 6 section 1 letter c) GDPR).
IV. Further data processing
1. Contractual relations
For the establishment or implementation of the contractual relationship with our customers, the processing of the personal, contract and payment data provided to us is regularly necessary. The legal basis for this processing is Art. 6 para. 1 b) GDPR. In addition, we process customer and prospect data for evaluation and marketing purposes. This processing takes place on the legal basis of Art. 6 para. 1 f) GDPR and serves our interest in further developing our services and to inform you specifically about offers from Janz Tec AG. Further data processing can take place with your consent (Art. 6 para. 1 a) GDPR) or if this serves to fulfil a legal obligation (Art. 6 para. 1 c) GDPR).
A transfer of your personal data cannot be excluded when using the services Confluence and Jira (provided by Atlassian Pty. Ltd. based in Australia and Atlassian Inc. based in the USA). For more information, please see “Data transfers to third countries”.
2. Employment Applications
When you apply to us for employment, we only process application data for purposes related to your interest in current or future employment at our company and the processing of your employment application. Your application will only be processed and taken note of by the respective contact persons. All employees entrusted with data processing are obligated to maintain confidentiality of your personal data.
Should we not be able to offer you employment, we shall store your application data for up to six months after a respective rejection in order to be able to answer questions arising in relation to your application and rejection. This shall not apply in the event that legal provisions prevent deletion, when further storage is required for providing proof or when you have explicitly consented to a longer storage period.
The legal basis for the data processing is provided in section 26 para. 1 sentence 1 BDSG or Art. 6 para 1. b) GDPR. Should we store your application data for a period exceeding six months and you have provided explicit consent, we wish to point out that you can withdraw this consent at any time in accordance with Art. 7 para. 3 GDPR. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
3. Note for data subjects in Switzerland
If you are a data subject within the scope of the Swiss Federal Act on Data Protection, the information under this point also applies.
The legal references made in this privacy notice are aimed at data subjects in Switzerland in accordance with the comparable regulations of the Federal Act on Data Protection. This also applies in particular to the applicable rights of the data subjects pursuant to Article 25 – 29, 32 FADP.
Data processing also takes place in the following countries outside Switzerland:
- Australia
- Cyprus (EU)
- Germany (EU)
- Irelnad (EU)
- United States of America
We guarantee an appropriate level of data protection. This is guaranteed by
- an established adequate level of data protection in accordance with Article 16 para. 1 FADP for the country concerned;
- standard data protection clauses that the FDPIC has approved, issued or recognized beforehand, in particular the standard contractual clauses of the European Commission;
- a treaty under international law in which an adequate level of data protection is regulated.