ondeso-buero-gang

ondeso Privacy Policy

§ 1   Information about the collection of personal data

 

(1) In the following, we inform about the collection of personal data when using our website, as in accordance with Art. 13 of the EU General Data Protection Regulation (EU-GDPR). Personal data are all data that are personally identifiable to you, e.g. name, address, e-mail addresses, user behavior.

(2) The person responsible in accordance with Art. 4(7) EU-GDPR is

ondeso GmbH
Blumenstraße 16a
93055 Regenburg
Mail: info@ondeso.com

(see our imprint).

You can contact our Data Protection Officer at:

Bugl & Kollegen Gesellschaft für Datenschutz und Informationssicherheit mbH
Sedanstraße 7
93055 Regensburg Germany
E-mail: kontakt@buglundkollegen.de

(3) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, if applicable your name and your telephone number) will be stored by us in order to answer your questions. The legal basis for the processing of the data is our legitimate interest in responding to your request pursuant to Art. 6(1) lit. f) EU-GDPR. If your contacting is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6(1) lit. b) EU-GDPR. We delete the data arising in this context after the storage is no longer necessary, or limit the processing if statutory retention obligations exist.

(4) If we make use of contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. We will also specify the defined criteria for the storage period.

 

§ 2   Your rights

 

(1) You have the following rights towards us regarding your personal data:

  • Right to information
  • Right to correction or deletion
  • Right to limitation of processing
  • Right of opposition to the processing
  • Right to data transferability

(2) You also have the right to complain to a data protection supervisory authority about our processing of your personal data. The responsible supervisory authority can be found in the following list:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

 

§ 3   Hosting

 

(1) The hosting services used by us serve the provision of the following services: infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatch, security services and technical maintenance services which we use for the purpose of operating this online service.

(2) Here we (or respectively our Hostingvendor) process inventory data, contact data, content data, contract data, usage data, meta- and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests in the efficient and secure provision of this online service acc. Art. 6 (1) lit. f) EU-GDPR in connection with Art. 28 EU-GDPR (Conclusion of order processing contract).

 

§ 4 Usage of the website

 

(1) When using the website for information purposes only, i.e., if you do not register or provide us with information in any other way, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and to ensure stability and security:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access Status/HTTP Status Code
  • The amount of data transferred in each case
  • Website from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software

We collect and store this data for a limited time on the basis of our legitimate interest in order to induce derivation of personal data in the event of unauthorised access or attempted access to local servers Art. 6 (1) lit. f) EU-GDPR.

 

§ 5 Usage of Cookies

 

(1) In addition to the previously mentioned data, Cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flow to the location that sets the Cookie (in this case by us). They are used to make the internet offer more user-friendly and more effective.

(2) We distinguish between two categories of Cookies: (a) essential Cookies, without which the functionality of our website would be limited, and (b) optional Cookies for website analysis and marketing purposes.

The use of optional Cookies is based on your consent (Art. 6 (1) lit. a) EU-GDPR).

The following table and subsequent paragraphs describe in detail the optional Cookies used on this website:

Optional Cookies:

KindPurpose and ContentStorage Period
Functional Cookies (These Cookies enable us to analyse the usage of the website in order to measure and improve its performance.)Google reCAPTCHA

For more Information refer to §7

6 months
Marketing Cookies (Marketing Cookies are generally used to show you advertisements that are in line with your interests. When you visit another website, your browser’s Cookie is recognized and selected ads are displayed based on the information stored in that Cookie.)Google Analytics

For more Information refer to §6

26 months

 

 

Adjust cookie settings

 

§ 6 Usage of Google Analytics

 

(1) This website uses Google Analytics, a web analysis service of Google Inc. “(“Google”). Google Analytics uses Cookies. The information generated by the Cookie about your use of this website is usually transferred to a Google server in the European Union and stored there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator.

(2) The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.

(3) You can also change the use of Cookies by making the appropriate settings in your browser software or in the Cookie settings.

(4) This website uses Google Analytics with the extension „anonymizeIp“. As a result, IP addresses are further processed in abbreviated form, so that a personal relationship can be ruled out. As far as the data collected about you is personally identifiable, it will be excluded immediately and the personal data will be deleted immediately.

(5) We use Google Analytics to analyse and regularly improve the use of our website. With the statistics gained we can improve our offer and make it more interesting for you as a user. The legal basis for the use of Google Analytics is Art. 6 (1) lit. a) EU-GDPR.

(6) Third party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.

General information on data protection: https://policies.google.com/privacy?hl=en#infocollect
Terms of Service: https://policies.google.com/terms?hl=en

(7) This website also uses Google Analytics for a device-independent analysis of visitor flows that is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “My data”, “Personal data”.

(8) Used Cookies:

_ga

Storage period: 2 years

Usage: Differentiation of website visitors

Example value: GA1.2.889313483.1571824789

_gid

Storage period: 24 hours

Usage: Differentiation of website visitors

Example value: GA1.2.1449137967.1571824789

_gat_gtag_UA_<property-id>

Storage period: 1 minute
Usage: Used to throttle the requirement rateIf Google Analytics is provided through the Google Tag Manager, this Cookie is named _dc_gtm_ <property-id>.

Example value: 1

 

§ 7 Usage of Google reCAPTCHA

 

(1) The purpose of reCAPTCHA is to check whether the data input on our websites (e. g. in a contact form) is made by a person or by an automated program. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the purpose of analyses, reCAPTCHA evaluates various information (e. g. IP address, length of stay of the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run completely in the system background. Data processing is carried out on the basis of Art. 6 (1) lit. a) EU-GDPR.

(2) Third party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.

(3) Further information on the purpose and scope of data collection and processing by the provider can be found in the provider’s data protection declarations. There you will also find further information on your rights in this regard and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy.

(4) You can also change the use of Cookies by making the appropriate settings in your browser software or in the Cookie settings.

(5) Used Cookies:

Following Cookies are used by reCAPTCHA: All these Cookies require a unique identifier for tracking purposes. Here is a list of Cookies that Google reCAPTCHA sets on the site on the page /contact:

NID

Domain: .google.com

Storage period: 6 months

Usage: NID is used by Google to match ads to your Google search. Google uses the Cookie to “remember” your most commonly entered searches or your previous interaction with ads. So you always get tailor-made advertisements. The Cookie contains a unique ID that Google uses to collect the user’s personal information for advertising purposes.

Example value: 189=tXrvCHz-LJfKguyZskTVZ8bP9lEpJ0utRMgrpwQYmC6eFv88pn-zmKgCoRNxqC13HI5JkekJUZgigHKwpIpTa3tlnQrB0WlL7IvquJZ3vKBBjiGIsM_BljSjg8mepkPgERWcAR1kyf28m-U-Dmf3SyK51QIoJGOlEealQljtTqo

 

§ 8 Integration of YouTube-videos

 

(1) We have integrated YouTube-videos into our online offer, which are stored on https://www.YouTube.com and can be played directly from our website. These are all integrated in the “advanced privacy mode”, which means that no data about you as a user will be transferred to YouTube if you do not watch the videos. Only when you start playing the videos will the data referred to in paragraph 2 be transmitted. We have no influence on this data transmission.

(2) By visiting the website, YouTube is informed that you have visited the corresponding subpage of our website. In addition, the data mentioned in §3 of this declaration will be transmitted. This is independent of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in at Google, your data collected by us will be directly assigned to your existing account. If you do not wish to assign to your profile on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them, if necessary, for the purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (even for unlogged-in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right you must contact YouTube directly. The legal basis for the processing of personal data described here is Art. 6 (1) lit. a) EU-GDPR.   (3) Third party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. (4) You can also change the use of Cookies by making the appropriate settings in your browser software or in the Cookie settings. (5) Further information on the purpose and scope of data collection and processing by the provider can be found in the provider’s data protection declarations. There you will also find further information on your rights in this regard and setting options to protect your privacy:  http://www.google.de/intl/de/policies/privacy.

§ 9 Online presences in social media

 

We have online presences within social networks in order to inform active users about our services and, on demand, to communicate directly via the platforms. We are currently represented in the following networks:

Xing: https://www.xing.com/companies/ondesogmbh

LinkedIn: https://de.linkedin.com/company/ondeso

All of our social media channels can only be accessed by visitors to the website via an external link. We do not use any plugins or other interfaces on our website which the respective networks offer for embedding the offers on websites.

We have no influence on the data collection and its further use by the social networks. We have no knowledge of the extent to which, where and for how long the data will be stored, to what extent the networks will comply with existing deletion obligations, which evaluations and links will be made with the data and to whom the data will be passed. We therefore expressly draw your attention to the fact that user data (e. g. personal information, IP address) is stored by the network operators in accordance with their data usage guidelines and used for business purposes.

We process the data of the users in the social media presences insofar as they contact and communicate with us via e. g. comments or direct messages. The legal basis for the processing of the user’s data is Art. 6 (1) lit. b) and f) EU-GDPR.

  1. a) Xing

Within our online offer no functions and contents of the service Xing, offered by the New Work SE, Dammtorstraße 29-32, 20354 Hamburg, Germany, are included. The Xing channels can only be accessed via an external link.
If the visitors to our website are members of the Xing platform, Xing can assign the call of the social media channel to the user’s profile there if the user visits the XING profile in the logged in state.
We would like to point out that we have no influence on the content or extent of the use of the data collected by Xing. For further information in this regard, please refer to Xing’s Privacy Policy: https://www.xing.com/app/share?op=data_protection

  1. b) LinkedIn

Within our online offer no functions and contents of the service LinkedIn, offered by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland, are merged. The LinkedIn channels can only be accessed via an external link.
If the visitors to our website are members of the LinkedIn platform, LinkedIn can assign the call of the social media channel to the user’s profile there if the user visits the LinkedIn profile in the logged in state.
We would like to point out that we have no influence on the content or extent of the use of the data collected by LinkedIn. For further information in this regard, please refer to LinkedIn`s Privacy Policy: https://www.linkedin.com/legal/privacy-policy

§ 10 Application process

 

Which personal data do we collect and where do we get them from?
As part of the application process, we may process the following personal data:

  • You master data (such as first name, surname, name extensions, date of birth)
  • (if necessary) work permit / residence permit if applicable
  • Contact details (e. g. private address, (mobile) telephone number, e-mail address)
  • Skill data (e. g. special knowledge and skills)
  • (if relevant for the job advertised) health suitability
  • further data from the application documtents

As a matter of principle, your personal data will be collected directly from you during the recruitment process, in particular from the application documents, the job interview and the personnel questionnaire. Possibly we may get data from third parties (e. g. job placement, employment agency). In addition, we process personal data that we have permissibly obtained from public accessible sources (e. g. professional networks).

For which purposes and on what legal basis do we process the data?
We process your personal data in compliance with the provisions of the EU-GDPR and the Federal Data Protection Act (BDSG). First and foremost, data processing serves to establish the employment relationship. The primary legal basis for this is Art. 88 (1) EU-GDPR in conjunction with §26 (1) BDSG.
Your data will only be used to fill the specific position you have applied for. In addition, the processing of health data may be necessary for the assessment of your ability to work in accordance with Art. 9 Para. 2 h) in conjunction with §22 Para. 1 b) BDSG.
If you would like to be added to our applicant database in the event of a rejection, or if your application is to be considered for other vacancies in our company, we require a declaration of consent from you.
In addition, European anti-terrorism regulations 2580/2001 and 881/2002 require us to compare your data with the so-called “EU Terror Lists” in order to ensure that no funds or other economic resources are made available for terrorist purposes.

How long do we store your data?
In the event of an employment, we will include your application documents in your personnel file. After termination of the employment relationship, we store the personal data that we are legally obliged to. This regularly results from legal obligations to provide evidence and to retain records, which are regulated among others in the German Commercial Code and the German Tax Code. Thereafter, the storage periods are up to ten years. Furthermore, personal data may be stored for the period during which claims may be made against us (statutory limitation period of three or up to thirty years).
In the event of rejection, your application documents will be deleted six months after completion of the application process at the latest, unless you have given us permission to store them for a longer period (applicant database).

Who gets your data?
We have outsourced the data processing for application procedures to our external service provider Goodworx GmbH, Prinz-Ludwig-Str. 17, 93055 Regensburg, Germany. We have concluded a contract for order processing with this company.
During the application process, only the persons and departments at our service provider and within our company (e.g. personnel department, special department, works council, severely disabled representatives) receive your personal data, who/which are involved in the decision on your recruitment.

§ 11 Processing of your data within the framework of automated decision-making processes / Profiling

 

In principle, you have the right not to be subject to any decision based solely on automated processing, including profiling, which has legal effect on you or which substantially affects you in a similar manner. In particular, these decisions may normally not be based on special categories of personal data pursuant to Art. 9 (1) EU-GDPR. We do not use any such decision-making processes within the framework of our website and the associated data processing.