back

data privacy

1. Data privacy, data controller, and data protection officer

Personally identifiable data (hereinafter mostly referred to as "Data" only) will not be processed by us unless as far as required and only for the purpose of providing a functional and user-friendly web presence, including the contents and services offered on that web presence.

As defined in Article 4, Item 1 of Regulation (EU) 2016/679, i.e., of the General Data Protection Regulation (hereinafter referred to as "GDPR") ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

The data privacy statement given below provides information to you, including on but not limited to the type, scope, purpose, and legal basis of processing any personally identifiable data. Personally identifiable data are deemed to include any data which may be related personally to you as, e.g., name, address, e-mail addresses, or user behaviour. Apart from this, the information provided to you below will also cover any third-party components we may use for optimisation purposes and for improving usage quality if and where any such third-party component involves any third-party Data processing which will, again, be under such third party's responsibility.

The provider responsible for this web presence in terms of data privacy law, and thus also for the processing of your personally identifiable data by this website is

circ GmbH & CO. KG
Unter den Eichen 5
Gebäude f / officio III
65195 Wiesbaden, Germany

The company's external data protection officer is

IITR Datenschutz GmbH
Dr. Sebastian Kraska
Marienplatz 2
80331 Munich, Germany
email@iitr.de

To contact this company's external data protection officer, please send an e-mail to email@iitr.de, or use our postal address and add "Der Datenschutzbeauftragte" (c/o data protection officer).

 

2. Cookies

To make operation easier and measure coverage, we are using cookies on our website. The use of cookies represents a legitimate interest of this company. For the legal basis of this, please also refer to art. 6, para.1 lit. f of GDPR.

Cookies are small text files which will be stored on your hard disc, and will be deleted automatically as specified by your browser settings or after a defined period of time. Cookies cannot execute any program, and cannot transmit any virus to your computer. They are used to make this web presence more user-friendly and effective in general.

You can change your browser settings at any time so as to allow or exclude the use of cookies, require your confirmation before using them, or having them deleted automatically after the end of your session. If you do not allow cookies, it will not be possible to guarantee the complete functionality of the website any longer.

 

3. Personally identifiable data

(1) If the website is used for information purposes only, i.e., if you do not register or transmit any other information to us, we will only collect the personally identifiable data your browser is transmitting to our server. If you wish to view our website, we will collect the following data which are needed by us for technical reasons in order to display our website to you, and guarantee stability and safety (for the legal basis, please refer to art. 6, para. 1, item 1, lit. f of GDPR):

  • IP address
  • Date and time of day of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of request (specific page)
  • Access state/HTTP status code
  • The data volume transmitted from time to time
  • The website sending the request
  • Browser
  • Operating system and its interface
  • Language and version of browser software.

For safety reasons (e.g., for investigating any abusive or fraudulent act), log-file information will be stored for a maximum period of seven (7) days and deleted after this period. Any data required to be kept for a longer period of time for evidence purposes will be excepted from deletion until the corresponding incident has been finally investigated. For the legal basis, please refer to art. 6, para. 1, lit. f of GDPR.

(2) Apart from the foregoing, no personally identifiable data will be collected by us unless if and where you transmit any such data to us, e.g., when making contact with us, or when submitting any job application to us. We will treat any such Data in confidence, and will not use them unless for the purpose and occasion for which they have been transmitted to as originally, i.e., normally for processing and performing your request. As a general rule, no Data will be transmitted to any third party unless as required or permissible by law, unless you have given your consent to such transmission, or unless we have received any administrative ruling to such effect. If your request is addressed to any of our group companies, we will, as a matter of course, pass on your request to that company. If you contact us via e-mail, your e-mail will be stored in our mail system. We may also store your request and any Data related thereto in our CRM system. The content of your e-mails will not be encrypted prior to storage. Transport encryption via SSL/TLS is used for our contact form as indicated by "https" in front of the URL. Our mail server can also handle the usual transport encryption protocols. For the legal basis of this, please refer to art. 6, para. 1, lit. b of GDPR.

 

4. Information on data processing
 The Data processed while using our web presence will be deleted or blocked as soon as the purpose of storage ceases to apply, if the deletion of such data is not prevented by any statutory duty to preserve them, and if no statement to the contrary is given with regard to any individual processing method thereafter.

 

5. Data privacy protection for job applications

(1) If we receive any job application, we will process the Data you transmit to us on a voluntary basis for the purpose of performing and implementing the application process. The recipients of these Data will be restricted exclusively to the persons entrusted with the application process in the personnel department who may pass on your application to any other group company if and where you have applied directly to any of these group companies or if we believe that your application may be of interest for any of our group companies. For the legal basis of this, please refer to art. 6, para. 1, lit. b of GDPR.

(2) If your application is rejected, the storage period will be extended for six (6) months beyond the end of the application procedure. This storage period has been defined in order to account for the assertion of any possible claim under the German General Act on Equal Treatment (AGG), and for our legitimate interest to be able and defend against any claim resulting therefrom. For the legal basis of this, please refer to art. 6, para. 1, lit. f of GDPR.

(3) If you have freely given your consent to be included in our pool of applicants, we may also agree any other period of time subject to your agreement. You may revoke this agreement with effect for the future at any time For the legal basis, please refer to art. 6, para. 1, lit. a of GDPR.

 

6. Your rights

(1) You have the right to obtain information as to whether or not we are processing any personally identifiable data from you as defined in Article 15 of GDPR at any time. If that is the case, we will have additional duties to inform you.

(2) In addition, you have the right to obtain the rectification of Data pursuant to art. 16 of GDPR, the erasure of Data pursuant to art. 17 of GDPR, and a restriction of Data processing pursuant to art. 18 of GDPR unless any of the foregoing is prevented by any statutory provision to the contrary.

(3) You may, of course, revoke any consent you may have granted for the processing of Data in accordance with art. 6, para. 1, lit. a, art. 9, para. 2, lit. a of GDPR without giving any reason at any time. This revocation will not affect the lawfulness of any processing prior to such revocation.

(4) Apart from this, you also have a right to data portability as defined in article 20 of GDPR.

(5) Based on article 6, para. 1, lit. e or f of GDPR, you also have the right to object to the processing of Data as provided for in article 21 of GDPR. If you are raising any such objection, please explain the reasons for which we should not process your personally identifiable data according to the procedures used by us. If your objection is based on legitimate grounds, we will verify the factual circumstances and will either cease or adapt data processing, or explain our compelling legitimate grounds to you which enable us to continue processing.

(6) You also have the right to appeal to the supervisory authority competent for you. To determine this supervisory authority, please refer to the following list: (https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html).

Revised as of: December 2019

top