We attach great importance to data protection. As a general rule, you can visit our site www.verinion.com without providing personal data. You can however send us personal data if you decide to contact us via the contact form on our site or by email.
If you provide us with personal data via our website, we shall process these in accordance with the applicable data protection regulations, in particular the new EU General Data Protection Regulation (GDPR).
The purpose of this data protection statement is to inform visitors to our site concerning how and for what purpose we process these personal data, and the rights to which they are entitled. By using this website, you consent to the collection, use and transfer of your data in accordance with this data protection statement.
The Controller responsible for the collection, processing and use of your personal data as defined in the GDPR is:
Verinion | Ziel, Hahnebeck & Willich GbR
Am Sandtorkai 1
Should you wish to object to the collection, processing or use of your data by us in accordance with these data protection regulations – overall or for individual measures – you can address your complaint to the above Controller.
2. General use of the website
2.1 Access data
We collect information on you when you use this website. We automatically collect information on your use patterns and your interaction with us, and register data concerning your computer or mobile device. We collect, store and use data on every access to our online offer (so-called server log files).
The access data include:
- – browser type and version
- – operating system
- – referrer URL (i.e. the previous site visited)
- – name and URL of the file called up
- – date and time of the call-up
- – data volume transferred
- – notification of successful call-up (HTTP response code)
- – IP address and the inquiring provider
We use these protocol data, without assignment to your person or other profile creation, for statistical evaluations for the purpose of operation, security and optimisation of our online offer. We also use them for the anonymous recording of the number of visitors to our website (traffic) as well as of information on the scope and form of use of our website and services, additionally for settlement purposes, in order to measure the number of clicks received from cooperation partners.
This information enables us to provide personalised and location-related content, to analyse data traffic, to search for and rectify errors and to improve our services. We reserve the right to check the protocol data retrospectively if specific indications create a justified suspicion of unlawful use.
We store IP addresses in the log files for a limited period if necessary for security purposes, for the provision of services or for settlement of a service, e.g. if you make use of one of our offers. We erase the IP address following abortion of the ordering process or receipt of payment, if it is no longer required for security purposes. We also store IP addresses if we have a concrete suspicion of a criminal offence in connection with the use of our website. In addition, we store the date of your last visit (e.g. registration, log on, clicking on links etc.) as part of your account.
You can prevent the setting of cookies by our Internet site at any time via a corresponding setting on the Internet browser used, and thus object permanently to the setting of cookies. In addition, cookies already set can be deleted at any time on all commonly-used Internet browsers. Under certain circumstances, the deactivation of cookies on the Internet browser used may mean that not all functions of our Internet site can be used in full.
2.3 Establishing of contact
When you contact us (e.g. via contact form, email or telephone), we store your details for the purpose of processing the inquiry as well as in case of follow-up questions, or in case of the information being necessary for the processing of existing or future contractual relationships. We only store and use additional personal data if you consent to this, or if this is permitted by law without special consent.
2.4 Legal bases and storage duration
The legal basis for data processing under the above items is Art. 6 (1) letter f) GDPR.
Our interests in data processing are in particular to ensure the operation and security of the website as well as to simplify use of the website.
Unless specifically stated, we store personal data only for as long as necessary for fulfilement of the purposes pursued, unless you have consented to longer storage. The statutory archiving obligations apply in addition.
3. Your rights as data subject
Under the applicable laws you have various rights with respect to your personal data. If you wish to assert these rights, please send your inquiry to the address stated under Point 1 by email or post, with clear identification of your person.
Below is an overview of your rights.
3.1 Right to confirmation and access
You have the right to receive confirmation from us at any time of whether personal data on you are processed. If this is the case, you have the right to receive free information from us concerning the personal data stored on you, together with a copy of these data.
You also have a right to the following information:
- – the purposes of the processing
- – the categories of personal data processed
- – the recipients or categories of recipients to which the personal data have been or will be disclosed, in particular in the case of recipients in third countries or in international organisations
- – if possible the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining the duration
- – the existence of a right to rectification or erasure of your personal data, of a right to restrict the processing by the Controller, or of a right to object to this processing
- – the existence of a right to complain to a supervisory authority
- – all available information on the origin of the data, if the personal data are not collected from you
- – the existence of automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved as well as on the consequences and striven-for effects of such processing for you.
If personal data are transferred to a third country or to an international organisation, you have the right to be informed concerning the suitable guarantees in connection with the transfer pursuant to Art. 46 GDPR.
3.2 Right to rectification
You have the right to demand immediate rectification by us of incorrect personal data on you. Taking account of the purposes, you have the right to demand the completion of incomplete personal data – including via a supplementing declaration..
3.3 Right to erasure (“Right to be forgotten”)
You have the right to demand immediate erasure by us of the personal data on you. We too are obliged to erase personal data immediately if one of the following reasons applies:
- – the personal data are no longer required for the purposes for which they were collected or otherwise processed
- – you revoke your consent on which the processing pursuant to Art. 6 (1) letter a or Art. 9 (2) letter a GDPR was based, and there is no other legal basis for the processing
- – you file an objection against the processing pursuant to Art. 21 (1) GDPR, and there are no priority justified reasons for the processing, or you file an objection against the processing pursuant to Art. 21 (2) GDPR
- – the personal data have been processed unlawfully
- – deletion of the personal data is required for fulfilment of a legal obligation under EU law or the law of the member states to which we are subject
- – the personal data have been collected in connection with services offered by the information society pursuant to Art. 8 (1) GDPR
If we have made the personal data public and are obliged to erase them under Art. 17 (1) GDPR, we shall, with consideration for the available technology and the implementation costs, take appropriate measures, including of a technical nature, to inform Controllers, responsible for the data processing and processing the personal data, that you have demanded that they delete all links to these personal data, or have demanded copies or replications of these personal data.
3.4 Right of restriction of the processing
You have the right to demand restriction of the processing by us if one of the following prerequisites applies:
- – you dispute the correctness of the personal data and indeed for a period that enables us to check the correctness of the personal data
- – the processing is unlawful and you reject the erasure of the personal data, and instead demand a restriction on the use of the personal data
- – we no longer require the personal data for the purposes of the processing, but you nevertheless require these for the assertion, exercise or defence of legal entitlements
- – or you have filed an objection to the processing pursuant to Art. 21 (1) GDPR until such time as it has been ascertained whether the justified interests of our company prevail over yours.
If one of the above prerequisites applies and a data subject wishes to demand the restriction of personal data, please contact our company at any time (Point 1).
3.5 Right to data portability
You have a right to receive your personal data, provided to us by you, in a structured, commonly-used and machine-readable format, and you also have a right to transfer these data to another Controller without hindrance by us, provided:
- – the processing is based on consent pursuant to Art. 6 (1) letter a or Art. 9 (2) letter a GDPR, or on a contract pursuant to Art. 6 (1) letter b GDPR, and
- – the processing is carried out with the help of automated procedures.
When exercising your right to data portability pursuant to (1), you have the right to insist that the personal data be transferred directly by us to another Controller, insofar as this is technically possible.
3.6 Right of objection
You have the right to file an objection at any time against the processing of personal data on you, carried out on the basis of Art. 6 (1) letters e or f GDPR, for reasons resulting from your particular situation
3.7 Right to revoke consent related to data protection law
You have the right to revoke consent to the processing of personal data at any time.
4. Data protection regarding applications and in the application process
If you contact us by email as an applicant, your application data will be used solely for the purpose of filling positions at Verinion GbR.
The Controller will collect and process the personal data of applicants for the purpose of managing the application process, including electronically, for example by email.
If the Controller concludes a contract of employment with an applicant, the data transferred will be stored in compliance with the statutory regulations for the purpose of administering the employment relationship. If the Controller does not conclude a contract of employment with the applicant, the application documents will be deleted one month following announcement of the decision to reject the applicant.
This shall not apply if statutory provisions stand in the way of deletion, or if you have expressly consented to longer storage.
5. Data security
We will transfer your personal data in encrypted form. We use the encryption system SSL (Secure Socket Layer); nevertheless, we draw attention to the fact that data transfer in the Internet (e.g. when communicating by e-mail) can involve security loopholes.
Absolute protection of data against access by third parties is not possible. We maintain technical and organisational security measures to protect your data, and consistently adapt these to state-of-the-art technology.
We likewise do not guarantee the availability of our offer at specific times. Faults, interruptions or downtimes cannot be excluded. The servers used by us are secured regularly and thoroughly.
6. Forwarding of data to third parties
As a general rule, we use your personal data solely within our company.
In the event of us outsourcing specific parts of the data processing (“order processing”), we oblige order processors by contract to use personal data solely in compliance with the requirements of the data protection laws, and to guarantee protection of the rights of the data subject.