Privacy Policy
1) Information about the collection of personal data and contact details for the Data Controller
1.1 We are delighted you have chosen to visit our website and would like to thank you for your interest in our company. In the following you will find a detailed explanation of how we handle your personal data when you use our website. Personal data here refers to all data that can be used to identify you personally.
1.2 Data security officer:
atarax - Norbert Rauch Consulting e. K.
Dr.-Dassler-Str. 57
D-91074 Herzogenaurach
mail: datenschutz@drivecon.de
1.3 Responsible for data processing on this website in terms of the General Data Protection Regulation (GDPR) is DriveCon GmbH, Mainfrankenpark 59, 97337 Dettelbach, Germany, phone: +49 9302 931 856, Fax: +49 9302 931 848, mail: info@drivecon.de. The Data Controller responsible for processing personal data is the natural person or legal entity that decides, alone or in concert with others, on the purpose and means of processing personal data.
1.4 This website uses SSL or TLS encryption for security reasons and to protect the transfer of more personal data or sensitive content, such as orders or enquiries to the Data Controller. You can recognise an encrypted connection by the "https://" and padlock icon in your browser bar.
2) Data collection when you visit our website
In you merely use our website for informative reasons, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser transfers to our server (what are referred to as "server log files"). When you visit our website, we collect the following information as a technical requirement for us to be able to display the website:
- Our website visited
- The date and time of access
- The volume of data sent in bytes
- The source/link which sent you to the website
- The browser used
- The operating system used
- The IP address used (possibly in anonymous form)
Processing takes place in accordance with Art. 6 (1) (f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data collected is not disclosed or used in any other way. However, we do reserve the right to subsequently examine the server log files should concrete evidence point to any unlawful use.
We collect and process the following data within the scope of a contact request:
- salutation
- first name, surname
- company name
- contact details (telephone number, email address)
- information about wishes and interests
When you use our application form, we collect and process the following :
- salutation
- first name, surname
- contact details (telephone number, email address)
- application documents (cover letter, curriculum vitae, certificates including the information contained therein)
3) Purposes and legal basis for data processing
The provisions of the GDPR and all other applicable data protection regulations are observed when processing your personal data. The legal basis for data processing results in particular from Art. 6 GDPR.
We use your data for the purpose of initiating business, fulfilling contractual and legal obligations, implementing the contractual relationship, offering products and services and furnishing an Internet presence to present our company.
Your consent to data processing can also constitute a permission requirement under data protection law. Before granting your consent, we will inform you about the purpose for which we process data and your right to withdraw your consent.
If your consent also relates to the processing of special categories of personal data, we will expressly point this out to you during the consent procedure. The processing of special categories of personal data in accordance with Art. 9 GDPR will only be carried out if the legal provisions require it and there is no reason to assume that your legitimate interest in excluding processing outweighs its processing.
4) Application Portal (Art. 6. (1) (b) GDPR)
Thank you for showing an interest in a job at DriveCon GmbH. We are aware of the importance of your data and only process the personal data you provide in the application form for the purpose of effectively and correctly completing the application process and for contacting you during said process. No data is disclosed to third parties as a part of this without your consent.
You will be asked to provide personal data on the application form. In doing so, we observe the principle of data economy and data avoidance, in that you only have to provide us with the data that we need to review your application documents in full (e.g. your name, email address and your application documents) or the data we are legally obliged to collect. This mandatory information is clearly marked with an * (asterisk). For technical and legal protection reasons, your IP address is also processed.
Unfortunately, we cannot review your application documents without this data, so our application system will not allow you to upload them without it. It goes without saying that you also have the option to provide voluntary information in the application form.
We implement appropriate security measures in order to best protect the security and confidentiality of your data. Our application system transfers your application documents to us in encrypted form.
We store your data for the aforementioned purposes until the application process has been completed and the relevant deadlines have expired - no later than six months after receipt of a decision.
5) Contact form/contact by email (Art. 6 (1) (b) GDPR)
Our website contains a contact form that can be used to contact us electronically. If you write us an email using the contact form, we process the data you provide in the contact form in order to contact you and respond to your questions and requests.
The principle of data economy and data avoidance is observed here too, in that you only need to provide the data that we absolutely need to contact you. This is your name, your email address and the content of the message field itself. We also process your IP address for technical reasons and legal protection purposes. All other fields require voluntary data and can be completed optionally (e.g. in order to provider more individual responses to your questions).
We implement appropriate security measures in order to best protect the security and confidentiality of your data. This website is encrypted with an SSL certificate. If you send us data using the contact or application form, your data and enquiry are also encrypted during transfer.
If you contact us by email, we process the personal data you provide in the email solely for the purpose of processing your enquiry.
6) Cookies (Art. 6. (1) (f) GDPR)
Our website makes use on several pages of what are known as 'cookies'. We use cookies to make our offering more user-friendly, effective and secure. Cookies are made up of small text files that are stored on your computer and used (locally on your hard disk) by your browser. Most of the cookies we use are what are referred to as 'session cookies'. They are deleted automatically once you leave our website. Permanent cookies are automatically deleted from your computer when their period of validity (usually six months) has expired, or you delete them yourself before the period of validity expires.
The cookies we use are used, for example, to display our website and the images on it correctly. In accordance with Art. (6) (I) (f) GDPR, it is therefore in our legitimate interest to set these technically required cookies.
Most web browsers accept cookies automatically. You can usually change the settings in your browser if you prefer not to send the information in the cookies. If you do so, you can still use the offerings on our website without restriction.
Cookies are stored on your computer and transferred to our website from there. As a user, you therefore have full control over the use of cookies. You can disable or restrict the transfer of cookies by changing the settings in your browser. You can also delete cookies at any time which have already been set through an internet browser or other software programs. This is possible in all standard Internet browsers.
Please note: it may not be possible to use all the functions of our website in full if you deactivate cookies being the set in your Internet browser.
7) Use of your data for direct mail
7.1 Advertising by post
Basis on our legitimate interest in personalised direct mail, we reserve the right to store your first and last name, postal address and - if we have received this as additional information from you as part of the contractual relationship - your title, academic degree, year of birth and professional title, industry sector or business name in accordance with Art. 6. (1) (f) GDPR and use it for sending by post interesting offers and information about our products.
You can object to the use of your data at any time by setting an opt-out cookie.
You can send your objection free of charge and informally without providing reasons and address it to phone: +49 9302 931 856, mail to datenschutz@drivecon.de or by post to DriveCon GmbH, Mainfrankenpark 59, 97337 Dettelbach, Germany.
7.2 Advertising purposes - existing customers (Art. 6. (1) (f) GDPR)
We are interested in maintaining our relationship with you as a customer and providing you with information and offers about our products and services. We attach great importance to our relationship with our customers, which is why we also use advertising measures that are targeted at our image and aimed at improving our cooperation with our customers. We therefore process your data in order to send you relevant information and offers by email or post.
If you do not wish to receive such information, you can object at any time to the use of your personal data for direct marketing purposes; this also applies to profiling insofar as it is associated with said direct marketing. If you object, we will no longer process your data for this purpose.
The objection can be made free of charge and informally without giving reasons and should be addressed to Tel .: +49 9302 931 856, by email to datenschutz@drivecon.de or by post to DriveCon GmbH, Mainfrankenpark 59, 97337 Dettelbach, Germany.
8) Tools and miscellaneous
8.1 Google Web Fonts
This website uses what are referred to as Web Fonts, developed by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 ("Google") for the standard display of fonts. When you visit a page, your browser loads the Web Fonts required into your browser cache to correctly display the texts and fonts.
To do so, your browser needs to connect to the servers from Google. This may also involve the transfer of personal data to the servers of Google LLC. in the USA. As a result, Google learns that our website has been accessed over your IP address. The use of Google Web Fonts takes place in the interest of the consistent and attractive presentation of our online services. This constitutes a legitimate interest in terms of Art. 6 (1) (f) GDPR. Your computer uses a default font if your browser does not support Web Fonts.
For more information about Google Web Fonts, visit https://developers.google.com/fonts/faq and the Google Privacy Policy: https://policies.google.com/privacy?hl=en
9) Disclosure to third parties
We only disclose your data to third parties within the framework of the statutory provisions or with the appropriate consent. Otherwise, it will not be disclosed to third parties unless mandatory legal provisions oblige us to do so (disclosure to external bodies such as regulators or law enforcement agencies).
10) Data recipients/categories of recipients
Within our company, we ensure that only those persons receive your data who need it to fulfil contractual and legal obligations.
In certain cases, service providers assist our specialist departments in fulfilling their duties. The requisite data protection agreements have been concluded with all service providers in relation. The service providers are IT service providers, our online agency and social media providers.
11) Third country transfer/intention to transmit to third countries
The transfer of data to third countries (outside the European Union or the European Economic Area) only takes place if this is required to implement the contractual relationship, is required by law or you have given us your consent.
We do not currently transfer your personal data to any service provider or Group company outside the European Economic Area.
12) Obligation to provide data
Miscellaneous personal data is required for establishing, implementing and terminating the contractual relationship and fulfilling the related contractual and legal obligations. The same applies to the use of our website and the various functions it provides.
We have summarised the details for you in the point above. In certain cases, data also needs to be collected or made available due to legal provisions. Please note that it is not possible for us to process your enquiry or undertake the underlying obligation without the provision of this data.
13) Automated decisions in individual cases
We do not use purely automated processing procedures to arrive at a decision.
14) Links to other providers
Our website also contains - clearly recognisable - links to websites from other companies. Insofar as links to websites from other providers exist, we have no influence over their content. For this reason, no liability can be accepted for this content. The respective provider or operator of these websites is the sole party responsible for this.
These websites were checked for possible legal violations and identifiable legal breaches at the time of linking to them. They contained no apparent illegal content at that time. Any permanent control of linked pages is unreasonable without any concrete evidence of a violation. Any said links are removed immediately as soon as such breaches become known.
15) Handling data from customers, suppliers, contractual partners and interested parties
15.1 Category/origin of the data
We process the following personal data within the framework of the contractual relationship and for initiating contracts:
- Contact details (e.g. first/last name of the current and, if applicable, previous contact person, as well as name affixes, company name and address of the customer (employer), telephone number with extension number, business email address)
- Job-related data (e.g. position in the company, department)
- If applicable, bank details (in the context of a SEPA direct debit mandate also the first and last name of the account holder)
We generally receive your personal data from you within the scope of contract initiation or during the ongoing contractual relationship.
15.2 Purposes and legal basis for data processing
The provisions of the GDPR, the revised German Federal Data Protection Act (BDSG) and other relevant legal provisions are always observed when processing your personal data.
Your personal data is only used for undertaking pre-contractual measures (e.g. communication; preparing quotations for products or services) and fulfilling contractual obligations (e.g. providing our services, implementing the supplier contract or for order/payment processing), (Art. 6 (1) (b) GDPR) or if there is a legal obligation to process (e.g. due to tax regulations) (Art. 6 (1) (c) GDPR). These are the purposes for which the personal data was originally collected.
A data protection permission requirement can of course also represent your consent to data processing (Art. 6 (1) (a) GDPR). Before issuing this, we will clarify the purpose of the data processing and your right to withdraw your consent according to Art. 7 (3) GDPR.
DriveCon GmbH is also interested in maintaining a relationship with you as a customer and sending you information and offers about our products and services. We also attach great importance to the relationship with our business partners, which is why we also use advertising measures aimed at our image and improving cooperation. Therefore, we process your data in order to send you relevant information and offers by email or post (Art. 6. (1) (f) GDPR).
16) Privacy policy/information on privacy in social media
DriveCon GmbH maintains a presence in “social media”. Insofar as we have control over processing your data, we ensure that the applicable data protection regulations are observed. Below you will find the most important information on data protection law in relation to our websites.
16.1 Name and address of the Data Controller for the organisation
DriveCon GmbH is responsible for the corporate presence within the meaning of the EU General Data Protection Regulation (EU GDPR) and other data protection regulations.
- Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland)
- Xing (Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany)
- YouTube (Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Irland) - for details see 16.4 YouTube Videos
However, you use these platforms and their functions at your own risk. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). We would also like to inform you that your data may be processed outside the territory of the European Union.
16.2 Purpose and legal basis
We maintain the fan pages ourselves in order to communicate with the visitors to these pages and inform them about our offering in this way. We also collect data for statistical purposes in order to be able to enhance and optimise the content and make our offering more attractive. The data required for this (e.g. total number of page views, page activities and data provided by visitors, interactions) are processed and made available to us by the social networks. We have no influence over its generation and display.
In addition, the social media providers, but also DriveCon GmbH, process your personal data for market research and advertising purposes. It is therefore possible, for example, that user profiles are created based on your user behaviour and the interests that result from this. Among other things, this allows advertisements to be placed inside and outside the platforms that presumably correspond to your interests. Cookies are usually stored on your computer for this purpose. Irrespective of this, data which is not collected directly from your end devices can also be saved in your user profiles. The storage and analysis of data also takes place across devices. This applies in particular, but not exclusively, if you are registered as a member and are logged in to the respective platforms.
DriveCon GmbH processes your personal data based on our legitimate interests in effective information and communication in accordance with Art. Sec 6. (1) (f) GDPR.
16.3 Your rights/opt-out options
If you are a member of a network and do not want the network to collect information about you via our presence and link it to your membership data stored by the respective network, you need to:
- Log out of the respective network before visiting our fan page,
- Delete the cookies stored on your device and
- Quit and restart your browser.
After logging in again, however, the network may recognise you again as a specific user.
We make reference to the information linked below for a detailed description of the respective processing instances and the options for opting out:
Privacy Policy: https://www.facebook.com/about/privacy/;
Opting Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com;
Privacy Policy: https://privacy.xing.com/en;
Opt-Out: http://www.youronlinechoices.com;
Overall, you have recourse to the following rights regarding the processing of your personal data: Right to information; Right to rectification; Right to deletion; Right to restrict processing; Right to object; Right to data portability; Right to complain to the competent data protection authority concerning the illegal processing of your personal data.
However, since DriveCon GmbH does not have full access to your personal data, you should contact the social media providers directly when making a claim, because they each have access to their users' personal data and can thus take appropriate measures and provide information. Should you still require help, we will of course try to assist you. In this case, please consult datenschutz@drivecon.de.
16.4 YouTube Videos
You will find links on our website to videos hosted on the platform of the social media service "YouTube" operated by Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland ("Google").
The corresponding video links on YouTube can be recognized by the “Play" icon and the YouTube company logo in the bottom right-hand corner of the video bar. A connection to the servers from Google is established by clicking on a video link. This tells the Facebook server that you have visited our website. Further data is also transferred to Google. This includes, for example:
- The address of the website where the activated link is located
- The date and time the website was called up or the link activated
- Information about the browser and operating system used
- The IP address
If you are already logged in to a Google affiliated service, e.g. YouTube, at the time the link is activated, Google may be able to determine your user name and possibly even your real name from the data transferred and assign this information to your personal user accounts on the corresponding Google services. You can prevent the possibility of assigning this to one of your personal user accounts if you log out of the corresponding user account first.
Please note that we have no influence over the scope, type and purpose of the data processing performed by the social media service provider. You can find out more information about how the videos integrated into our website use your data in the Google Privacy Policy: https://policies.google.com/privacy?hl=en
17) Rights of the data subject
17.1 The data protection law applicable grants you comprehensive data protection rights (information and intervention rights) vis-à-vis the Data Controller concerning the processing of your personal data, which we inform you about below:
- Right to information pursuant to Art. 15 GDPR: in particular, you are entitled to obtain information on the personal data we have processed on your person, the purposes of this processing, the categories of personal data processed, the recipients or categories of recipients to whom your data was or is being disclosed, the planned retention period or criteria for determining the retention period, the existence of a right to correction, deletion, limitation of processing, objection to processing, complaint to a supervisory authority, origin of your data, if we did not collect it, existence of automated decision-making including profiling and, if applicable, sound information concerning the logic involved and the scope and effect of such processing, as well as your right to be informed of the guarantees that exist in accordance with Art. 46 GDPR when forwarding your data to third countries;
- Right to correction pursuant to Art. 16 GDPR: you have a right to the immediate correction of incorrect data concerning your person and/or the amendment of incomplete data we store on your person;
- Right to deletion pursuant to Art. 17 GDPR: you have the right to demand the deletion of your personal data if the requirements of Art. 17. (1) GDPR are met. However, that right does not apply specifically where processing is required for the purpose of exercising the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or for the pursuit, exercise or defence of rights;
- Right restrict processing pursuant to Art. 18 GDPR: you have the right to request that your personal data be restricted as long as the accuracy of the information is disputed, if you refuse to have your data deleted for reasons of improper data processing and, instead, request that it be restricted in cases where it is processed, if you require it to assert, exercise or defend legal claims after we no longer require such data to achieve our purposes, or if you have filed an objection based on your particular situation, in circumstances where it is not certain that our legitimate reasons prevail;
- Right to data portability pursuant to Art. 20 GDPR: you are entitled to receive the data that you have provided to us on your person in a standard, structured and machine-readable format, or to request that it be transmitted to another data controller, as far as technically feasible;
- Right to revoke consent granted pursuant to Art 7 (3) GDPR: you have the right to revoke the consent you have granted at any one time to process your data with effect for future. In the event that you revoke your consent, we will immediately delete the data concerned, so far as there is no legal basis for further processing it without your consent. Revocation of your consent does not affect the lawfulness of any processing performed based on the consent you granted until revocation took place;
- Right to complain pursuant to Art 77 GDPR: if you believe that your personal data is being processed contrary to the GDPR, you are entitled to complain to a supervisory authority, and, in particular, in the member state of your place of residence or employment, or the place where the alleged infringement took place, without prejudice to any other administrative or judicial remedy.
- Right to object to data processing in accordance with Art. 21 GDPR.
To exercise these rights, please contact datenschutz@drivecon.de.
17.2 RIGHT TO OBJECT
IF, IN THE CONTEXT OF THE BALANCING OF INTERESTS, WE PROCESS YOUR PERSONAL DATA BASED MAINLY ON A LEGITIMATE INTEREST WE HAVE, YOU ARE ENTITLED TO SUBMIT AN OBJECTION TO US PROCESSING YOUR DATA AT ANY TIME, WITH EFFECT FOR THE FUTURE, FOR REASONS RESULTING FROM YOUR PERSONAL CIRCUMSTANCES.
IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. CONTINUED PROCESSING REMAINS SUBJECT TO US PROVIDING IMPERATIVE AND REASONABLE REASONS FOR PROCESSING, WHICH EXCEED YOUR INTERESTS AND FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT ADVERTISING PURPOSES, YOU ARE ENTITLED TO SUBMIT AN OBJECTION AT ANY TIME AGAINST PROCESSING YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE YOUR RIGHT TO OBJECT IN THE MANNER DESCRIBED ABOVE.
IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT ADVERTISING PURPOSES.
Your objection is free of charge and can be submitted informally: datenschutz@drivecon.de
18) Duration of the personal data storage
The duration of personal data storage is based on the respective statutory retention period (e.g. commercial and tax retention periods). The corresponding data is routinely deleted once the period has expired, if it is no longer required to fulfil or initiate a contract and/or no legitimate interest in its continued storage persists on our part.