Privacy Policy

Preface

For the Regit GmbH, compliance with data protection laws is not only a legal obligation, but a necessary element of trust. In the following we want to transparently inform you about the methods, scope and purpose of the processing of your personal data which might be collected from you while visiting this website. We will also inform you about your rights.

Controller

As operator of the website www.regit.de, the Regit GmbH, Heinkelstr. 1, 93049 Regensburg, Germany (subsequently referred to as "we" and "us") is the controller pursuant to Art. 4 No. 7 of the General Data Protection Regulation (GDPR). You can contact us at info@regit.de with any questions about this privacy policy.

Data protection officer

You can reach our DPO at:

Süddeutsche Datenschutzgesellschaft mbH

c/o Maximilian Mayer

Von-Brettreich-Straße 4

93049 Regensburg

Tel: +49 (0) 941 - 38177070

Mail: verwaltung@sddsg.de

Rights of the data subject

Your rights as a data subject

As a data subject you have the following rights concerning your personal data. You have

• the right of access to information on – among others – the purposes of the processing, the categories of personal data concerned, the envisaged period for which the personal data will be stored as well as possible recipients, pursuant to and in accordance with the requirements of Art. 15 GDPR and § 34 BDSG
• the right to rectification and to erasure of incorrect or incomplete data pursuant to and in accordance with the requirements of Art. 16 and 17 GDPR and § 35 BDSG.
• the right to restriction of processing pursuant to and in accordance with the requirements of Art. 18 GDPR and § 35 (1) 2 BDSG.
• the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) pursuant to and in accordance with the requirements of Art. 21 (1) GDPR.
• the right to withdraw your given consent at any time, which does, however, not affect the lawfulness of processing based on consent before its withdrawal according to Art. 7 (3) GDPR.
• the right to data portability in a structured, commonly used and machine-readable format pursuant to and in accordance with the requirements of Art. 20 GDPR
• You have, pursuant to and in accordance with the requirements of Art. 22 GDPR, the right not to be subject to a decision based solely on automated processing, including profiling, which entails legal effects concerning you or significantly affects you in a similar way.
• Furthermore pursuant to Art. 77 GDPR you have the right to lodge a complaint with a supervisory authorityabout the processing of your personal data by us, in particular in the member state of your habitual residence, place of work or place of the alleged infringement.

Procedure

When you claim your rights toward us according to the GDPR and the BDSG, we will process the data you thereby submit to fulfill your claims.

Subsequently we will store the data submitted by you and the data submitted by us to you in return for the purpose of documentation until the expiry of the regulatory offenses limitation period (3 years).

The lawfulness of processing and storing the data is based on Art. 6 (1) point (f) GDPR (legitimate interest of data processing). The legitimate interest results from our obligation to fulfill your requests and the need to exonerate ourselves in possible fine proceedings by proving that we have lawfully fulfilled your requests.

You can object to the processing of your personal data based on our legitimate interest at any time under the premises of Art. 21 GDPR. Please use the contact details provided in the imprint. We would like to note that the processing of your personal data is mandatory for the verification of compliance with data protection rights of the data subject according to Art. 21 (1) GDPR, as other methods of verification do not exist or are not equally suitable.

Data protection measures / arrangements

We secure our website and other systems — and thus your data — through technical and organizational measures against loss, destruction, access, change or dissemination through unauthorized persons. In particular your personal data will be transmitted encrypted through the internet. Therefore we operate with the coding system TLS (Transport Layer Security).

Having said this, the transmission of information via internet is never fully safe, which is why we cannot guarantee the safety of the data transmitted by our website to a 100%.

Data processing modalities

Sources and categories of personal data

We process your personal data insofar as it is necessary for the statement, content-related configuration or modification of a contractual relationship between you and us (inventory data). In particular the following can be inventory data: Name, form of address, contact details (postal address, telephone, email address), date of birth , etc.

Furthermore we process your usage data. Usage data is data that is collected when you interact with our web content and our services, in particular your IP address, start and end of your visit on our website and information on the contents you have viewed on our website.

We collect the data mentioned directly from you (e.g., through the visit of our website), or, provided that it is permitted by data protection laws, from third parties or respectively from publicly accessible sources (e.g., commercial or association register, the press, media, internet).

Data transfer to third party countries outside the EU

All information we acquire from or on you will generally be processed on servers located within the European Union. A transmission of your data or a processing of your data in third party countries will occur without your explicit consent solely if this is legally intended or permitted and if an appropriate data protection level is guaranteed in the third party country or if there are contractual obligations in place via the EU’s so-called standard contractual clauses.

Please note that the USA is a so-called unsafe third country. When transferring personal data to the USA, there is the risk that US security agencies can access these data under the “Cloud Act”. EU citizens do not have any effective legal recourse in the US or in the EU against these measures.

Data disclosure, processing on behalf of the controller

We will never illicitly disclose your personal data to third parties. However, we may disclose your data to third parties, in particular if you have agreed to data disclosure, if the disclosure is necessary to fulfill our legal obligations or if we are obligated or authorized to disclose said data by law or administrative or judicial orders. In particular this may be the case for the purposes of criminal proceedings, averting of dangers or enforcement of intellectual property rights.

Under certain circumstances we may transmit your data to external service providers which process data on our behalf and in accordance with our instructions (data processor) to simplify and disburden our own data processing. Every data processor will be bound by contract according to Art. 28 GDPR. In particular this means that the data processor has to offer sufficient guarantees that appropriate technical and organizational measures are implemented so that data processing is compliant with the requirements of the GDPR and your rights as a data subject are ensured. Despite commissioning data processors we remain the responsible party for the processing of your personal data according to the GDPR.

Purpose / Objective of the data processing

In general we will use the data solely for the purpose for which the data was gathered. We may subsequently process the data for another, different purpose, provided that this other purpose is not incompatible with the original purpose (Art. 5 (1) point (c) GDPR).

Storage period

Unless specified otherwise, we will store data gathered from you only for as long as it is necessary for each respective purpose and unless there are legal retention obligations preventing deletion, for example from commercial law or tax law.

Individual processing activities / operations

In the following we want to outline as transparently as possible, which of your data we will process under which circumstances, on what basis and for what purpose.

Server log files

Each time our website is accessed, the following general information will be automatically sent to our servers by your browser (so called server log files): Your IP address, product and version information of the browser and operating system used (so called user agent), the webpage from which the access originated (so called referer), date and time of the request and possibly your internet service provider. Furthermore the status and the volume of data will be recorded.

Your computer’s IP address will be stored only for the duration of your visit to the website and subsequently will immediately be deleted or made partially unrecognizable through reduction. The rest of the data will be stored for a limited period of time (to a maximum of 7 days).

The legal basis for the usage of these server log files is Art. 6 (1) point (f) GDPR (legitimate interest of data processing). The legitimate interest arises from the necessity to operate our website, especially to discover and remove website errors, to determine the utilization of the webpage, to make adjustments and improvements and to guarantee the security of the system. You can object to the processing of your personal data based on the legitimate interest at any time under the premises of Art. 21 GDPR. Please use the contact details provided in the imprint. We would like to point out that the processing of your server log files is mandatory in accordance with Art. 21 (1) GDPR, as otherwise the website cannot be operated at all.

Cookies

Our Webpage does not use Cookies or the Web storage.

Contacting us

Our website offers options for contacting us directly.

We process the data you send us exclusively until the purpose of your contact has been achieved, unless there are legal retention periods to the contrary. If the purpose of your contact is to assert data subject rights, what has been said in the section "Your rights as a data subject" applies.

The following data is processed as part of the contact form:

Name, e-mail address, telephone number if applicable and the content of the message.

If you use the contact form in order to get a quote, additional data that you provide regarding your business will be processed.

The legal basis for the use of the data you provide by contacting us in the context of contractual or pre-contractual relations or for responding to (pre)contractual inquiries is Art. 6 para. 1 sentence 1 letter b) GDPR (data processing for the performance of a contract).

The legal basis for processing the data you provide to us by contacting us in cases other than for contractual or pre-contractual purposes or inquiries is Art. 6 para. 1 p. 1 letter f) GDPR (Legitimate Interest in Data Processing). Our legitimate interest in processing arises from our interest in responding to requests and maintaining user relationships.

You can object to the processing of your data based on our legitimate interest at any time under the conditions of Art. 21 DSGVO. To do so, please use the contact details provided in the imprint.

Online applications

Our website offers you the possibility of an online application via an application form. Please note that you will be asked to provide mandatory information, without which you cannot transmit your application.

We mandatorily require the following information from you:

• Name: Your name is necessary for us to be able to address you personally as part of our professional correspondence. We use your information exclusively for this purpose.
• Email address: We need your email address because we need an uncomplicated way to process your request and then contact you. We use your information exclusively for this purpose.
• Resume, CV or work experience: Your work experience is necessary for us to assess your skills and your aptitude for the position. We will only use your information for this purpose.

Apart from these providing further information is voluntary. You can send us additional information and documents if you find these beneficial to your application.

Overall the usage of the online form is voluntary. You can also send us your application via email or letter post at any time. As applications generally include particularly sensitive data, we would like to point out that data transmission via the Internet always includes risks, in particular through interception or exposition of the data. If you are uncertain regarding this, we advise you to contact us via telephone or postally.

We use your data to process your application and to communicate with you, especially to evaluate your suitability regarding an actual or future employment in our company.

If your application is successful, our personnel department will store your data in the personnel file when you are hired. If your application is not successful, we will store your data for a period of six months, calculated from when you have received the decision. Your data will be accessed during this period only if you wish a statement regarding our decision or to defend ourselves against legal claims.

After the expiration of this period we will delete or destroy your data, unless we are obliged to retain the data for longer by legal regulations. If you have applied by letter post, we will send the application documents back to you if you so wish, and if you have granted us a domestic postal address. Otherwise your application documents will be destroyed in case of an unsuccessful application.

The legal basis for the usage of the data provided by you voluntarily in the application form is Art. 6 (1) point (a) GDPR (consent of the data subject). You can revoke your consent with effect for the future at any time. Please use the contact details provided in the imprint. The legal basis for processing mandatory data is Art. 88 paragraph 1 GDPR in conjunction with §26 BDSG (Data processing in employment context).

We reserve the right to anonymize application data so that it will no longer be possible to draw conclusions about your person, and subsequently analyze it for in-house statistical business purposes. Beyond that we will make no further analysis without your consent.

Effective: 13.02.2023

Source: Süddeutsche Datenschutzgesellschaft mbH