Privacy Statement

1. Information regarding the collection of personal data

(1) This document is designed to provide you with information about the processing of personal data on our website. Personal data is defined as any data that can be used to identify an individual, e.g. your name, address, email addresses, user behavior.

(2) The responsible party pursuant to Article 4(7) of the European Union General Data Protection Regulation (GDPR) is

SECUINFRA GmbH

Stefan-Heym-Platz 1
10367 Berlin

(3) You can contact SECUINFRA GmbH’s company Data Protection Officer by sending an email to dsb@secuinfra.com.

2. Processing and storage of personal data, scope and purpose of use

(1) When you visit our website, www.secuinfra.com, information is automatically sent to our web servers by the web browser being used on your device. This information is stored temporarily in a log file. The following information is stored without any action on your part until it is automatically deleted:

• IP address of the requesting computer,
• date and time of visit,
• name and URL of the file accessed,
• website from which the site was accessed (referrer URL),
• browser used and, in some cases, your computer’s operating system along with the name of your access provider.

(2) We process the aforementioned data for the following purposes:

• to ensure a reliable connection to the website,
• to ensure a smooth browsing experience on our website,
• to analyze system security and stability
• and for other administrative purposes.

The legal basis for this data processing is Art. 6(1)(f) GDPR. Our legitimate interest is derived from the data collection purposes set out above. We shall not use the data collected to make inferences regarding you as an individual at any time.

(3) Personal data in web forms:

Type and purpose of processing

The data you provide when contacting us, e.g. via contact form, e-mail or telephone, is processed for the purpose of individual communication with you.

The processing of the data is based on a legitimate interest (Art. 6 para. 1 lit. f DSGVO).

If the contact is made in the context of contractual or pre-contractual relations, such as to request a quote or in connection with an IT security incident, the processing is carried out on the basis of contract performance and pre-contractual inquiries (Art. 6 para. 1 lit. b. DSGVO).

Types of data processed

Inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

Data subjects: Communication partner

Purpose of processing: contact requests and communication, managing and responding to requests.

We will delete your personal data no later than 6 months after we have completed processing your request, unless we are required to retain your data for other regulatory reasons.

If a contractual relationship arises, we are subject to the statutory retention periods under the German Commercial Code (HGB) and delete your data after these periods have expired.

(4) Applications

We offer you the opportunity to apply for a job with us (e.g. by e-mail, by post or via an online application form). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other statutory provisions and that your data will be treated in strict confidence.

Scope and purpose of data collection

When you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) to the extent necessary to decide whether to establish an employment relationship. The legal basis for this is § 26 BDSG-neu under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b DSGVO (general contract initiation) and – if you have given your consent – Art. 6 para. 1 lit. a DSGVO. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons involved in processing your application.

If the application is successful, the data you submitted will be stored in our data processing systems on the basis of Section 26 BDSG-neu and Art. 6 (1) lit. b DSGVO for the purpose of implementing the employment relationship.

Retention period of the data

If we are unable to make you a job offer, you reject a job offer, withdraw your application, revoke your consent to data processing or request us to delete the data, the data you have submitted, including any remaining physical application documents, will be stored or retained (retention period) for a maximum of 6 months after the conclusion of the application process in order to be able to trace the details of the application process in the event of discrepancies (Art. 6 para. 1 lit. f DSGVO).

YOU MAY OBJECT TO THIS STORAGE IF YOU HAVE LEGITIMATE INTERESTS THAT OUTWEIGH OUR INTERESTS.

After expiry of the retention period, the data will be deleted, unless there is a legal obligation to retain the data or another legal reason for further storage. If it is evident that it will be necessary to retain your data after the retention period has expired (e.g. due to an impending or pending legal dispute), the data will not be deleted until it has become irrelevant. Other statutory retention obligations remain unaffected.

3. Forwarding of data

(1) Your data will not be forwarded to third parties for any purposes other than those listed below.

We will only pass on your data to third parties if:

• you have given explicit consent to this within the meaning of Art. 6(1)(a) GDPR,
• where such disclosure is necessary in order to comply with a legal obligation pursuant to Art. 6(1)(c) GDPR and where
• this is legally permitted and essential within the meaning of Art. 6(1)(c) GDPR for the performance of a contract with you or to take steps at your request prior to entering into a contract;
• there is a legitimate interest within the meaning of Art. 6(1)(f) GDPR.

(2) Use of Google Analytics

We use Google Analytics to analyze website usage. The data obtained from this is used to optimize our website as well as advertising measures.

Google Analytics is a web analytics service provided by Google Ireland Limited (“Google”), having its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. Google processes website usage data on our behalf and is contractually committed to measures to ensure the confidentiality of the processed data.

• During your website visit, the following data is recorded, among others:
• Pages viewed
• The achievement of “website goals” (e.g. contact requests)
• Your behavior on the pages (for example, clicks, scrolling behavior, and dwell time)
• Your approximate location (country and city)
• Your IP address (in shortened form, so that no clear assignment is possible)
• Technical information such as browser, Internet provider, terminal device and screen resolution
• Source of origin of your visit (i.e. via which website or which advertising medium you came to us)

Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognized during future website visits.

The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely.

If you do not agree with the collection, you can prevent it with the one-time installation of the browser add-on to disable Google Analytics.

(3) Use of Google Tag Manager

This is a tag management system. Using Google Tag Manager, tags can be included centrally through a user interface. Tags are small sections of code that can track activities. Script codes from other tools are included via Google Tag Manager. The Tag Manager allows you to control when a particular tag is triggered.

Processing company

Google Ireland Limited

Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Purpose of the data

This list represents the purposes of data collection and processing.

Tag management

Technologies used

This list includes all technologies used by this service to collect data. Typical technologies are cookies and pixels placed in the browser.

Website tags

Collected data

This list contains all (personal) data collected by or through the use of this service.

Aggregated data about tag triggering

Legal basis

The following is the required legal basis for processing data.

Art. 6 para. 1 p. 1 lit. a GDPR

Place of processing

European Union

Retention period

The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer needed for the specified processing purposes.

The data will be deleted as soon as it is no longer needed for the purposes of the processing.

Data recipients

Alphabet Inc, Google LLC, Google Ireland Limited

Data protection officer of the processing company

Below you will find the e-mail address of the data protection officer of the processing company.

https://support.google.com/policies/contact/general_privacy_form

Transfer to third countries

This service may transfer the collected data to another country. Please note that this Service may transfer data to a country that does not provide an adequate level of data protection. If the data is transferred to the U.S., there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, without any possible redress available to you. Below is a list of the countries to which the data will be transferred. For more information on security guarantees, please refer to the website provider’s privacy policy or contact the website provider directly.

Singapore, Taiwan, Chile, United States of America

Click here to read the privacy policy of the data processor: https://policies.google.com/privacy?hl=en

Processor’s Cookie Policy: https://policies.google.com/technologies/cookies?hl=en

4. Cookies

We use cookies on our website. These are small files that are automatically generated by your browser and saved on your device (laptop, tablet, smartphone etc.) when you visit our site. Cookies will not damage your end device in any way, and do not contain any viruses, trojans or other malicious software. Cookies contain information generated in conjunction with the specific end device used. However, this does not mean we can use them directly to determine your identity.

The use of cookies is designed to make using our website more enjoyable for you. To this end, we use “session cookies” to ascertain whether you have previously visited individual pages on our website. These session cookies are automatically deleted when you leave our site.

In addition, we also use temporary cookies to make the website as user-friendly as possible. These are stored on your end device for a specified and fixed period of time. When you revisit our site to use our services, the site will automatically recognize that you have visited us before and will remember your previous input and settings, so you will not have to provide them a second time.

We also use cookies to collect and analyze statistical data on the use of our website and for the purposes of optimizing our services for you (see Section 5 below). If you visit our website for a second time, these cookies allow us automatically to recognize that you have visited us before. These cookies are also deleted after a specified period of time.

Data processed using cookies is used for the purposes stated above to assert our legitimate interests and that of third parties, in accordance with Art. 6(1)(f) GDPR.

Most browsers accept cookies automatically. However, you can configure your browser such that no cookies are saved on your computer, or that a notice always appears before a new cookie is created. Complete deactivation of cookies can lead to your being unable to use the full functionality offered by our website.

All browsers manage cookie settings in different ways. These are described in the help menu of the individual browser, where you can find out how to change your cookie settings. You can find more information for your browser by clicking the appropriate link below:

Internet Explorer™: https://support.microsoft.com/en-us/topic/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d

Safari™: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Chrome™: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en

Firefox™: https://support.mozilla.org/en-US/kb/block-websites-storing-cookies-site-data-firefox

Opera™: https://help.opera.com/en/latest/web-preferences/#cookies

This website uses Borlabs Cookie, which sets a technically necessary cookie (borlabs cookie) to save your cookie consent.

Borlabs Cookie does not process any personal data.

The borlabs cookie stores the consent you gave when you entered the website. If you would like to revoke this consent, simply delete the cookie in your browser. If you re-enter/reload the website, you will be asked again for your cookie consent. However, you can also change or revoke this consent directly here by using the Registrations button:

5. Social media plug-ins

For our publicity purposes, our company uses plug-ins for the social media sites Xing, Kununu, LinkedIn and YouTube, pursuant to Art. 6(1)(f) GDPR. The underlying promotional purpose is deemed a legitimate interest within the meaning of the GDPR. The providers of the plug-ins are responsible for ensuring they operate in accordance with data protection regulations.

Whenever you use one of these plug-ins, your browser establishes a direct connection with the servers of the provider concerned. The content of the plug-in is sent by the provider directly to your browser and embedded in the webpage. This integration alerts the operator that your browser visited the page concerned, even if you do not have a profile with this provider or are not currently logged in to it. This information (including your IP address) is sent from your browser directly to a server belonging to the provider (these are generally located in the USA). If you are logged in to your account with the provider, the provider will be able to associate your visit to our website directly with your profile. When you interact with the plug-ins, for example, by clicking a button or posting a comment, this information is also sent directly to a server belonging to the provider, where it is stored. The provider concerned may potentially publish this information on your profile or display it to your contacts.

If you would prefer the provider not to associate the data collected via our website with your profile on the social network concerned, you must log out of the relevant account before visiting our site.

You can find more information in Xing’s Privacy Statement at: https://privacy.xing.com/en

You can find more information in Kununu’s Privacy Statement at: https://www.kununu.com/us/privacy

You can find more information in LinkedIn’s Privacy Statement at https://www.linkedin.com/legal/preview/privacy-policy

You can find more information in YouTube’s Privacy Statement at https://policies.google.com/privacy?hl=en&gl=en

6. Rights of data subjects

You have the right,

• to request details about the personal data we have collected on you and how we process it, pursuant to Art. 15 GDPR. Specifically, you are entitled to request information regarding
• the purposes of any processing,
• the type of personal data,
• the types of recipients to whom your data is or has been disclosed,
• the planned data retention period,
• rights concerning the correction, deletion as well as restricting or rejecting the processing of your data,
• the right to submit a complaint,
• the source of your data, provided this data was not collected directly by us, and,
• whether an automated decision-making process is in place, including any profiling along with any relevant and specific details on its use;
• pursuant to Art. 16 GDPR, demand the immediate correction of any inaccuracies or omissions in the personal data we have collected from you;
• pursuant to Art. 17 GDPR, to demand the deletion of the personal data we have collected from you, to the extent that processing is not essential to the exercise of freedom of expression and information, in order to fulfill a statutory requirement, for reasons of the public interest or for the establishment, exercise or defense of legal rights;
• pursuant to Art. 18 GDPR, to demand that the processing of your personal data be restricted in the event that the accuracy of the data is contested by you; the processing is unlawful, but you do not exercise your right to have the data deleted and we do not require the data, but you require it in order to establish, exercise or defend legal rights; or where you have lodged an objection to the processing in accordance with Art. 21 GDPR;
• pursuant to Art. 20 GDPR, to obtain the personal data you have made available to us in a structured, commonly-used and machine-readable format, or to demand it be transmitted to another responsible party;
• pursuant to Art. 7(3) GDPR, to revoke at any time the consent you previously granted us. This will mean we are no longer permitted to carry out the data processing which was predicated on this consent in the future and
• pursuant to Art. 77 GDPR, to submit a complaint to a supervisory authority. You will generally be able to complain to the local supervisory authority for your normal place of residence or place of work, or for the country in which our company is based.

7. Right to object

To the extent your personal data is processed on the basis of a legitimate interest pursuant to Art. 6(1)(f) GDPR, you have the right, pursuant to Art. 21 GDPR, to lodge an objection to the processing of your personal data provided that reasons for the objection arise from your particular situation or are based on an objection to direct marketing. In the latter case you have a general right to object with which we shall comply without any requirement to detail any specific situation.

8. Data security

When your visit our website, we use the popular SSL (Secure Socket Layer) protocol together with the highest level of encryption supported by your browser. In most cases, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology as an alternative. When an individual page on our website is transmitted using encryption, this is indicated by the key or padlock symbol in a “locked” state in the status bar of your browser. We also take appropriate technical and organizational security measures to protect your data against accidental or intentional tampering, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are constantly updated in line with the latest technological developments.

Last updated: December 2020