Data policy

Privacy policy

General

As the operator of this website and as a company, we come into contact with your personal data. This refers to all data that makes statements about you through which you can be personally identified. This Privacy Policy is designed to explain to you in what way, for what purpose and on what legal basis we process your data.

The controller responsible for the data processing on this website and in our company is:

EDF DS GmbH
Friedrichstraße 94
10117 Berlin

Telephone: +49 (0)30 700 141500
Email: info@edf-re.de

General information

SSL or TLS encryption

When you enter your data on websites, place online orders or send emails via the Internet, you must always bear in mind that unauthorised third parties could access your data. It is therefore impossible to achieve full protection against such access. However, we do our utmost to protect your data and to close the security gaps to the extent possible.

An important protection mechanism is the SSL or TLS encryption of our website, which ensures that the data you transmit to us cannot be read by third parties. You can recognise encryption by the lock icon in front of the Internet address entered in your browser and by the fact that our Internet address begins with https:// and not with http://.

How long do we store your data?

Some sections of this Privacy Policy provide information on how long we, or the companies that process your data on our behalf, store your data. In the absence of such information, we will store your data until the purpose of the data processing ceases to apply, until you object to the data processing or you revoke your consent to the data processing.

However, in the event of an objection or revocation, we may continue to process your data if one of the following conditions is satisfied as a minimum:

We have compelling legitimate grounds for continuing data processing that override your interests, rights and freedoms (only in the case of objection to data processing; if the objection is to direct marketing, we cannot provide legitimate grounds).

Data processing is necessary to assert, exercise or defend legal claims (does not apply if your objection is to direct marketing).

We are required by law to retain your data.

In this case, we will delete your data once any requirements cease to apply.

Data transfer to the USA

We also use tools from companies on our website that transmit your data to the USA and store and potentially process the data there. This is particularly important for you, because your data does not enjoy the same protection in the USA as it does within the EU, where the General Data Protection Regulation (GDPR) applies. For example, US companies are under an obligation to disclose personal data to security authorities without you, as a data subject, being able to take legal action against such disclosure. It is therefore possible that US authorities (e.g. intelligence services) may process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence over such processing activities.

Your rights

Right to object to data processing

IF YOU READ IN THIS PRIVACY POLICY THAT WE HAVE LEGITIMATE INTERESTS FOR THE PROCESSING OF YOUR DATA IN ACCORDANCE WITH ART. 6 PARA 1 SENTENCE 1 LIT. F) GDPR, YOU RESERVE THE RIGHT, UNDER ART. 21 GDPR TO OBJECT TO SUCH PROCESSING. THIS ALSO APPLIES TO PROFILING THAT IS CARRIED OUT ON THE BASIS OF THE AFOREMENTIONED PROVISION. THE PRE-REQUISITE IS THAT YOU STATE THE REASONS FOR THE OBJECTION WHICH ARISE FROM YOUR PARTICULAR SITUATION. NO JUSTIFICATION IS REQUIRED IF THE OBJECTION RELATES TO THE USE OF YOUR DATA FOR DIRECT ADVERTISING.

THE CONSEQUENCE OF THE OBJECTION IS THAT WE MAY NO LONGER PROCESS YOUR DATA. THIS WILL ONLY NOT APPLY IF ONE OF THE FOLLOWING CONDITIONS IS SATISFIED:

WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS.

THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.

THE EXCEPTIONS SHALL NOT APPLY IF YOUR OBJECTION IS AGAINST DIRECT ADVERTISING OR PROFILING ASSOCIATED WITH SUCH DIRECT ADVERTISING.

Additional rights

Revocation of your consent to data processing

Many data processing operations are based on your consent. You do this, for example, by ticking the appropriate box on online forms before submitting the form or by allowing certain cookies when you visit our website. You can revoke your consent at any time without giving reasons (Art. 7 para 3 GDPR). We will then cease processing your data from the date of revocation. The only exception: We are required by law to retain the data for a certain period of time. Such retention periods exist in particular in tax and commercial law.

Right to complain to the competent supervisory authority

If you think we have breached the General Data Protection Regulation (GDPR), you have the right to object to a supervisory authority under Article 77 GDPR. You may contact a supervisory authority in the Member State of your residence, place of work or the place where the alleged infringement took place. The right of appeal exists along with administrative or judicial remedies.

Right to data portability

We may transfer data that we process automatically based on your consent or to fulfil a contract with you or a third party in a standard, machine-readable format if you request such transfer. We can only transfer the data to another controller if this is technically possible.

Right of access, erasure and rectification of data

In accordance with Art. 15 GDPR, you have the right to receive information free of charge regarding the personal data we have stored, the provenance of such data, to whom we transmit such data and the purpose for which it is stored. If the data is incorrect, you have a right to rectification (Art. 16 GDPR), under the conditions of Art. 17 GDPR you may request that we delete the data.

Right to restriction of processing

In specific situations, you may request us to restrict the processing of your data in accordance with Art. 18 GDPR. The data may then, apart from storage, only be processed as follows:

with your consent

to assert, exercise or defend legal claims

to protect the rights of another natural or legal person

on the grounds of major public interest of the European Union or of a Member State

The right to restrict processing exists in the following situations:

You have disputed the accuracy of your personal data stored by us and we require time to examine your case. In this case, the right shall exist for the duration of the examination.

The processing of your personal data is unlawful or has been unlawful in the past. Alternatively, in this case you have the right of erasure of your data.

We no longer require your personal data, but you need it to exercise, defend or enforce legal claims. Alternatively, in this case you have the right of erasure of your data.

You have objected in accordance with Art. 21 para 1 GDPR and we must now consider our mutual interests. In this case, the right exists provided the outcome of the considerations has not yet been determined.

Hosting and content delivery networks (CDN)

External hosting

Our website is located on a server of the following Internet service provider (hoster):

ALL-INKL.COM – Neue Medien Münich
Hauptstraße 68
02742 Friedersdorf

Has a data processing agreement been concluded with the hoster?
Yes

How do we process your data?

The hoster stores all the data on our website. This also includes all personal data that is collected automatically or which you have entered. This data could be, in particular: Your IP address, pages viewed, names, contact details and enquiries, and meta and communication data. When processing data, XY shall comply with our instructions at all times, and shall process the data only to the extent that this is necessary to fulfil the obligation to perform with respect to us.

On what legal basis do we process your data?

As we address potential customers via our website and maintain contact with existing customers, the data processing by our hoster serves to initiate and fulfil a contract and is therefore based on Art. 6 para 1 lit. b) GDPR. Moreover, it is our legitimate interest as a company to provide a professional Internet offer that meets the essential requirements for security, speed and efficiency. In this respect, we also process your data on the basis of Art. 6 para 1 lit. f) GDPR.

Data collection on this website

Use of cookies

Our website places cookies on your device. These are small text files that are used for various purposes. Some cookies are technically necessary for the website to function at all (essential cookies). Others are required to perform specific actions or functions on the website (functional cookies). For example, without cookies it would not be possible to use the benefits of a shopping basket in an online shop. Other cookies are used to analyse user behaviour or to optimise advertising activities. If we use third-party services on our website, e.g. to process payment transactions, such external companies may also leave cookies on your device when you access the website (“third-party cookies”).

How do we process your data?

Session cookies are only stored on your device for the duration of a session. Therefore, as soon as you close the browser, they automatically disappear. Permanent cookies, however, remain on your device if you do not delete them yourself. This may lead, for example, to a permanent analysis of your user behaviour. You can use the settings in your browser to influence how it manages cookies:

Do you want to be notified when cookies are set?

Do you want to generally exclude cookies or in specific cases only?

Do you want cookies to be automatically deleted when you close the browser?

If you disable or block cookies, you may restrict the functionality of the website.

If we use cookies from other companies or for analysis purposes, we will notify you of such use within the framework of this Privacy Policy. We also ask for your consent in this respect when you access our website.

On what legal basis do we process your data?

We have a legitimate interest in ensuring that our online offers may be used with no problems by visitors, and that all the required functions are available to them. The storage of necessary and functional cookies on your device is therefore on the basis of para Art. 6 para 1 lit. f) GDPR. We use all other cookies in accordance with Art. 6 para 1 lit. a) GDPR, provided you grant us your consent to do so. You can revoke such consent at any time with effect for the future. If you have consented to the placing of essential and functional cookies when your consent has been requested, these cookies will also be stored exclusively based on your consent.

Server log files

Server log files log all requests and accesses to our website and record error messages. They also include personal data, in particular your IP address. However, this is anonymised by the provider after a short period, so we cannot assign the data to you personally. Your browser then automatically transfers your data to our provider.

How do we process your data?

Our provider stores the server log files to track the activities on our website and to detect errors. The files contain the following data:

browser type and version

operating system used

referrer URL

host name of the accessing computer

time of the server request

IP address (anonymised if necessary)

We do not combine this data with other data, but only use it for statistical evaluation purposes and to improve our website.

On what legal basis do we process your data?

We have a legitimate interest in ensuring that our website runs free of errors. It is also our legitimate interest to obtain an anonymised overview of the access to our website. The data processing is therefore lawful pursuant to Art. 6 para 1 f) GDPR.

Social media plugins

Use of social media plugins

Use that is compliant with data protection

We use social media plugins on our website. You can recognise them by the logos of the social networks. You can use the plugins to easily share the content of our website on social networks. The list at the end of this section provides details of the plugins we use. Here you will also find the information of the various networks relevant to data protection.

How do we process your data?

The plugins normally function such that a mere visit to the website in which they are embedded is sufficient to establish a connection to the servers of the social networks. In this way, the offering companies learn that the respective website was visited via your IP address All networks store the IP address, apart from Xing. Additional personal data may be added. Your data is generally transferred to servers in the USA in the process. In this event, you can find out on what basis this is carried out in each case from the information on the networks provided below.

We only use social media buttons that comply with data protection regulations to protect your personal data more effectively. They replace the standard social network buttons with buttons that only communicate with the social network servers when you click on them. However, you can still easily share information with others.

Even when using the social media buttons that comply with data protection, your surfing behaviour may be assigned to your personal profile in a social network if you are logged into your account when you click on the button. If you do not want this to happen, you must log out of your account before you continue surfing the Internet.

On what legal basis do we process your data?

By activating the button, you give your consent for a link to be established to the relevant social network, for your IP address and potentially other data to be transmitted and for your surfing behaviour to be tracked by the social media company. The data processing is therefore lawful in accordance with Art. 6 para 1 lit. a) GDPR. You can revoke your consent at any time. We will cease processing your data from the time of revocation.

Which social media plugins do we use?

Analytics tools and advertising

We use the following tools to analyse the behaviour of the visitors to our website and to show advertisements to them.

Matomo Analytics Cloud (hosting with InnoCraft)

What is Matomo?
Open source tool for analysing user behaviour

Who processes your data?
InnoCraft, 150 Willis St, 6011 Wellington, New Zealand

Has a data processing contract been concluded with Matomo?
Yes

Where can you find more information about data protection at Matomo Analytics Cloud?

https://matomo.org/matomo-cloud-privacy-policy/

How can you prevent data collection?

Among others via the opt-out frame (https://matomo.org/faq/general/faq_20000/)

How do we process your data?

We are always interested in optimising our website for users and placing advertising to optimum effect. To assist us, we use Matomo Analytics, a tool that analyses user behaviour and thus provides us with the data based on which we will modify our website. Matomo uses cookies, device fingerprinting and other technologies that enable user recognition across the websites to analyse user behaviour. Matomo records the page views, the region of their origin, the IP address, referrers, browsers used and operating systems. In addition, the tool can measure whether our website visitors perform certain actions (e.g. click on links or make purchases). Once your IP address has been anonymised, the collected data is stored in the cloud.

On what legal basis do we process your data?

As website operators, we have a legitimate interest in the anonymised analysis of user behaviour for the purpose of optimising our website and the advertising displayed on it. The data processing is therefore lawful in accordance with Art. 6 para 1 lit. f) GDPR. If you granted your consent, for example, to the storage of cookies or have otherwise consented to data processing by Matomo Analytics Cloud, the legal basis is exclusively Art. 6 para 1 a) GDPR. You can revoke your consent at any time with effect for the future.

Google Ads

What is Google Ads?
Online advertising programme of Google Ireland Ltd.

Who processes your data?
Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland

Where can you find more information about Google Ads privacy?
https://policies.google.com/privacy?hl=de&gl=de

On what basis do we transfer your data to the USA?
Google complies with the European Commission’s standard contractual clauses (https://privacy.google.com/businesses/compliance)

How do we process your data?

We use Google Ads. Google’s advertising programme enables us to play advertisements in the Google search engine or on third-party websites when visitors to our website enter certain search terms on Google (keyword targeting). In addition, we can use the user data available at Google (e.g. location data and interests) to place targeted advertisements (audience segment targeting). We evaluate the collected data quantitatively by analysing, for example, which search terms triggered the playout of our advertisements and how many advertisements led to corresponding clicks.

On what legal basis do we process your data?

As website operators, we have a legitimate interest in the placing and evaluation of advertisements. The data processing is therefore lawful in accordance with Art. 6 para 1 lit. f) GDPR. If you granted your consent, for example, to the storage of cookies or have otherwise consented to data processing by Google, the legal basis is exclusively Art. 6 para 1 a) GDPR. You can revoke your consent at any time with effect for the future.

Audio and video conferences

As a company, we are in contact with many people: customers, business partners, service providers, etc. In addition to other means of communication, we also use online conference tools for communications. Information relevant to data protection law on the provider(s) of the tools we use is contained at the end of this section. If you communicate with us via this type of tool, not only we, but in particular the provider of the respective tool, will process your personal data.

How do we process your data?

Online conferencing tools collect and store a range of personal data to enable participation in an online conference and the efficient operation of such. In addition to registration, conference and technical data, this also includes specific communication content.

Login data: Your email address and/or telephone number and, where applicable, additional data you provide when registering for the conference.

Conference data: The start, end and duration of your participation in the conference, the number of participants and other meta data regarding the conference.

Technical data: IP address, MAC address, device ID, device type, operating system and version, client version, camera type, microphone or speaker and the connection type.

Communication content: Cloud recordings, chat/instant messages, voice mails uploaded photos and videos, files, whiteboards and other information shared while using the service.

For details on data processing, please refer to the privacy policies of the respective conference tool provider.

How long do we store your data?

As your communication partner, we delete your data from our systems as soon as one of the following occurs:

The purpose of the data processing ceases to apply.

You request us to delete the data.

You revoke your consent to storage.

This only does not apply if we are legally obliged to retain the data.

Cookies remain on your terminal device until you delete them.

Conference tool providers also store your data for their own purposes. Please enquire directly with the providers what this means for the duration of the storage of your data.

On what legal basis do we process your data?

If we are already bound under a contract or if you wish to enter into a contract with us, we use conference tools to fulfil the contract or to inform you about our services or products. In this respect, data processing is carried out on the basis of Art. 6 para 1 lit. b) GDPR. Otherwise, the use of conferencing tools is for quick and easy communication, without which we could not run our business efficiently. We therefore also have a legitimate interest in the data processing pursuant to Art. 6 para 1 lit. f) GDPR. Another legal basis may be your consent. In this case Art. 6 para 1 lit. a) GDPR shall apply. This basis shall cease to apply for the future if you revoke your consent.

Which online conference tools do we use?

Microsoft Teams

What is Microsoft Teams?
It is a communication platform for team working

Who processes your data?
Microsoft Corp., One Microsoft Way, Redmond, WA 98052 – 6399, USA

Where can you find more information about data protection at Microsoft Teams?
https://privacy.microsoft.com/de-de/privacystatement

On what basis do we transfer your data to the USA?

Microsoft complies with the European Commission’s standard contractual clauses (https://docs.microsoft.com/en-us/compliance/regulatory/gdpr)

Own services / Other

Handling of applicant data

If you would like to work for us, we will be happy to receive your application. We treat all personal data transmitted in strict confidence. This also applies to data we collect subsequently din the course of the application process.

How do we process your data?

We store and use all the data we collect as part of the application process, insofar as this is required to make a decision on the formation of an employment relationship. In addition to contact and communication data and application documents, this also applies, for example, to any notes we take during job interviews. We only pass your data to persons within our company who are involved in processing your application.

In the event of a successful application, we store the data required for the implementation of the employment relationship in our data processing systems.

How long do we store your data?

If we are unable to make you a job offer, you decline a job offer or withdraw your application, we reserve the right to retain your documents and other application data for up to 6 months after the end of the application process. The reason is that we may require the data for evidence purposes in the event of a legal dispute. Upon the expiry of the 6‑month retention period, we delete the data and destroy all the documents. If litigation is imminent or pending, we will delete the data and documents if they are no longer required to serve as evidence.

We delete data in the applicant pool no later than 2 years after consent has been granted. Should you withdraw your consent prior to the end of this period, we will delete the data at an earlier stage.

The deletion of your data is, at all times, subject to the condition that we are not legally obliged to keep it for a longer period.

On what legal basis do we process your data?

We process your applicant data on the basis of § 26 BDSG-neu (Federal Data Protection Act, as amended) (initiation of an employment relationship) and Art. 6 para 1 lit. b) GDPR (general contract initiation).

The same applies if your application is successful.

If we are unable to make you a job offer, you decline a job offer or withdraw your application, we have a legitimate interest in using your data to serve as evidence in any litigation. The data processing is therefore based on Art. 6 para 1 lit. f) GDPR.

If you have expressly consented to the storage of your data, we will process your data on the basis of Art. 6 para 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future.

This Privacy Policy which complies with the GDPR and was created using the smart data protection generator from PRIVE Datenschutz-Software.

Pri­vacy policy

Gen­er­al

Privacy policy

General