Data protection

Thank you for visiting our website. Herewith we would like to inform you about the data processing in our company.

Contact and Data Protection Officer
Purposes and legal bases
Website visitors
Applicant
Business partners and suppliers
Processors, disclosure to third parties in third countries
Rights of data subjects (information for data subjects according to Chapter 3 GDPR)

Contact and Data Protection Officer

Responsible for data processing is:

ARTCLINE GmbH
Schillingallee 68
18057 Rostock

Phone: +49 (0)381 440 703 0
Fax: +49 (0)381 440 703 29
E-Mail: info(at)artcline.de

You can contact our data protection officer as follows:

ECOVIS Keller Rechtsanwälte PartG mbB
Rechtsanwalt Axel Keller / Senior Associate Karsten Neumann
Am Campus 1 – 11,
18182 Rostock-Bentwisch

Tel.: +49 (0)381 649210
E-Mail: dsb-nord(at)ecovis.com
Web: www.ecovis.com/datenschutzberater

I. Purposes and legal bases

Website visitors

Server log files

The provider of our website automatically collects and stores information in so-called server log files, which are automatically transmitted to us by your browser. The following can be recorded:

(1) browser types and versions used,
(2) the operating system used by the accessing system,
(3) the website from which an accessing system accesses our website (so-called referrer),
(4) Sub-websites, which are accessed via an accessing system on our website,
(5) the date and time of access to the website,
(6) an Internet Protocol (IP) address,
(7) the Internet service provider of the accessing system, and
(8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

When using this general data and information, we do not draw any conclusions about you. Rather, this information is needed to:
(1) to deliver the contents of our website correctly,
(2) to optimize the content of our website and the advertising for it,
(3) to ensure the long-term functionality of our information technology systems and the technology of our website, and
(4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

Therefore, we analyze this data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all your personal data. This data will not be merged with other data sources. However, if there are indications of illegal use of our website, it is possible for us to subject this data to a subsequent review.

How to contact us

Our website contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If you contact us by e-mail, the personal data you provide will be automatically stored. Such personal data transmitted on a voluntary basis will be stored for the purpose of processing or contacting you. This personal data will not be passed on to third parties.

Google Maps Link

As part of our website, we offer links to Google Maps from Google LLC. The operating company is Google LLC; 1600 Amphitheatre Parkway; Mountain View, CA 94043; United States. To use this service, click on the link to be redirected to the interactive map of Google LLC. Only after clicking on the link will your personal data, such as your IP address, be given to Google LLC and processed by it. The use of the map service is voluntary. We have no influence whatsoever on the data transfer to Google LLC and data processing by it. If you do not wish the data to be transferred, please do not select the link.

In principle, Google undertakes in its own privacy policy not to pass on any information to third parties, but exceptions are possible. Google’s privacy policy can be found here: http://www.google.com/policies/privacy/. In its judgment of 16.07.2020, the European Court of Justice declared the international transfer of personal data to the USA on the basis of the EU-US Privacy Shield and the standard contractual clauses invalid. This means that data transfers to the USA are no longer permitted. Providers are currently revising their data protection regulations and the European supervisory authorities are examining the implementation of new contractual standards. Until then, the data transfer is based on the exceptions pursuant to Art. 49 GDPR. Furthermore, we are examining the change to components of EU-based providers, the use of standard contractual clauses with the inclusion of corresponding supplements. For the time being, however, we would like to point out that the US security laws, which conflict with EU data protection law, are applicable to all data transfers from the EU to the USA and therefore the level of protection in the USA as a whole cannot be regarded as equivalent to the level of protection prevailing in the EU.

Other providers

If, in addition to the information contained herein, there is a link to websites of other providers, this privacy policy does not apply to their content. The collection of data by the operators of the respective pages is beyond our knowledge and sphere of influence. Please note the privacy policy of the respective page.

Applicant

If you are interested in working for our company, you have the opportunity to apply to us by post or e-mail and submit your application documents.

In the course of the application process, you may provide us with very personal information about yourself. In this context, the data that you provide to us in your letter of application will be processed. As a matter of principle, we collect your personal data in direct contact with you, as listed below. In addition, and to the extent necessary for the assessment of your application, we may process data legitimately received from other bodies or from other third parties or publicly accessible sources.

We process your data if this is necessary for the implementation of a pre-contractual measure for the purpose of handling the application procedure in accordance with Art. 6 (1) b GDPR in conjunction with § 26 BDSG. This includes the examination and assessment of your suitability for the position to be filled, performance and behavioral evaluation to the extent permitted by law, if necessary. Drafting of the employment contract as well as pre-contractual or contract-related communication (including appointments) with you.

For the purposes mentioned, we regularly process the following personal data: title/gender, address data, personal data (name, dates of birth), home address, professional activities/current job, nationality, professional qualification/professional experience, certificates, start/termination of an employment relationship.

The data is necessary for the proper conduct of the selection procedure. If you do not provide us with the details, we may not be able to consider your application. There is no legal obligation to provide the data.

If an employment contract is concluded with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that deletion does not conflict with any other legitimate interests of ours. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

In addition, we process your data if you have given us your consent in accordance with Art. 6 (1) a GDPR or pursuant to Art. 9 (2) a GDPR. You can give your consent to obtain references from previous employers and to store your application in a pool of applicants for later vacancies for a longer period of time.

We may obtain your consent to data processing separately. You can revoke your consent at any time with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Should a life-threatening emergency occur and you need medical attention, we base the processing of your data on Art. 6 (1) lit. d GDPR to protect your vital interests. This includes, in particular, the disclosure of relevant data to paramedics, doctors or other rescue workers.

If necessary, the data processing is carried out in our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest in data processing is fraud prevention; measures to ensure and improve the security of IT systems; measures to protect our business from unlawful acts; assertion of claims for damages; internal administrative purposes, in particular exchanges within our company; Assertion of legal claims and defence in legal disputes – if necessary, disclosure to legal representatives working for us; Ensuring uniform applicant management and uniform quality standards within our company.

No automatic evaluation systems are used in data processing in our company.

Business partners and suppliers

As part of our business relationship and depending on the specific purpose for which we collect your data, we regularly process personal data even if you are a legal entity. This is the case, for example, when we collect data from people from the management or personal contacts of your company.

As a matter of principle, we collect your data in direct contact with the data subject. However, it is also conceivable that you may provide us with data of persons who are responsible for us in your company.

We process your data if this is necessary for the performance of a contract you have concluded with us in accordance with Art. 6 (1) b 1st alternative GDPR or if the data processing is necessary for the implementation of a pre-contractual measure pursuant to Art. 6 (1) b 2nd alternative GDPR.

This concerns the following purposes:

Processing of our business relationship (payment transactions, accounting, fulfillment of contractual obligations existing between us)
Communication
Appointment management

The following categories of data may be processed in these contexts: company, name, business address data, business contact details, e-mail address, function in the company, lifelong doctor number if applicable, signature, professional activity, complaints/incidents.

As a rule, the data collected by us is absolutely necessary for the establishment and processing of a business relationship, including the fulfillment of the resulting obligations. As a rule, there is no other obligation to provide the data.

In individual cases, we are legally obliged to carry out data processing. In this case, we process your data in accordance with Art. 6 (1) c GDPR.

A legal obligation may arise:

result from a contract that you have concluded with us and for the performance of which the data collection serves;
from the legal regulations applicable to us, or – in accordance with Art. 6 (2) and (3) GDPR – the law of the European Union or the law of the member states of the European Union

Should a life-threatening emergency occur, and you need medical attention, we will then base the processing of your data on Art. 6 (1) lit. d GDPR to protect your vital interests.

If necessary, the data processing is carried out in our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

To the extent permitted by law, your personal data will be stored if this is necessary to assert or defend against legal claims.

Our legitimate interest in data processing may include the contact data processing of the contact persons; the existence of a legal relationship between us, fraud prevention; Measures to protect our company from illegal actions and to assert claims for damages.

Failure to provide personal data by persons working for your company usually only has the consequence that communication between us would be considerably more difficult or impossible – for example in the area of communication via e-mail.

No automatic monitoring or evaluation systems are used in data processing in our company.

Duration of data storage

The personal data collected by us will be stored until the expiry of the statutory retention obligation and then deleted, unless according to Article 6 Para. 1 S. 1 lit. c DSGVO there is an obligation to store the data for a longer period of time due to obligations of the professional code or tax and commercial law retention and documentation obligations (from HGB, StGB or AO) or you object to further storage in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR.

Subject to such retention obligations, data will be deleted when the purpose for which it was collected no longer applies.

To the extent permitted by law, data will also be stored if this is necessary to assert or defend against legal claims.

II. Processors, disclosure to third parties in third countries

A transfer of personal data to state institutions and authorities takes place exclusively on the basis of mandatory national legal provisions.

The persons commissioned by us with the processing of the data are obliged to maintain confidentiality and to process the data lawfully. In the event of further processing of your personal data for a purpose other than the original purpose, we will notify you accordingly.

The data collected by us will only be forwarded to recipients or third parties in compliance with the statutory provisions if this is legally permissible or if you have given us your consent. Internal recipients can be: management, administrative staff, research assistants. External recipients are: tax consultants, tax office, auditing bodies if applicable, own legal representatives, external processors pursuant to Art. 4 No. 8 GDPR (Host Europe GmbH, Surfboxx IT-Solutions GmbH).

Both we and the processor are obliged to comply with the technical and organizational measures pursuant to Art. 32 GDPR and the external service provider is also obliged to maintain secrecy. Processing is carried out exclusively on our behalf and on our instructions. Any processing of your personal data beyond this order data processing will only take place with your explicit consent or in cases ordered by law and by the authorities or courts.

Data will only be transferred to third countries (countries outside the European Economic Area – EEA) if this is necessary for the fulfilment of the contract, if it is required by law, if you have given your consent to data processing in accordance with Art. 49 (a) GDPR or is necessary to ensure various functionalities on the website. We will inform you separately about details, if required by law.

III. Rights of data subjects (information for data subjects according to Chapter 3 GDPR)

You are entitled to the following rights as a data subject:

the right to information pursuant to Art. 15 GDPR
the right to rectification pursuant to Art. 16 GDPR
the right to deletion pursuant to Art. 17 GDPR
the right to restriction of the processing of personal data in accordance with Art. 18 GDPR
the right to data portability pursuant to Art. 20 GDPR and
the right to object to the processing of personal data pursuant to Art. 21 GDPR.

If you have given us your consent for a specific purpose, you can revoke it informally at any time.

Separate information on the right of objection according to Article 21 GDPR

According to Art. 21 (1) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) (f) of the GDPR (processing to safeguard the legitimate interests of the controller or a third party).

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the processing is carried out for the purpose of direct marketing, you have the right to object to the processing in accordance with Art. 21 para. 2 GDPR, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling to the extent that it is related to such direct marketing.

In addition, according to Art. 77 GDPR, you have the right to lodge a complaint with a data protection authority. The complaint can be lodged with the data protection authority of the country where you reside or work or where the alleged infringement occurred. If the data protection authority of another Member State is responsible for the body you are complaining about, the national data protection authority will coordinate with the other data protection authority. You can find an overview here:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

Contact details of the competent supervisory authority of the company’s headquarters.

The State Commissioner for Data Protection and Freedom of Information Mecklenburg-Vorpommern

Schloss Schwerin,
Lennéstraße 1,
19053 Schwerin

Phone: +49 (0)385 594940
Fax: +49 (0)385 59494 58

E-Mail: info(at)datenschutz-mv.de
Web: www.datenschutz-mv.de; www.informationsfreiheit-mv.de;
https://www.datenschutz-mv.de/kontakt/kontaktformular/