Information concerning data protection
This data privacy statement informs you about our handling of your data. In order to help you understand how we process your data, we would like to provide you with the following information to give you an overview. To ensure fair processing, this data privacy statement contains general information about our handling of your data as well as information about your rights according to the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
We will also inform you in detail about:
- General data
- Data processing on our website
- Further data processing
The Team Enablers GmbH (hereinafter referred to as “we” or “us”) is responsible for data processing.
I. General information
If you have any questions or suggestions regarding this information or would like to contact us regarding the assertion of your rights, please send your request to:
The Team Enablers GmbH
Tel: +49 (0)40 69919799
2. Legal basis
The data protection term “personal data” refers to all information relating to an identified or identifiable natural person.
We process personal data in compliance with the relevant data protection regulations, in particular GDPR and the German Federal Data Protection Act. We only process data when we have been granted legal permission to do so. We process personal data:
- Only after having received your consent (Article 6 (1) lit. a) GDPR)
- For the performance of a contract to which you are a party or, at your request, for the performance of pre-contractual measures (Article 6 (1) lit. b) GDPR)
- In order to comply with a legal obligation (Article 6 (1) lit. c) GDPR)
- Or if processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, except where such interests or fundamental rights require the protection of personal data (Article 6 (1) lit. f) GDPR)
If you apply for an open position in our company, we also process your personal data to decide whether to form an employment relationship (Section 26 (1) Clause 1 German Federal Data Protection Act).
3. Duration of retention
Unless otherwise specified below, we will only store the data for such period as is necessary to achieve the processing purpose or to comply with our contractual or statutory obligations. Such statutory retention obligations may result from regulations provided for in commercial or tax law.
4. Categories of recipients of data
We use data processors to process your data. The processing activities carried out by such processors include, for example, hosting, maintenance and support of IT systems, customer and order management, accounting and billing, marketing activities or the destruction of files and data carriers. A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Processors do not use data for their own purposes but exclusively carry out the data processing on behalf of the controller and are under a contractual obligation to provide for adequate technical and organisational measures to ensure data privacy.
In addition, we may transfer your personal data to entities such as postal and delivery services, house banks, tax consultants/auditors or the tax authorities.
If your data is transferred to other recipients, we will inform you of the respective processing procedure.
5. Processing when exercising your rights under Articles 15 to 22 GDPR
If you exercise your rights in accordance with Articles 15 to 22 GDPR, we process the personal data transmitted for the purpose of implementing these rights and to be able to provide evidence of this. We will only process the stored data for the purpose of supplying and preparing information and for the purposes of data protection control. We otherwise restrict processing thereof in accordance with Article 18 GDPR.
Such processing has a legal basis in Article 6 (1) lit. c) GDPR in conjunction with Articles 15 to 22 of the GDPR and Section 34 (2) German Federal Data Protection Act.
6. Your rights
As a data subject, you have the right to assert your data subject rights against us, in particular the following:
- You have the right, in accordance with Article 15 GDPR and Section 34 of the German Federal Data Protection Act, to obtain information as to whether or not personal data relating to you is being processed by us and, where this is the case, to what extent this is done.
- You have the right, in accordance with Article 16 GDPR, to obtain rectification of your data.
- You have the right, in accordance with Article 17 GDPR and Section 35 of the German Federal Data Protection Act, to obtain from us the erasure of your personal data.
- You have the right, in accordance with Article 18 GDPR, to obtain restriction of the processing of your personal data.
- You have the right, in accordance with Article 20 GDPR, to receive the personal data relating to you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit this data to another controller.
- If you have given us separate consent to data processing, you may withdraw this consent at any time in accordance with Article 7 (3) GDPR. Such a withdrawal will not affect the lawfulness of processing carried out on the basis of the consent prior to its withdrawal.
- If, in your opinion, the processing of personal data relating to you infringes the provisions of the GDPR, you may lodge a complaint with a supervisory authority in accordance with Article 77 GDPR.
7. Right to object
In accordance with Article 21 GDPR, you are entitled to object to any processing that is legally based on Article 6 (1) Clause 1 lit. e) or f) GDPR for reasons arising from your particular situation. If your personal data is processed by us for direct marketing purposes, you may object to this processing pursuant to Article 21 (2) and (3) GDPR.
8. Data Protection Officer
You may contact our Data Protection Officer at: firstname.lastname@example.org
II. Data processing on our website
When using the website, we collect information that you provide yourself. We also automatically collect certain information about your use of the website. In data protection law, the IP address is also considered to be personal data. An IP address is assigned to every device connected to the internet by the internet provider so that it can send and receive data.
1. Processing of server log files
In the case of the purely informative use of our website, general information is initially stored automatically (i.e. not via registration), which your browser sends to our server. By default, this includes browser type/version, operating system used, page accessed, the previously visited page (referrer URL), IP address, date and time of the server request and the HTTP status code. Processing is carried out to protect our legitimate interests and has a legal basis in Article 6 (1) lit. f) GDPR. This processing serves the technical administration and security of the website. The stored data will be erased after seven days unless concrete evidence exists that leads to reasonable suspicion of unlawful usage and requires further review and processing of the information. We are not in a position to identity you as a data subject on the basis of the stored information. For this reason, according to Article 11 (2) GDPR, Articles 15 to 22 GDPR are not applicable, unless you provide additional information to enable us to exercise your rights set out in these articles, which will enable us to identify you.
2. Data transfer to the USA
Visiting our website may involve the transfer of certain personal data to the USA. For data transfers to the USA as a third country i.e. a country in which GDPR does not apply, the European Commission has decided, in accordance with Article 45 GDPR, that an adequate level of data protection is required with regard to companies certified under the EU-US Privacy Shield. Such a transfer to the USA will thus take place in a permissible manner. Certified companies are included in this list supplied by the U.S. Department of Commerce: https://www.privacyshield.gov/list.
3. Contact options and requests
a. Crisp Chat
Our website has a contact form which you can use to send us messages. We use the Crisp Chat service of Crisp IM SARL (France/EU) to facilitate this.
Your personal data, such as IP address and communication contents, will be processed. Alternatively, you can also send us a message via the contact email. We process the data for the purpose of answering your request. If your request is directed at the conclusion or performance of a contract with us, then Article 6 (1) lit. b) GDPR serves as the legal basis for data processing. Otherwise, we process the data on the basis of our legitimate interest in making contact with inquiring persons. The legal basis for such data processing is then Article 6 (1) lit. f) GDPR.
If you send us a message via the specified contact email, we will process the transferred data for the purpose of answering your request.
Insofar as your request is directed at the conclusion or performance of a contract with us, Article 6 (1) lit. b) GDPR serves as the legal basis for data processing. Otherwise, we process the data on the basis of our legitimate interest in making contact with inquiring persons. The legal basis for such data processing is then Article 6 (1) lit. f) GDPR.
Information on how cookies and similar technologies are used by us can be found under the description of the specific processing activity. You can also find further information on the cookies used by our website in our cookie settings/references.
5. Consent management
We use a so-called “consent banner” on our website. This enables the users of our website to give their consent to certain data processing procedures or to revoke any consent given. In addition, this provides evidence of the declaration of consent. For this purpose, we process information about the declaration of consent and further protocol data relating to this declaration. Cookies are used to collect this data, which is stored for three years in order to meet our obligation to provide evidence.
The processing of this data is necessary to prove that consent has been given. The legal basis is derived from our legal obligation to document your consent (Article 6 (1) lit. c) in conjunction with Article 7 (1) GDPR.
6. Disqus comment system
On our website we provide a blog where we publish articles on various topics. You have the possibility to comment on these posts. We have integrated the Disqus comment system for this purpose. The comment system is a service provided by Disqus, Inc. (USA).
This processing has its legal basis in Article 6 (1) lit. f) GDPR. It serves our legitimate interest to ensure easy integration and the versatile usability of the comment function.
To post a comment using Disqus, you have to log in via a Disqus user account. When you post a comment, the email address and IP address you entered as processed, inter alia. Information on data processing by Disqus can be found at: https://help.disqus.com/terms-and-policies/disqus-privacy-policy. Alternatively, you can log into Facebook, Twitter and Google Plus via an existing user account. If you log into the Disqus function on our website with such a user account, the respect service provider will also collect and process information on your use of the Disqus functions. You can obtain further information about this from the respective service provider.
Disqus processes data to deliver targeted content and advertising on websites. To prevent such processing, you can place an opt-out cookie on your device by going to https://disqus.com/data-sharing-settings/
The email address you enter and the IP address used while posting a comment will be transmitted to us by Disqus. We process this data exclusively for the purpose of contacting you in connection with your use of Disqus, e.g. if we have queries regarding your user comment. Such processing has its legal basis in Article 6 (1) lit. f) GDPR. It serves our legitimate interest in being able to contact you and to ensure law enforcement if you post an unlawful comment.
We have concluded standard data protection agreements with Disqus to ensure an appropriate level of data protection.
7. Google Analytics
We only use Google Analytics with activated IP anonymisation. This means that the IP address of users is shortened by Google within Member States of the European Union or other contracting parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. The IP address transmitted by the user’s browser is not merged with other Google data.
The setting of cookies and the further processing of personal data described here is carried out with your consent. The legal framework for data processing in connection with Google Analytics is thus Article 6 (1) lit. a) GDPR.
You can prevent the storage of cookies by Google Analytics by setting our consent banner or your browser software accordingly. You can also prevent the collection of information generated by the cookie by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout. If you visit our website using a mobile device, you can disable Google Analytics by clicking on this link. Please also note that we will document any consent you have given us in order to comply with our obligation to provide evidence under Article 7 (1) GDPR. Since we are obligated to do so, the legal framework for such storage is Article 6 (1) lit. c) GDPR.
When using Google Analytics, we cannot exclude the possibility that the processed data may be transferred to Google LLC, a company based in the USA. Google LLC (USA) is certified under the EU-US Privacy Shield.
8. Integrated services and third-party content
On our website, we use third-party services and content (hereinafter collectively referred to as “content”). In order to integrate such content, it is technically necessary to process your IP address so that the content can be sent to your browser. Your IP address is therefore transmitted to the respective third-party providers. This data processing is carried out in each case to protect our legitimate interests in the optimisation and economical operation of our website and thus has its legal basis in Article 6 (1) lit. f) GDPR.
You can object to such data processing at any time by changing the settings of the browser used or by installing certain browser extensions. One such extension is the matrix-based firewall uMatrix for the Firefox and Google Chrome browsers. Please note that this may result in functional restrictions on the website.
We have incorporated content from the following services provided by third parties into our website:
- “Google Web Fonts” from Google Ireland Limited (Ireland/EU) for displaying fonts. When using Google services, we cannot exclude the possibility that the processed data may be transferred to Google LLC, a company based in the USA. Google LLC (USA) is certified under the EU-US Privacy Shield.
- “YouTube” from YouTube LLC (USA) for displaying videos. As a subsidiary of Google, YouTube is certified under the EU-US Privacy Shield.
- “Vimeo” from Vimeo Inc. (USA) for displaying videos. Vimeo is certified under the EU-US Privacy Shield.
III. Further data processing
1. Contractual relationships
In order to establish or implement a contractual relationship with our customers, it is necessary to process the contact data of the relevant contact persons that we have been provided with on a regular basis. The legal basis for such processing is Article 6 (1) lit. f) GDPR. We also process customer and prospective customer data for evaluation and marketing purposes. The legal basis for such processing is Article 6 (1) lit. f) GDPR and serves our interest to further develop our offering and to inform you specifically about the offers of The Team Enablers GmbH. Further data processing can take place if you have given your consent (Article 6 (1) lit. a) GDPR) or if this is necessary to fulfil a legal obligation (Article 6 (1) lit. c) GDPR).
If you apply for a job in our company, we process your application data exclusively for purposes related to your interest in a current or future position with us and the processing of your application. Your application will only be processed and acknowledged by the relevant contact persons at our company. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. If we are unable to offer you employment, we will retain the data you have submitted for up to six months after any rejection for the purpose of answering questions in connection with your application and rejection. This does not apply if legal provisions prevent erasure, further retention is necessary for the purpose of providing evidence or if you have expressly consented to longer retention. The legal basis for such data processing is Section 26 (1) Clause 1 German Federal Data Protection Act. Should we retain your application data for a period of six months, and you have expressly consented to this, we would like to point out that this consent can be freely revoked at any time in accordance with Article 7 (3) GDPR. Such a revocation does not affect the lawfulness of the processing that has been carried out until revocation on the basis of your consent.
As of 02.2020