1. General notes
We take the protection of your data very seriously and would therefore like to inform you extensively on this page about when and in what quality we collect and use data from you and to what extent this data is made available to third parties.
If a concerned person is interested in using our company’s services via any of our websites, it may be necessary to process personal data. If it is required to process personal data, and there is no legal basis for such processing, we generally obtain the person’s consent.
The processing of personal data, such as the name, address, email address, or telephone number of a data subject, is always carried out in accordance with the basic data protection regulation and in compliance with the applicable data protection regulations. By means of this data protection declaration we would like to inform you about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, this data protection declaration informs affected persons about their rights.
As data controller, empuxa GmbH has implemented numerous technical and organizational measures to ensure the most complete protection possible of the personal data processed via this website. Nevertheless, data transmissions on the Internet may have security gaps, so that absolute protection cannot be guaranteed. For this reason, every person concerned is free to transmit personal data to us through alternative methods.
The data protection declaration of empuxa GmbH is based on the terminology used by the European legislator when the general data protection regulation (GDPR) was issued.
a. Person concerned
Concerned person means any identified or identifiable natural person whose personal data are processed by the controller.
b. Personal data
Personal data means any information relating to an identified or identifiable natural person (subsequently referred to as “concerned person”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identification, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Processing is any operation or set of operations, performed with or without the aid of automated processes, concerning personal data, such as collection, recording, organization, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d. Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific affected person without the need for additional information, provided that this additional information is kept separately and is subject to technical and organizational measures which ensure that the personal data is not attributed to an identified or identifiable natural person.
f. Responsible person or controller
Responsible person or controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by union or national law, specific criteria for the identification of the controller may be laid down by union or national law.
g. Order processor
Order processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
The recipient is any natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third-party. However, authorities which may receive personal data in the context of a specific request for investigation under union or national law shall not be considered as recipients.
Third-party means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data.
Consent shall mean any freely given and informed unequivocal expression of the concerned person’s wishes in the specific case, in the form of a statement or any other clear confirmation by which the affected person indicates his or her consent to the processing of personal data relating to him or her.
3. The name and contact details of the controller and the data protection officer
The person responsible within the meaning of the general data protection regulation, other data protection laws applicable in the member states of the European Union and other regulations of a data protection law is the:
Reesenbüttler Redder 38a
A company data protection officer has not been appointed at empuxa GmbH, as there is no legal requirement for an appointed officer. For all data protection matters, please contact firstname.lastname@example.org.
4. Collection and storage of personal data and the type and purpose of their processing
As far as we obtain the consent of the concerned person for processing of personal data, Art. 6 paragraph 1 lit. a of the EU general data protection basic regulation (GDPR) serves as the legal basis.
When processing personal data which is necessary for the fulfillment of a contract to which the concerned person is a party, Art. 6 paragraph 1 lit. b GDPR serves as the legal basis. This also applies to processing operations, which are necessary to carry out measures prior to a contract.
As far as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 paragraph 1 lit. c GDPR serves as the legal basis.
In cases where vital interests of the concerned person or of another natural person make it necessary to process personal data, Art. 6 paragraph 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or of a third-party and if the interests, fundamental rights and freedoms of the concerned person do not outweigh the former interest, Art. 6 paragraph 1 lit. f GDPR serves as the legal basis for the processing.
The personal data of the concerned person will be deleted or blocked as soon as the purpose of the storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU ordinances, laws or other regulations to which the responsible person is subject. Data will also be blocked or deleted when a storage period defined by the standards mentioned above expires, unless there is a need for further storage of the data in order to conclude or fulfill a contract.
a. When visiting the website
When you visit our website, the browser used on your device automatically sends information to the server of our website. This information is stored in a so-called log file. The following information is recorded without your intervention and kept until it is automatically deleted:
- name of the website you have accessed,
- requested page contents including transmission protocol,
- browser type,
- browser version,
- operating system used,
- IP address,
- date and time of the server request,
- amount of data,
- HTTP status code,
- referrer URL (the previously visited page),
- requesting provider.
This data is not merged with other data sources.
The basis for data processing is Art. 6 paragraph 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
b. When contacting us
If you send us requests (e.g., via email), your details from the request, including the contact details you provided there, will be stored by us for the purpose of processing the request and in case of follow-up questions. We will not pass on this data without your consent.
The legal basis for the processing of the data is our legitimate interest in answering your request in accordance with Art. 6 paragraph 1 lit. f German Data Protection Act (GDPR). If your contact is aimed at the conclusion of a contract, an additional legal basis for the processing is Art. 6 paragraph 1 lit. b German Data Protection Act (GDPR).
You can revoke this processing at any time. All you need to do is send us an informal notification by email. The legitimacy of the data processing operations carried out up to the revocation remains unaffected by the revocation.
The data transmitted by you in the course of contacting us will remain with us until you request us to delete it, revoke your consent to its storage or the purpose for which it was stored ceases to apply (e.g. after your enquiry has been processed). Mandatory legal provisions — in particular retention periods — remain unaffected.
5. Transfer of data
Your personal data will be transferred from us to third parties exclusively to the service partners involved in the contract processing. In cases where your personal data is passed on to third parties, the scope of the data transmitted is limited to the necessary minimum.
We only pass on your personal data to third parties if:
- you have given your express consent in accordance with Art. 6 paragraph 1 sentence 1 lit. a of the GDPR,
- the disclosure pursuant to Art. 6 paragraph 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
- in the event that there is a legal obligation to pass on the data pursuant to Art. 6 paragraph 1 sentence 1 lit. c GDPR, and
- this is legally permissible and required under Art. 6 paragraph 1 sentence 1 lit. b GDPR for the processing of contractual relationships with you.
On request, we will provide you with information at any time about what personal data is stored about you. Furthermore, we will correct or delete personal data at your request or notice, provided that this does not conflict with any statutory storage obligations.
Our websites partly use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective, and safer. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit.
You can set your browser to inform you about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, and to activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
7. Analysis tools and third-party tools
No third parties' analysis tools are used to evaluate your user behavior on our websites intended for the public unless explicitly mentioned.
8. Applications and application procedures
We collect and process personal data of applicants for the purpose of handling the application process. The processing can also be done electronically. This is particularly the case if an applicant submits the relevant application documents to us electronically, e.g., by email or via a web form on our website.
If we conclude an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the legal regulations. If no employment contract is concluded with the applicant, the applicant agrees that his or her application documents will be stored in an applicant pool in order to be able to access these documents in the event of any new vacancies. If the applicant objects to the storage in the applicant pool, the application documents are automatically deleted two months after the rejection decision has been announced, provided there are no other legitimate interests of the company that would prevent deletion.
9. Rights of concerned persons
You have the right:
- to request information about your personal data processed by us in accordance with Art. 15 GDPR In particular, you may request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be communicated, the planned storage period, the existence of a right of correction, cancellation, restriction of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected by us, as well as the existence of automated decision making and, if applicable, meaningful information on the details of the data;
- in accordance with Art. 16 GDPR, to demand without delay the correction of incorrect or incomplete personal data stored by us;
- in accordance with Art. 17 GDPR to demand the deletion of your personal data stored with us, unless processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, execute or defend legal claims;
- in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data, as far as the correctness of the data is disputed by you, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you need it for the pursuit, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
- in accordance with Art. 20 GDPR, to receive your personal data that you have provided us within a structured, common, and machine-readable format or to request its transfer to another responsible party;
- in accordance with Art. 7 paragraph 3 GDPR, to revoke your consent to us at any time. As a result, we may no longer continue the data processing based on this consent for the future and
- complain to a supervising authority in accordance with Art. 77 GDPR. You can generally contact the supervising authority at your usual place of residence or workplace or at our registered office.
10. Right of refusal
If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 paragraph 1 sentence 1 lit. f GDPR, you have the right to refuse the processing of your personal data in accordance with Art. 21 GDPR, if there are reasons for doing so resulting from your particular situation or if the refusal is directed against direct marketing. In the last case, you have a general right of refusal, which will be handled by us without indicating any special situation.
11. Contact in data protection matters
The protection of your data is a personal concern for us. Within the framework of the applicable legal regulations, you have the right at any time and free of charge to receive information about your stored personal data, its origin and recipients and the purpose of the data processing and, if applicable, a right to correct, block or delete this data. For this purpose, as well as for further questions regarding personal data, you can contact us at any time at the address given in the imprint.
12. Data security
We use the common SSL (Secure Socket Layer) procedure within the website session in connection with the highest encryption level supported by your browser. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the status bar of your browser. If the SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
We also use suitable technical and organizational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.