Privacy Policy

1. An overview of data protection

General information

The following information provides you with a simple overview of what happens with your personal data when you visit this website. The term ‘personal data’ comprises all data that can be used to personally identify you. For detailed information on the subject of data protection, please refer to our Privacy Policy, which we have included beneath this copy.

Data collection on this website

Who is the responsible party for the collection of data on this website? The data on this website is processed by the operator of this website, whose contact information is available under the section ‘Legal disclosure’ on this website. How do we collect your data? Some of your data is collected when you communicate it to us. This may, for instance, be information you enter into our contact form. Our IT systems automatically collect other data when you visit our website. This data comprises mainly technical information (e.g. web browser, operating system or time the site was accessed). This information is collected automatically when you enter this website. What do we use your data for? Some of the data is collected to guarantee that the website is provided free of errors. Other data may be used to analyse your user behaviour. What rights do you have regarding your data? You have the right to receive information about the source, recipients and purposes of your stored personal data free of charge at any time. You also have the right to demand that your data is rectified or deleted. Please do not hesitate to contact us at any time at the address provided in the section ‘Legal disclosure’ if you have any questions about this or any other data protection-related issues. You also have the right to lodge a complaint with the competent supervisory authority. Moreover, under certain circumstances, you have the right to demand the restriction of the processing of your personal data. For details, please refer to the Privacy Policy under the section ‘Right to restriction of processing’.

2. Hosting

External hosting

This website is hosted by an external service provider (host). Personal data collected on this website is stored on the host’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communications data, contract information, contact information, names, web page access, and other data generated through a website. Our host will only process your data to the extent necessary to fulfil its performance obligations and to follow our instructions with respect to such data. We have concluded an order processing contract with the host in accordance with Art. 28 GDPR.

3. General information and mandatory information

Data protection

The operators of this website and its pages take the protection of your personal data very seriously. Hence, we treat your personal data confidentially and in compliance with the statutory data protection regulations and this Privacy Policy. Whenever you use this website, a variety of personal data will be collected. Personal data comprises data that can be used to personally identify you. This Privacy Policy explains which data we collect and what we use it for. It also explains how, and for which purpose the data is collected. We would like to point out that the transfer of data over the internet (e.g. through email communications) may be prone to security gaps. It is not possible to completely protect data against third-party access.

SSL or TLS encryption

For security reasons, and to protect the transfer of confidential content, such as purchase orders or enquiries you submit to us as the website operator, this website uses SSL or TLS encryption. You can recognise an encrypted connection by checking whether the address line of the browser changes from ‘http://’ to ‘https://’ and also by the appearance of the lock icon next to it. If SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.

Information on the controller pursuant to Art. 4 (7) GDPR

Swiss IT Security Deutschland GmbH Konrad-Adenauer-Ring 33 65187 Wiesbaden Germany Email: info@sits-d.de Phone: +49 611 945881-0

Data Protection Officer

Dr. Kraft, datenschutz@it-sec.de, Einsteinstr. 55, 89077 Ulm, Germany, Phone: +49 731 20589-24 The controller is the natural legal entity that single-handedly or jointly with others makes decisions as to the purposes of and the resources for the processing of personal data (e.g. names, email addresses etc.).

Revocation of your consent to the processing of data

A wide range of data processing transactions are possible only subject to your express consent. In principle, this is voluntary. You can also revoke at any time any consent you have already given us. To do so, all you are required to do is send us an informal notification via email. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data collection in specific cases and right to object to direct advertising (Art. 21 GDPR)

IF THE DATA PROCESSING BASED ON ART. 6 (1) (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON GROUNDS ARISING FROM YOUR UNIQUE SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. TO DETERMINE THE LEGAL BASIS ON WHICH ANY PROCESSING OF DATA IS BASED, PLEASE CONSULT THIS PRIVACY POLICY. IF YOU LOG AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE ARE IN A POSITION TO PRESENT COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING OF YOUR DATA THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PURPOSE OF THE PROCESSING IS THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 (1) GDPR). IF YOUR PERSONAL DATA IS BEING PROCESSED IN ORDER TO ENGAGE IN DIRECT ADVERTISING, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS ASSOCIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ART. 21 (2) GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, data subjects are entitled to log a complaint with a supervisory authority, in particular in the member state where they usually maintain their domicile, place of work or at the place where the alleged violation occurred. The right to log a complaint is without prejudice to any other administrative or court proceedings available as a legal recourse.

Right to data portability

You have the right to demand that we hand over any data we automatically process on the basis of your consent or in order to fulfil a contract to you or to a third party in a commonly used, machine-readable format. If you should demand the direct transfer of the data to another controller, this will be done only if it is technically feasible.

Information, rectification and deletion

Within the scope of the applicable statutory provisions, you have the right at any time to demand information about your stored personal data, its source and recipients and the purpose of the processing of your data. You may also have a right to have your data rectified or deleted. Please do not hesitate to contact us at any time at the address provided in the section ‘Legal disclosure’ if you have any questions about this or any other personal data-related issues.

Right to restriction of processing

You have the right to demand the restriction of the processing of your personal data. To do so, you may contact us at any time at the address provided in section ‘Legal disclosure’. The right to restriction of processing applies in the following cases:
  • In the event you should dispute the correctness of your personal data held by us, we will usually need some time to verify this claim. During the time that this investigation is ongoing, you have the right to demand that we restrict the processing of your personal data.
  • If we no longer need your personal data but you require it to exercise, defend or establish legal claims, you have the right to demand the restriction of the processing of your personal data. If you have lodged an objection pursuant to Art. 21 (1) GDPR, your interests and our interests will have to be weighed against each other. As long as it has not been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.
  • If you have restricted the processing of your personal data, this data – with the exception of its storage – may be processed only subject to your consent; to establish, exercise or defend legal claims; to protect the rights of other natural persons or legal entities or for important reasons of public interest cited by the European Union or a member state of the EU.

Data exchange within the group of companies

Data exchange within the group of companies to which we belong takes place exclusively within the EU/EEA and Switzerland as a country with an adequate level of protection pursuant to Art. 45 (1) GDPR and serves only internal administrative purposes. By group of companies, we mean affiliated companies within the meaning of Art. 4 (19) GDPR.

4. Data collection on this website

Cookies

In some instances, our website and its pages use cookies, e.g. in order to recognise visitor preferences and to be able to optimally display the website accordingly. This allows for easier navigation and a high degree of user-friendliness. Cookies also help us identify particularly popular areas of our website. Cookies are small files that are stored on a visitor’s hard drive. They allow information to be retained for a certain period of time and make it possible to identify the visitor’s computer. For better user guidance and individual performance, we use permanent cookies. We also use ‘session cookies’, which are automatically deleted when you close your browser. You can adjust your browser’s settings to make sure that you are notified every time cookies are set. This makes the use of cookies transparent for you. This is done to verify whether actions are authorised and to authenticate users requesting our services. The legal bases are Art. 6 (1) (c) in conjunction with Art. 32 and Art. 6 (1) (f) GDPR. Our legitimate interest is to secure our web server, e.g. to protect against attacks and to ensure the functionality of our services. We only set cookies that are not technically necessary with your express consent, which you may of course revoke at any time. These cookies are addressed separately in this Privacy Policy.

Server log files

The provider of this website and its pages automatically collects and stores information in server log files, which your browser transfers to us automatically. The information comprises:
  • Browser type and version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of server request
  • IP address
  • This data is not merged with other data sources.
The collection of this data is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in optimising its website and displaying it free of any technical errors. The server log files must be recorded for this purpose.

Contact form

If you send us enquiries via the contact form, your information from the form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of any follow-up questions. We will not disclose this data without your consent. The processing of the data entered in the contact form is therefore based exclusively on your consent (Art. 6 or Art. 1 (a) GDPR). You can revoke this consent at any time. To do so, all you are required to do is send us an informal notification via email. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation. The data you send to us via the contact form will remain with us until you request us to delete it, you revoke your consent to the storage or the purpose for data storage lapses (e.g. after we have completed processing your enquiry). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected. Google reCAPTCHA Our website uses the Google reCAPTCHA service, which makes it possible to distinguish between intentional data entry by a natural person and electronic or automated abuse. The IP address and any other data required by Google for the service will be forwarded to Google. The data is processed in accordance with Art. 6 (1) (f) GDPR. Our legitimate interest is to determine whether a request actually originates from a natural person and needs to be processed, and thus to avoid unnecessary spam filtering. It is possible that the data will also be transferred to servers in the United States. Recipient of the data: Google Ireland Ltd, Gordon House, 4 Barrow St, Dublin, D04 E5WE, Ireland. In the case of the transfer of data to the United States: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States The legal basis for the transfer is EU Standard Contract 2010 pursuant to Art. 46 (2) (c) GDPR in conjunction with the decision of the EU Commission of 5 February 2010 (2010/87/EU). Additional measures to ensure greater protection of personal data and effective legal protection for data subjects are currently being prepared.

Enquiry by email, telephone or fax

If you contact us by email, telephone or fax, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We will not disclose this data without your consent. This data is processed on the basis of Art. or Art. 6 (1) (b) GDPR, insofar as your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 or Art. 6 (1) (a) GDPR) and/or on our legitimate interests (Art. 6 or Art. 6 (1) (f) GDPR), as we have a legitimate interest in effectively processing the enquiries addressed to us. The data you send to us via contact requests will remain with us until you request us to delete it, you revoke your consent to its storage or the purpose for data storage lapses (e.g. after we have completed processing your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

Online application process

This part of the data privacy policy applies to applicants to any of the companies of the SITS Group. This only applies to the extent that these applicants transmit personal data to us as part of the application process, e.g. application in paper form, e-mail, contact forms with attachments or through the Greenhouse applicant portal. Application documents submitted on paper are scanned and stored in Greenhouse; the paper documents are then disposed of in compliance with data protection law via a shredder or a certified service provider or sent back to the candidates. Application documents sent by e-mail are stored in Greenhouse, the e-mails are then deleted. We only process your personal data to process your application and/or within the framework of the talent pool.  The processing of your application also includes, if necessary, the use of your data to contact you by e-mail and/or post and/or telephone. Recruiters, hiring managers and interviewers have access to your documents. Another form of processing is carried out anonymously for the purpose of measuring the success of job placements and the technical application channels used, as well as anonymously with regard to the skills of applicants submitted. Insofar as you have given your consent to the processing of your personal data, Art. 6 (1) lit. a GDPR serves as the legal basis. This is particularly the case within the scope of the talent pool. When processing your personal data that is necessary for the performance of a contract to which you are a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. The data is processed with the help of systems of Greenhouse Software, Inc. a company based in the USA. The SITS Group has concluded a contract with Greenhouse for this purpose based on the EU standard data protection clauses in accordance with Article 46 GDPR and has implemented sufficient technical and organizational measures to adequately protect your data. The data is stored exclusively on European servers. The transmission of the data entered by you as well as the file attachments sent along takes place via a transport-secured connection. If you want more detailed information regarding the use of greenhouse as a US service provider, please contact us at: datenschutz@it-sec.de. The deletion of the stored personal data of the applicant takes place automatically at the earliest after 4 weeks, but at the latest after 5 years, from the date on which the applicant was informed that the position will not be filled by him and no other legal requirements conflict with this. The time limit results from the legal requirements of the respective countries for the equal treatment of applicants. If you have given your consent to be included in the talent pool, your data will be stored in our system for up to 1 year in order to be considered in advance for future job vacancies. In this context, we use the data you provide to contact you by e-mail and/or mail and/or telephone. When sending application documents outside our application portal, by mail, e-mail or via an agency, you will receive a summary of this privacy policy together with an confirmation of receiving your application or, at the latest, in the event of a negative response on our side. In this cases we process the applicant data in our Greenhouse applicant portal, unless you expressly object to this procedure in the context of your e-mail.

5. Analytics tools and advertising

Matomo (formerly Piwik)

This website uses the open-source web analytics software Matomo to optimise and statistically evaluate visitor access to our website. This website uses Matomo exclusively without the use of cookies, which means that Matomo does not set cookies on your device at any time. Personal usage data is therefore only processed anonymously. The processing of data obtained in this way takes place exclusively on our own servers in Germany. The data is not accessed by third parties. Alternatively, you can also object to the storage and analysis of the data collected by Matomo at any time HERE. In this case, an opt-out cookie ensures that Matomo does not collect any session data. In addition, as part of our website analytics, we of course respect any ‘Do Not Track’ preference you may have set in your browser. General information on data protection at Matomo: https://matomo.org/docs/privacy/

6. Plugins and tools

Adobe Fonts/Adobe Typekit

We use Adobe Typekit/Adobe Fonts to display fonts on our website. This is a service that provides access to a font library and is provided by Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, United States (Adobe). When you access this website, your browser loads the required fonts directly from Adobe so that they can be displayed correctly on your device. When doing so, your browser establishes a connection to Adobe’s servers in the United States. This enables Adobe to know that your IP address has been used to access this website. According to Adobe, no cookies are stored when providing the fonts. Adobe is certified under the EU-US Privacy Shield. The Privacy Shield is an agreement between the United States of America and the European Union to ensure compliance with European data protection standards. You can find more information at: https://www.adobe.com/privacy/eudatatransfers.html. The use of Adobe Fonts/Typekit is necessary to ensure a consistent typeface on this website. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. For more information on Adobe Fonts, please visit: https://www.adobe.com/privacy/policies/adobe-fonts.html. Adobe’s privacy policy can be found at: https://www.adobe.com/de/privacy/policy.html

YouTube video embedded via iFrame in enhanced privacy mode

Wir nutzen YouTube, einen Service von Google, um Ihnen Video-Inhalte anzuzeigen. Zum Schutz Ihrer Privatsphäre haben wir dabei den erweiterten Datenschutz-Modus aktiviert. Auch YouTube verwendet Cookies, um Informationen über die Besucher ihrer Internetseite zu sammeln. YouTube verwendet diese unter anderem zur Erfassung von Videostatistiken, zur Vermeidung von Betrug und zur Verbesserung der Userfreundlichkeit. Der Aufruf eines Videos führt dabei in der Regel auch zu einer Verbindungsaufnahme mit dem Google DoubleClick Netzwerk. Wenn Sie das Video starten, könnte dies weitere Datenverarbeitungsvorgänge auslösen, insbesondere dann, wenn Sie bereits bei YouTube eingeloggt sind. Darauf haben wir keinen Einfluss. Mit Drücken des Start-Buttons am Video willigen Sie in die Übermittlung der Daten an Google ein. Darüber werden auch weitere Google Dienste beansprucht (z.B. Google Fonts). Ihre Einwilligung besteht nur solange Sie sich auf der Seite befinden. Weitere Informationen über Datenschutz bei YouTube finden Sie in deren Datenschutzerklärung (http://www.youtube.com/t/privacy_at_youtube). Empfänger der Daten: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland Im Falle der Zugriffsmöglichkeiten auf die Daten aus den USA (z.B. Support): Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA Rechtsgrundlage für die Übermittlung sind die EU-Standardvertragsklauseln gemäß Art. 46 Abs. 2 lit. c DSGVO.

Friendly Captcha

Wir nutzen auf unserer Webseite den Dienst Friendly Captcha, der es ermöglicht zu unterscheiden, ob die Dateneingabe durch eine natürliche Person oder automatisiert bzw. maschinell erfolgt. Dabei wird die IP-Adresse sowie ggf. weitere von Friendly Captcha für den Dienst benötigte Daten an Friendly Captcha weitergeleitet. Die IP-Adresse der Webseitenbesucher wird von Friendly Captcha umgehend anonymisiert. Die Verarbeitung der Daten erfolgt gem. Art. 6 Abs. 1 S. 1 lit. f DSGVO. Unser berechtigtes Interesse ist die Feststellung, ob eine Anfrage tatsächlich von einer natürlichen Person stammt und bearbeitet werden muss und so unnötiges Aussortieren von Spam-Mails zu vermeiden. Weitere Informationen zum Datenschutz bei Friendly Captcha finden Sie in deren Datenschutzerklärung: https://friendlycaptcha.com/de/legal/privacy-end-users/ Empfänger der Daten: Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee

7. Data processing when participating in a webinar:

We process the following types of data for registration for the webinar: Name details, email address, telephone number, company affiliation if applicable. The legal basis is Art. 6 para. 1 lit. b), f) DSGVO. The purpose of the data processing is the implementation of the webinar and thus the processing of the contract with you or the company, job or other institution to which you belong. Our legitimate interests are the organisation of the webinar and the associated standardisation and simplification of communication or data exchange through the use of the online service used for this purpose. Access to your data is granted to our marketing/sales staff, who need to handle this data in order to fulfil their tasks. After completion of the webinar and expiry of the subsequent retention periods, we will delete your data if we no longer need it for the assertion, exercise or defence of legal claims. During the webinar, user data as well as usage data (chat logs, communication metadata, duration of participation) will also be collected from you via the online service we use (MS 365) and stored for at least 90 days. We use Microsoft Teams to conduct the webinar. The recipient of the data processed is Microsoft Ireland Operations Limited. The associated data transfer is secured via EU standard contractual clauses that we have concluded with the service provider. No other data transfer to third countries takes place.