In principle, it is possible to use the ARWA Personaldienstleistungen GmbH website without entering any personal data. If a data subject wishes to make use of specific services from our company via our website, the processing of personal data may be necessary. If there is no legal basis for the processing of personal data, then we will generally obtain consent for it from the data subject. Data processing is done in accordance with the requirements of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) exclusively for the realisation of the contractual purposes, on the basis of consent which has been given or on a legal basis. We also inform data subjects of their rights. We therefore request that you take note of the following information regarding the handling of your data.
As the data protection controller, we have implemented numerous technical and organisational measures in order to ensure the protection of the personal data processed through this website with as few gaps as possible. However, online data transmissions may have fundamental security holes, meaning that absolute protection cannot be assured.
1. Name and address of the controller
The controller according to law is:
1.1. Contact details for the Data Protection Officer
The controller’s Data Protection Officer can be reached at:
You Logic AG
2. Subject of data protection
The subject of data protection is personal data.
According to the Federal Data Protection Act (BDSG), personal data is specific information about the personal or material circumstances of a specific or identifiable natural person. Furthermore, the GDPR defines “personal data” as all information which relates to an identified or identifiable natural person. A natural person who can be directly or indirectly identified, in particular by means of attribution to an identification such as a name, an identification number, location data or online identification data, is considered to be identifiable.
A data subject is any identified or identifiable natural person whose personal data is processed by the processor.
Processing is an process carried out with or without the help of automated procedures or any such series of processes in connection with personal data, such as the collection, recording, organisation, ordering, storage, amendment or modification, reading, querying, use, publication through transmission, dissemination, comparison or linking, restriction, erasure or destruction.
3. General information concerning data collection
Whenever a website is accessed by a data subject or an automated system, this website collect a range of general data and information.
The following data is collected in this process:
- Information concerning the browser type and version used
- The user’s operating system
- The user’s Internet Service Provider
- The user’s IP address
- Date and time of access
- Websites from which the user’s system accesses our website
- Websites which are accessed by the user’s system via our website
This general data and information is stored in the web server’s log files. The browser type and version used, the operating system used by the accessing system, the website from which an accessing system accesses our website (so-called referrer), the sub-sites on our website which an accessing system visits, the date and time of access to the website, an Internet Protocol address (IP address), the Internet Service Provider for the accessing system and other similar data and information which is used for emergency response in the event of attacks on our IT systems may be recorded.
In the event of use of this general data and information, no conclusions are drawn about the data subject. We are not able to attribute this data to specific individuals. This data is not combined with other data sources. Rather, this information is required in order to correctly deliver the content of our website, to optimise the website and advertising for it, to ensure the ongoing functionality of our IT systems and the technology of our website and to provide the information required for prosecution to the law enforcement authorities in the event of a cyber attack. This anonymously collected data and information is therefore subjected to statistical analysis on the one hand and is furthermore analysed with the aim of improving data protection and data security within the company in order to ultimately ensure an optimal level of protection for the processing of personal data. The anonymous data in the server log files is stored separately from all personal data given by a data subject. The data is erased after statistical analysis.
3.1. Provision of the website
You can visit our website without providing any information about yourself. We only store access data with no references to persons, such as the name of your Internet Service Provider and the website from which you visit our website or the name of the requested file, for example.
This data is collected on a statistical basis in server log files, stored and exclusively used to improve our offering. This pseudonymous data is not combined with your personal data.
We do not store other personal data.
If the programming on our website allows your browser to load data from servers which are operated by third parties, we are not ourselves involved in this data transmission.
Personal data is only collected if you voluntarily provide it to us for the execution of a contract. Erasure of your applicant account is possible at any time and can be done by sending a message to the contact details set out below. We store and use the data which you provide to us for contract execution. After full execution of the contract or erasure of your customer account, your data is blocked with regard to the storage periods defined in tax law and commercial law, and erased upon expiry of these periods if you have not expressly consented to further use of your data or legal further use, on which topic we will provide you with more information below, has not been reserved on our part.
Many cookies contain a so-called cookie ID. A cookie ID is a clear identification of the cookie. It consists of a character string through which websites and servers can be matched with the concrete Internet browser in which the cookie was stored. This allows the websites and servers to differentiate the data subject’s individual browser from other Internet browsers which contain other cookies. A specific Internet browser can be recognised again and identified using the unique cookie ID. A cookie can only contain information which is sent to your computer – it cannot be used to read private data. If you accept cookies on our website, we do not have access to your personal data, but your computer can be identified with the help of the cookies.
Cookies may be used in order to (I) recognise you again on your next visit to our online offering, (II) present content on the web pages of our online offering or our partners which is specially tailored to your interests (including online advertising), (III) take your preferences into consideration, (IV) carry our research and diagnostic analysis to improve our content, products and services or (V) improve the security of your data. Our own cookies or cookies from third party providers are used for these purposes.
Most browsers (e.g. Firefox, Chrome, Internet Explorer, Safari, etc.) accept cookies as standard. However, you can set you browser so that you are informed about cookies and make decisions about their acceptance on a case by base basis or refuse the acceptance of cookies for specific cases or in general. The help pages for most browsers explain how you can adjust your browser settings as described above. Furthermore, you can generally also learn there what you need to do so that your browser informs you when new cookies are received and how you can switch off or erase all cookies which have been received. You can switch off of erase similar functions (such as Flash cookies), which are used by so-called browser add-ons, by changing the settings for the browser add-on or via the browser add-on manufacturer’s website. However, would like to expressly note that certain features of our website will not be available to you and some web pages may not be displayed correctly if you deactivate cookies.
3.3. Contact form and email contact
There is a contact form on our website which can be used to contact us electronically (e.g. for a job offer). If a user makes use of this option, then the data entered on the input screen is communicated to us and stored. This data is:
- Email address
- Subject / message
The following data is also stored when the message is sent:
- The user’s IP address
- Date and time of registration
Alternatively, you can contact us using the email address provided. In this case, the user’s personal data communicated with the email is stored.
Data is not disclosed to third parties in this context. We use your data exclusively to respond to your enquiry and, if the enquiry relates to a contractual relationship or a contractual relationship results from it, for initiation and handling of the contractual relationship (Sec. 28 Para 1 Clause 1, 2 of the BDSG, old version; Art 6(1) Point a, b, f of the GDPR). If you are already our employee or become our employee in the future, we may collect, store, amend and communicate data concerning the establishment, implementation or ending of the contractual relationship without requiring your consent for this and as long as the law permits us to do so.
In other cases, i.e. as long as the contractual relationship has not yet come into being, we store your data for not longer than 2 years, or longer if the law requires us to do so. You have the right to object in relation to the data communicated to us via the contact form with effect for the future. You can exercise your right of revocation by notifying us.
4. Disclosure of personal data
Without your express consent, your personal data is solely used for the establishment, implementation or ending of contractual or similar obligations. If you have given us a separate declaration of consent for the use and disclosure of personal data, then the personal data may also be disclosed to the recipients specified therein where applicable.
If, during the course of order processing, personal data is disclosed to service providers, these are also bound by the GDPR / BDSG and other applicable legal provisions. Data processing which is exclusively bound by instructions is ensured through the conclusion of order processing agreements which comply with the GDPR requirements.
No disclosure of applicants/employees’ personal data to third parties occurs beyond this. We will disclose your personal data to institutions which are entitled to receive such data if we are required by law, by court order or on the basis of an enforceable official order to do so. Furthermore, we will disclose your personal data to third parties if disclosure is required in order to assert our rights and remedies resulting from your existing obligations or in order to protect the rights of other users and / or third parties.
We do not use the data collected for the purposes of advertising, market research or opinion research without your consent.
ARWA Personaldienstleistungen GmbH collects data for the following purposes:
- Provision of the website
- Customer support and communication with the applicant/employee (e.g. through response to their enquiries, questions and comments)
- Handling of complaints which are received in connection with our services
- Provision of an online application tool
- Publication of specific campaigns, events programmes, questionnaires and other offerings or advertising campaigns
- Analysis and improvement of services, websites; and accomplishment of activities which are associated with accounting, auditing, invoicing, account reconciliation and dunning)
- Protection against fraud, benefit claims and other obligations, as well as their coverage and prevention
Compliance with the applicable law and our policies
In addition, we use information collected using cookies and other automated processes for the following purposes:
- Day-to-day running of the business
- Diagnosis of problems which arise in connection with technology and customer service
- Administration and improvement of the website
6. Legal basis
The process personal data exclusively on the basis of an appropriate authorisation. If processing is done on the basis of consent, then the legal basis is point a of Art. 6(1) of the GDPR. If processing of personal data is required for the fulfilment of a contract in which the contracting party is the data subject, e.g. for the performance of a service, processing is done in accordance with point b of Art. 6(1) of the GDPR. This includes pre-contractual measures which may be necessary during the course of enquiries, for example. If we are subject to a legal obligation to process data, for the fulfilment of tax obligations for example, then the processing of personal data falls under point c of Art. 6(1) of the GDPR. If an individual’s vital interests are affected, in the event of a serious injury to physical integrity for example, then the necessary data may be communicated to a doctor or a hospital, for example, in accordance with point d of Art. 6(1) of the GDPR. If processing is required for the protection of a legitimate interest of our company or a third party, a data subject’s personal data may be processed in accordance with point f of Art. 6(1) of the GDPR unless the interests are outweighed by the data subject’s fundamental rights and fundamental freedoms.
7. Period for which the personal data is stored
The criterion for the storage period for personal data is the applicable legal retention period. Upon expiry of the period, the corresponding data is routinely erased unless it is still required for fulfilment of a contract or initiation of a contract.
If no specific storage period is indicated during collection (e.g. within a declaration of consent), personal data will be erased as soon as it is no longer required for fulfilment of the purpose of storage unless legal retention obligations (e.g. retention obligations according to commercial and tax law) prevent this erasure. If the purpose of storage ceases to apply or a retention period stipulated by the competent legislator expires, we will erase or block the personal data in accordance with the legal requirements.
8. Specific privacy policies for online advertising
ARWA Personaldienstleistungen GmbH attaches considerable importance to the protection of your personal data (“data”) in connection with the personnel services which we provide. Your data is collected, processed and used in compliance with the relevant data protection regulations.
8.1. Data collection
During the course of online application, we offer you the option of sending your application to us with or without registration. For use of the online application process, data is collected in the following categories:
- Master data (e.g. name, postal address, email, phone number)
- (Work) preferences (e.g. professional field, form of employment, place of employment, availability, etc.)
- Education, work experience, skills
- Application documents (e.g. certificates, references, CV, photo)
- Usage or inventory data (e.g. IP address, name of the file accessed, date and time of access, data volume transferred, notification of successful access, web browser and requesting domain)
These mandatory fields, indicated with *, require information which is necessary for the processing of your application in the application process and for us to contact you promptly.
Fur users who register, ARWA Personaldienstleistungen GmbH collects additional personal data from the user, provided during registration, for purposes of initiation and execution, where applicable, of the contract. This is the data which must be provided – such as the user’s title, name, address and email address, phone number and information concerning education and training; skills within the meaning of additional qualifications; employment preferences with information concerning professional field and the preferred place of employment, etc. Additional information is provided by the applicant on a purely optional basis.
Access to the user account is only possible with entry of your email address and personal password. Users should therefore always keep their login information strictly confidential and close the browser window as soon as communication with ARWA Personaldienstleistungen GmbH is completed, particularly if the computer is shared with other people.
All data collected by ARWA Personaldienstleistungen GmbH is transmitted over the Internet in an encrypted form with the help of Secure Sockets Layer (SSL) or TLS encryption.
ARWA Personaldienstleistungen GmbH would like to point out that data transmission over the internet (e.g. during communication via email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.If you do not wish to consent to our online application
service, you are welcome to contact us by email or on paper with your application with equal opportunities. We will simply check this application once (Art. 6(1) a, b of the GDPR).
ARWA Personaldienstleistungen GmbH uses your personal data in order to check the application with regard to suitability based on your application for initiation of a possible employment relationship where applicable, as well as to personally contact you (Art. 6(1) a, b of the GDPR).
Furthermore, it will be processed for purposes of compliance with the legal provisions and regulations such as labour law, tax and social law and the international sanctions regimes (e.g. the EU anti-terror regulations), for example.
8.3. Scope of data collection and storage and disclosure to third parties
a) ARWA Personaldienstleistungen GmbH collects and stores the data itself. Your data will not be sold or provided to unauthorised third parties.
b) If your application is successful, the data provided may be used for human resources and administrative matters during employment. Your online application will only be processed and looked at by the relevant employees at ARWA Personaldienstleistungen GmbH. All employees entrusted with data processing are required to maintain the confidentiality of your data.
c) Users only need to provide personal data for initiation and execution of a contract if it is required for the establishment and use of the account and for accomplishment of the application process. ARWA Personaldienstleistungen GmbH discloses the user’s personal data to customers insofar as this is required for the negotiation of jobs and the user has consented to it. The necessity depends on the commonly defined job and skills profile, insofar as ARWA Personaldienstleistungen GmbH considers placement with a customer to be possible. ARWA Personaldienstleistungen GmbH assures users that only data which is required for the application process is disclosed to customers. Within the context of their account, the user determines for themselves what field of the personnel recruitment service they would like to be available for.
d) If the user participates in support measures and qualification projects (e.g. from the job centre) for ARWA Personaldienstleistungen GmbH, then ARWA Personaldienstleistungen GmbH is authorised to disclose personal data to these institutions and to third parties insofar as this is required for the intended purpose and/or legally required.
e) Third parties employed by ARWA Personaldienstleistungen GmbH who carry out specific tasks for us and in accordance with our instructions may, as processors, have access to personal data. IT service providers, who undertake tasks in the fields of hosting, database management, website management, maintenance services, web analysis and the handling of incoming enquiries and data analysis, are one example of this. ARWA Personaldienstleistungen GmbH requires that the third parties who provide these services implement and maintain security measures in order to ensure the confidentiality and security of your data which we entrust to them and that they collect, process and use the personal data only in accordance with our instructions and as contractually agreed.
a) If we enter into an employment relationship with you, we will record your application data in the personnel files and store it for the duration of the employment relationship and for the legal retention periods beyond this (Art. 6(1) a, b of the GDPR). We will then inform you about our concrete data use in an employment relationship again before conclusion of the contract of employment.
b) in the event that your application cannot be taken into consideration at present, we will store the data you have provided for up to 6 months for the purpose of being able to answer possible questions in connection with your application and rejection.
8.5. Inclusion in the applicant pool
If you application is not initially considered in a current application process, it may nevertheless be the case than we offer you the option of keeping your application within an “applicant pool” in order to come back to it in the event of vacancies in the following months. In this case, we will inform you of this in advance and request your consent. We will not include your documents in the applicant pool without your consent.
If you give your consent to inclusion in the applicant pool, then you make your personal data available to us for the purpose of future searches for a suitable position.
You can withdraw your consent to inclusion in the applicant pool at any time with effect for the future and without specifying reasons.
Furthermore, you have the right to withdraw your application and request that we erase your data at any time.
9. Further privacy policies
9.1. Use of Google Analytics and Google Analytics advertising functions (with anonymisation function)
The processor has integrated the Google Analytics and Google Analytics advertising functions modules (with anonymisation function) into this website. Google Analytics is a web analysis service. Web analysis is the collection, compilation and evaluation of data on the behaviour of visitors to websites. Among other things, a web analysis service collects data on the website from which a data subject arrived at a website (so-called referrer), what sub-pages of the website were accessed or how often and for how long a sub-page was viewed. Web analysis is predominantly used for optimisation of a website and for cost-benefit analysis of online advertising.
The operating company for the Google Analytics module is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The processor uses the “_gat._anonymizeIp” add-on for web analysis using Google Analytics. Through this add-on, Google shortens and anonymises the IP address for the data subject’s Internet connection if our website is accessed from a member state of the European Union or from another state which is a party to the Agreement on the European Economic Area.
The purpose of the Google Analytics module is the analysis of visitor flows on our website. Google uses the data and information gained to evaluate the use of our website, among other things, in order to put together online reports which show the activity on our website and in order to provide other services in connection with the use of our website.
Google Analytics stores a cookie on the data subject’s IT system. Cookies have already been explained above. Storage of the cookie allows Google to analyse the use of our website. With each view of the individual pages of this website which are operated by the processor and on which a Google Analytics module has been integrated, the web browser on the data subject’s IT system is automatically prompted by the respective Google Analytics module to communicate data for the purposes of online analysis by Google. During the course of this technical process, Google gains knowledge of personal data such as the data subject’s IP address which Google uses, among other things, to trace the visitor’s origin and clicks and, as a result, to allow for commission settlement.
Personal information such as the access time, the location from which the site was accessed and frequency of the data subject’s visits to our website and demographic characteristics (age & gender) and interests are recorded using the cookies. This personal data, including the IP address for the internet connection used by the data subject, is transmitted to Google in the United State of America with each visit to our website. This personal data is stored by Google in the United States of America. Google discloses this personal data collected through the technical process to third parties under some circumstances.
As outlined above, the data subject can prevent the storage of cookies by our website at any time using the appropriate setting on the web browser they are using and thus permanently counter the storage of cookies. Such a setting in the web browser used would also prevent Google from storing a cookie on the data subject’s IT system. In addition, a cookie which has already been stored by Google Analytics can be erased at any time via the web browser or other software programs.
As an alternative to the browser add-on, particularly for browsers on mobile devices, you can prevent collection by Google Analytics by clicking on this link. An opt-out cookie will be stored, which prevents future collection of your data when visiting this website. The opt-out cookie only applies in this browser and only for our website and will be stored on your device. If you erase the cookies in this browser, you will need to stored the opt-out cookie again.
More information and the applicable Google data protection provisions can be found at https://www.google.co.uk/intl/en/policies/privacy/ and http://www.google.com/analytics/terms/gb.html. Google Analytics is explained in more detail in this link https://www.google.com/intl/en_gb/analytics/.
9.2. Use of Google Maps
9.3. Use of Facebook Pixels
9.4. Use of social plugins
Use of Facebook and Twitter
So-called social plugins (“plugins”) from the social networks Facebook, Google+ and the microblogging service Twitter are used on our website. These services are offered by the companies Facebook Inc., Google Inc. and Twitter Inc. (“providers”).
Facebook is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins can be recognised by one of the Facebook logos (white “f” on a blue tile, the term “Like” or a “thumbs up” symbol) or are indicated with the “Facebook Social Plugin” add-on. The list and appearance of the Facebook social plugins can be seen here: https://developers.facebook.com/docs/plugins/.
Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA („Twitter“). The plugins are indicated with a Twitter logo, for example in the form of a blue “Twitter bird”. An overview of the Twitter buttons and their appearance can be found here: https://about.twitter.com/en_us/company/brand-resources.html
When you access a page on our website which contains such a plugin, your browser establishes a direct connection to the Facebook or Twitter servers. The content of the plugins is communicated directly to your browser by the appropriate provider and integrated into the page. ARWA Personaldienstleistungen GmbH therefore has no influence on the scope of the data which the providers of the plugins collect with the help of these plugins and informs the use of its state of knowledge accordingly. Through integration of the plugins, the providers obtain the information that your browser has accessed the corresponding page on our website, even if you don’t have a profile or are not currently logged in. This information (including your IP address) is directly communicated by your browser to one of the appropriate provider’s servers in the USA and is stored there. If you are logged in to one of the services, the providers can directly associate the visit to our website with your profile on Facebook or Twitter.
If you interact with the plugins, for example by clicking the “Like” or “Tweet” button, the corresponding information is likewise directly communicated to the providers’ servers and stored there. The information is also published on the social network or on your Twitter account and shown to your contacts there. For the purpose and scope of data collection and the further processing and use of the data by the providers and your rights and setting options in relation to this for the protection of your privacy, please see the providers’ privacy policies.
If you don’t want Facebook or Twitter to immediately associate the data collected through our website with your profile on the corresponding service, you need to log out of the corresponding service before visiting our website. You can also entirely prevent the plugins from loading with add-ons for your browser, e.g. With the “NoScript” script blocker (http://noscript.net/).
Use of Xing
You can access the latest data protection information for the “XING share button” and supplementary information on this website: https://www.xing.com/app/share?op=data_protection.
Use of kununu
The “Kununu” button, which is maintained by Kununu GmbH, Fischhof 3 Top 7, A – 1010 Vienna, Austria, is used on this website. The operator of the Kununu website and controller according to data protection law is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.
The “Kununu” button can be recognised by the coloured lettering “ku” on a blue background. When you access a page on our website which contains such a button, your browser establishes a direct connection to the Kununu servers. The content of the button is communicated directly to your browser by Kununu and integrated into the website.
If you want to prevent the communication of data to your Kununu account, you need to log out of your Kununu account before visiting our website.
10. Rights of the data subject
If your personal data is processed, you are the “data subject” within the meaning of the GDPR and you have the following rights in relation to us as the controller. You can exercise your rights by contacting our Data Protection Officer or our service centre employees, specifying your request.
10.1. Right to information
Each individual affected by the processing of personal data has the right to receive free information from the processor concerning the personal data on file for them (purpose of processing, categories of processed data, publication to third party recipients, duration of storage, rights to blocking, erasure, complaint to the supervisory authorities, notification of automated decision-making – so-called profiling, disclosures in third countries or to international organisations) and a copy of this data.
You can request confirmation of whether personal data concerning you is processed from the controllers.
10.2. Right to rectification
Each individual affected by the processing of personal data has the right to request the immediate rectification of incorrect personal data concerning themselves. Furthermore,the data subject has the right, taking the purposes of processing into account, to request the completion of incomplete personal data – including by means of a supplementary statement.
10.3. Right to restriction of processing
Each individual affected by the processing of personal data has the right to request restriction of processing by the controllers if the requirements stipulated by the legislator in Art 18(1) of the GDPR are met.
If the processing of the personal data in question has been restricted, this data – with the exception of its storage – may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of a significant public interest for the Union or a member state.
If the restriction of processing has been restricted in accordance with the above requirements, you will be notified by the controllers before the restriction is lifted.
10.4. Right to erasure
Each individual affected by the processing of personal data has the right to request that the controllers immediately erase the personal data concerning your person, provided that one of the reason specified in Art. 17(1) of the GDPR applies.
There is no right to erasure if processing is required: for exercising the right to freedom of expression and information; for fulfilment of a legal obligation which requires processing in accordance with the law of the Union or the member states to which the controller is subject or performance of a task which is in the public interest or occurs in the exercise of official authority which has been entrusted to the controller; for reasons of public interest in the field of public health in accordance with points h and i of Art. 9(2) and Art. 9(3) of the GDPR; for archiving purposes, scientific or historic research purposes or statistical purposes which are in the public interest in accordance with Art 89(1) of the GDPR, provided that the right specified under section a) is expected to make fulfilment of the objectives of this processing impossible or seriously impede it, or for the establishment, exercise or defence of legal claims.
10.5. Right to data portability
Each individual affected by the processing of personal data has the right to receive the personal data concerning themselves which has been provided by the data subject to a controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data was provided insofar as the processing is based on consent in accordance with point a of Art 6(1) of the GDPR or point a of Art. 9(2) of the GDPR or on a contract in accordance with point b of Art. 6(1) of the GDPR and the processing is carried out by automated means.
10.6. Right to object
Each individual affected by the processing of personal data has the right to object, on grounds relating to their particular situation, at any time to the processing of personal data concerning themselves which is based on point e or f of Art. 6(1) of the GDPR. This also applies for profiling based on those provisions.
If you exercise your right to object, the company will no longer process the personal data, unless we are able to demonstrate compelling legitimate grounds for processing which override the interests, rights and freedoms of the data subject, or if processing serves the establishment, exercise or defence of legal claims.
If the company processes personal data in order to conduct direct marketing, then the data subject has the right to object to the processing of personal data for the purposes of such advertising at any time. This also includes profiling to the extent that it is related to such direct marketing. If the data subject objects to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.
10.7. Right to withdraw the declaration of consent under data protection law
Each individual affected by the processing of personal data has the right to withdraw consent for data collection and use at any time with effect for the future without specifying reasons. Withdrawal of consent does not affect the legality of the processing which has been carried out on the basis of the consent before it was withdrawn.
10.8. Right to information
If you have exercised the right to rectification, erasure or restriction on processing, we will inform all recipients to whom the personal data concerning you has been disclosed of the rectification, erasure or restriction, insofar as this does not involve disproportionate time and effort or is not impossible. You have the right to be informed of these recipients.
10.9. Questions / right to complaint to a supervisory authority
Regardless of any other administrative or judicial remedy, you have the right to complaint to a supervisory authority, in particular in the member state in which you are resident, the member state in which you work or in the place of the putative violation if you consider that the processing of personal data concerning you violates the GDPR.
The supervisory authority is the Rhineland-Palatinate Data Protection authority with its headquarters in Mainz.
11. Data security
We take internal data protection very seriously. To this end, we use modern data storage and security technologies in order to optimally protect your data. Of course, our security measures are also continuously improved in line with technological development. Our employees and the processors we use (service providers) are contractually bound to maintain confidentiality and to comply with the IT/security provisions and the applicable data protection law provisions.
We and our contractual partners protect your personal details against unauthorised access, loss, use or publication and ensure that your personal information is located in a controlled, secure environment as required by law in which unauthorised access, as well as loss or publication, is prevented.
Technical and organisational measures are taken within our company in order to ensure our company’s compliance with the legal requirements of the BDSG and the GDPR and to protect your data against damage, destruction, falsification, manipulation and unauthorised access. Your data is transmitted with encryption and stored in a database. All systems on which you personal data is stored are protected against access and are only accessible to a specific group of people responsible for human resources.
In order to avoid collecting and processing unnecessary volumes of data, we only use your personal data insofar as this is required within the context of our range of services.
Data collection is done by ARWA Personaldienstleistungen GmbH and by processors used by it.
12. Provision of personal data
We would like to inform you that the provision of personal data is legally required to some extent (e.g. tax regulations) or may result from contractual arrangements (e.g. information about the contractual partner). It may sometimes be necessary for the data subject to provide us with personal data for the conclusion of a contract which we must them process. The data subject is required, for example, to provide us with personal data if our company concludes a contract with them. Failure to provide the personal data will result in an inability to conclude the contract with the data subject. Before providing personal data, the data subject must contact out Data Protection Officer. Our Data Protection Officer clarifies to the data subject, for the specific case, whether the provisions of personal data is legally or contractually required or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences of failure to provide the personal data would be.