DATA PRIVACY STATEMENT BIRKLE IT AG
State: November 22. 2023
1. Subject matter and scope
We take the protection of your personal data very serious. In this data privacy statement, we inform you on which personal data we gather, and for which purposes this data is processed. We always treat your personal data in accordance with the legal regulations for data protection as well as this data privacy statement.
2. Responsible authority
birkle IT AG Leopoldstr. 16 80802 Munich Phone: +49 89 413251 E-Mail: info@birkle-it.com
3. Data protection supervisor
Christian Schmoll Lawyer, IT law specialist Kaiserplatz 2 80803 Munich datenschutz@birkle-it.com
Affected people, that have questions or suggestions relating to data privacy, can directly contact our data protection supervisor at any time.
4. Visiting the website
Every time you access our website, our system automatically gathers data and information from the computer system of the accessing computer. The IP address of the device you are using must be processed in order for the website to be properly displayed in your browser. On top of that, further information about the browser of your device is required.
Due to data privacy laws, we are obliged to ensure the confidentiality and integrity of personal data processed through our IT systems. Furthermore, the data is also used to resolve errors in the website.
For these reasons the following data is logged:
* IP address of the accessing computer
* Operating system of the accessing computer
* Browser version of the accessing computer
* Name of the accessed file
* Date and time of access
* Transferred data volume
* Referring URL
This data is deleted after 7 days. Our website is hosted by a service provider on the basis of order processing in accordance with article 28 GDPR.
The legal basis for this data processing is article 6 section 1 letter f GDPR. Our prevailing legitimate interest is the operation of this website and the implementation of the protection goals of confidentiality, integrity and availability of the data.
5. Establishment of contact and customer database
If you contact us, in order to request information or an offer, your submitted data is stored for processing your request. Requests are stored in our CRM system. This data can be used by us
for direct advertising measures. You can contradict such usage for direct advertising measures at all times. Details on your right of objection can be found below in the section „right of objection“.
The CRM system is regularly reviewed, to check if data can be deleted. If data is not necessary anymore in the course of customer or interested party relationships, or if a contradictory interest of the customer overweighs, we will delete the affected data, as far as no legal retention requirements object the deletion.
The legal basis for this deletion and processing is article 6 section 1 letter f GDPR. Our overriding legitimate interest in doing so is the maintenance of communication with our customers, interested parties and suppliers, the maintenance of our customer relationships and the execution of direct marketing measures. If the establishment of contact aims towards the conclusion of a contract, article 6 section 1 letter b GDPR serves as a further legal basis.
6. Service provision (customers and suppliers)
We process the data of our customers and suppliers or service providers in the course of execution of the respective contractual measures. In doing so, inventory data (for example last and first name of the contact person, address), contact data (for example e-mail address, phone number), contract data (for example subject matter of the contract, runtime), payment data and data that is collected in the course of service provision or is necessary for service provision, will be processed if necessary.
The legal basis for this storage and processing is the fulfillment of contract or the execution of precontractual measures according to article 6 section 1 letter b GDPR.
7. Cookies
Our website uses cookies. Cookies are information, which is transferred from our webserver or webservers of third parties to your browser, and are stored there for later retrieval. Cookies can be small files or other types of information storage. The information which is deposited in cookies, results in relation to the specific used device. Cookies contain a characteristic character string, which enables a clear identification of the browser on a revisit of the website. Moreover, a cookie contains an indication of its heritage and duration of storage. However, this does not mean that we therefore immediately receive knowledge of your identity.
We use cookies, to provide a more user-friendly experience on our website.
We utilize so-called session cookies, which are only stored for the duration of the respective visit on our website (for example to enable the storage of your shopping cart contents). A session cookie contains a randomly generated unique identification number, which is called session ID. Session cookies are automatically deleted after leaving our website
Furthermore, we use temporary cookies, which are stored by us on your device for a certain time period (so-called first-party cookies). If you revisit our website, it automatically recognizes that you have already been here, and which inputs and settings you have entered, so you don’t have to enter them again.
Besides that, we use cookies for further purposes, for example for the purpose of web analysis. These cookies are also automatically deleted after a respectively defined time period. This usage is explained in greater detail in the following paragraph.
You have the possibility to reject the placement of cookies through according settings in your browser. However, we would like to point out that if doing so, the usage of our websites may only be possible to a limited extent. Cookies do not install or start software or other applications on your computer.
You can object the usage of cookies, which serve the purpose of range measurement or advertising on the deactivation site of the Network Advertising Initiative (http://optout.networkadvertising.org/) as well as the American website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/). The legal basis for the processing of personal data under usage of cookies is article 6 section 1 letter f GDPR. Our overriding legitimate interest is the operation, analysis and optimization of our website and our customer interactions.
8. Google Analytics
We utilize web analysis services on our website or on parts of the website, to capture how our website is used by its visitors and to optimize the website altogether and its visual representation.
We utilize the web analysis service Google Analytics with IP anonymization. Google Analytics is a web analysis service of Google Ireland Limited („Google“). Cookies are used in the course of Google Analytics. Moreover, the transmission of data to the USA takes place. In the course of IP anonymization, the gathered IP address of Users of our website inside of the European Economic Area is shortened before it is transmitted to the USA. Only in exceptional cases the unshortened IP address is transmitted to Google in the USA and shortened there. The transmitted IP addresses are not merged with other data from Google
You can prevent the storage of these cookies through an according to setting in your browser. Beyond that, you can prevent Google from collecting and processing data which is produced by the cookie and relates to your usage of the online offer, by installing a browser plugin which tells Google Analytics via JavaScript that no data and information relating to visits of websites may be transmitted to Google Analytics. This plugin is available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de
When using Google Analytics, the transmission of personal data into a third country outside of the EU takes place. Google owns a privacy shield certificate, downloadable here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Therefore, appropriate safeguards for a transmission exist according to article 46 GDPR.
The legal basis for this data processing under usage of web analytics is article 6 section 1 letter f GDPR. Our legitimate interest is the analysis, optimization and economical operation of our website and our customer interactions.
9. Google Maps
On our website, we use the Google Maps (API) Service of Google Ireland Limited. Google Maps enables the depiction of interactive maps. When accessing subpages of the website on which Google Maps is used, information about your usage of our website (for example your IP address) is transmitted to Google’s servers in the USA and stored there.
When using Google Maps, a transmission of personal data into a third country outside of the EU takes place. Google owns a privacy shield certificate, downloadable here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Therefore, appropriate safeguards for a transmission exist according to article 46 GDPR.
The legal basis for this data processing under usage of web analytics is article 6 section 1 letter f GDPR. Our legitimate interest is the analysis, optimization and economical operation of our website and our customer interactions.
10. Social Media-Buttons
Social media buttons of the social media networks Twitter, Xing, Instagram and LinkedIn are integrated in our website.
If you click on one of these social media buttons, you will be redirected to our pages on the corresponding social media network. In this case, the provider of the respective social media network receives the information that your browser visited the according page of our website, even if you don’t have an account on the respective social media network or aren’t logged in there. This information (including your IP address) is directly transferred by your browser to a server of the respective provider. If you click on a social media button and are either logged in to the social media network, or log in on the site of the respective social media network, the transmitted information can be assigned to your account on the social media network.
For information on the purpose and extent of data collection and processing through the provider of the respective social media network, the provider identification, a contact opportunity and your rights and settings options concerning data privacy, please view the respective data privacy statements of the social media network providers.
The legal basis for the integration and usage of social media buttons is article 6 section 1 letter f GDPR. Our overriding legitimate interest is the marketing of our offers and our website.
11. Social Media-Pages (“Fan pages”)
We maintain a publicly accessible profile on the social media networks Twitter, Xing, Instagram, and LinkedIn („social media pages“ or „fan pages“).
If you visit one of our social media pages and are logged into the respective social media network, the provider of the respective social media network can analyze your user behavior and assign the collected information to your account on the social media network and enrich the information there. Even if you’re not logged in or do not have an account on the respective social media network, data relating to your person can be collected from the provider of the respective social media network, for example your IP address or data, which was collected through a cookie.
The providers of the social media networks can create user profiles by using this data. With the aid of your user profile, interest-based advertisements can be displayed on the websites of the social media network as well as other websites. If you visit one of our social media pages, we are responsible together with the provider of the social media network for the collection and processing of your data which takes place there. Regarding information on the collection and processing of your personal data which takes place there we refer you to the data privacy statements of the respective social media network. We do not have further information on this topic.
Information on appropriate guarantees for data transmission to third countries according to article 46 GDPR will be provided anytime on your request. Your rights as an affected person according to chapter 3 GDPR (right of disclosure, correction, deletion and limitation of the processing, data portability etc.) can be asserted against us as well as the provider of the respective social media network. In this context, we would like to mention that the processing of personal data and the implementation of rights of affected people in the course of our social media pages can only be influenced by us to the extent possible through the measures made available by the respective provider.
The legal basis for our usage of social media pages is article 6 section 1 letter f GDPR. Our overriding legitimate interest is the presence and marketing of our products and services on the internet. Twitter’s data privacy statement can be found under https://twitter.com/de/privacy.
Xing’s data privacy statement can be found under https://privacy.xing.com/de/datenschutzerklaerung.
Instagram’s data privacy statement can be found under https://help.instagram.com/519522125107875. LinkedIn’s data privacy statement can be found under https://www.linkedin.com/legal/privacy-policy.
12. Leadfeeder
Our website uses the technologies of Dealfront (Liidio Oy as part of Dealfront Group GmbH) (“Dealfront”) to analyze visitor behavior. In this process, the IP address of a visitor is processed. This processing has the purpose of helping us understand which businesses (B2B) are visiting our site, by enriching IPs with associated information such as the company name or industry code. To do this, at the beginning of the visitor’s session, their IP address and corresponding session data is matched against a large whitelist of known companies. Whenever we process website traffic data, this is based on our legitimate interest (Art. 6 (1) lit. fGDPR) in optimizing our products, services, sales and marketing. To prevent this processing activity, you (website visitor) may install and configure appropriate ad-blockers or use no-script-plugins in your browser. The data will be deleted as soon as it is no longer required for its intended purposes. Statutory retention obligations can lead to a longer retention period of the data in question. We have concluded a data processing agreement with Dealfront in order to ensure compliance with applicable data protection standards.
13. Fonts
In order to present the contents of our website correctly and graphically appealing on all browsers, we use font libraries on this website. Invoking font libraries automatically causes a connection to the provider of the library. Thereby, the provider receives the information, that the font required for our website has been accessed from your IP address.
You can prevent a usage of such libraries along with the accompanying data transmission, by installing a JavaScript Blocker (for example www.noscript.net). We utilize Google Webfonts of Google Ireland Limited (https://www.google.com/webfonts/). In the course of the usage of Google Webfonts a transmission of data into the USA takes place. Further information on the data processing by Google can be found in Googles data privacy statement https://www.google.com/policies/privacy.
Google owns a privacy shield certificate, downloadable here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Therefore, appropriate safeguards for a transmission exist according to article 46 GDPR.
The legal basis for this data processing under usage of web analytics is article 6 section 1 letter f GDPR. Our legitimate interest is the optimization and the economical operation of our website and our customer interactions which take place on the site.
14. Applications
We collect and process personal data of applicants for the purpose of processing the application process in the Teamtailor Applicant Tracking System to manage recruiting activities. The lawfulness of the processing of personal data is our legitimate interest to simplify and facilitate recruitment.
Personal data is collected directly from a candidate, through the activities performed and systems used by the candidate and from external sources such as public and private registers or other third parties. Personal data categories:
* Identification data such as name, contact details such as an address, telephone number, email address, the language of communication.
* Data about relationships with legal entities, such as data submitted by the candidate or obtained from public databases or third-party service providers, such as Facebook, Linkedin, Xing, or other public sources.
* Professional data such as education, professional career, and duration, job title, licenses, training certificates.
* Communication and device data such as the data contained in messages, emails, visual images, video and/or audio recordings, as well as other conversations and interactions, collected when the candidate participates in a job interview, from candidate’s application and/or activities in birkle IT communication tools.
* Demographic data such as country of residence, citizenship.
We prioritize personal integrity and therefore work actively to ensure that personal data is processed with utmost care. We take the measures that can be reasonably expected to make sure that the personal data is processed safely and in accordance with the law. However, transfers of information over the internet and mobile networks can never occur without any risk, so all transfers are made on the own risk of the person transferring the data. It is important that applicants also take responsibility to ensure that their data is protected. It is the responsibility of the applicant that their login information is kept secret.
If we conclude an employment contract with an applicant, the transmitted data will be processed for the purpose of carrying out the employment relationship in compliance with the statutory provisions.
If no employment contract is concluded with the applicant, the application documents will be stored for three additional years after the recruitment process to record your recruiting activity with us and be able to inform you of new relevant vacancies within that timeframe.
After the legal maximum storing period, all application documents will be deleted, provided that deletion does not conflict with any overriding legitimate interest, such as the defense of claims or a function to preserve evidence in accordance with the German General Equal Treatment Law (Allgemeines Gleichbehandlungsgesetz (AGG)). To prolong the storing period birkle IT will ask for your consent.
The legal basis for this storage and processing is the fulfillment of the contract or the implementation of pre-contractual measures pursuant to Art. 6 para. 1 b) GDPR.
15. Age restriction
This website is not determined or conceptualized for children under the age of 16. We do not knowingly gather personal data from or about people under 16.
16. Recipients of data
Within our company, the internal departments or organizational units only receive your data, if it is required to fulfill their tasks, for the fulfillment of contracts if applicable, for data processing with your consent or to safeguard our overriding legitimate interests.
Passing on data to third parties only takes place in the course of the legal regulations. We only transfer your data to third parties, if for example this is necessary for contractual measures on the basis of article 6 section 1 letter b GDPR or to safeguard our overriding legitimate interests for an effective execution of our business operation according to article 6 section 1 letter f GDPR.
As far as we utilize service providers or third parties in the course of providing our website and/or providing our services, we take appropriate legal measures as well as corresponding technical and organizational measures, to take care of safeguarding your personal data.
As far as we utilize contents or tools of service providers or third parties, which reside in a third country, to provide the website and/or provide our services, a data transfer into a third country regularly takes place.
Third countries are countries in which the GDPR is not a directly applicable law, therefore countries outside of the EU or the European Economic Area. The transmission of data into third states only takes place, if either an adequate level of data privacy protection, a consent note or an other legal permission, especially an appropriate guarantee according to article 46 GDPR, is present. It is possible, that we acquire or sell the business, parts of the business or single assets. In connection with such a sale, fusion or reorganization or a similar event, personal data can be transmitted. In this case, your personal data will of course continuously be processed in accordance with this data privacy statement. The legal basis for such a transmission is our overriding legitimate interest according to article 6 section 1 letter f GDPR for an effective operation and advancement of our business process.
17. Your rights
You have the right to free of charge disclosure about your stored personal data, it’s origin and recipients and the purpose of the data processing, and a right to correction, blockage or deletion of this data. Furthermore, you have the right to limitation of the processing and to appeal against the processing.
Moreover, you have the right to have your data, which we have automatically processed, handed over to yourself or a third person in a current machine-readable format.
To enforce your rights, please contact us under the contact data of the responsible authority listed above.
Furthermore, you are entitled to a right of appeal at the responsible data protection supervisory authority. The responsible data protection supervisory authority is the Bavarian Office for data security (Bayerisches Landesamt für Datenschutzaufsicht (https://www.lda.bayern.de)).
18. Revocation of consent
Some data processing operations are only possible with your explicit consent. You can revoke an already granted permission at all times. For this purpose, all you need to do is send us an informal message via e-mail. The legality of the data processing which took place until the revocation remains untouched by the revocation.
19. Right of objection
As far as your data is processed to safeguard our overriding legitimate interests, as mentioned in this data privacy statement, you can object this processing with effects in the future. To do so, please contact us under the contact information listed above.
You are basically only entitled to this right of objection if reasons exist, which result from your particular situation (article 21 section 1 GDPR). After exercising your right of
objection, your personal data will no longer be processed for these purposes, except if we prove that we have mandatory protection-worthy reasons for the processing, which override your interests, rights and freedoms, or if the processing serves the purpose of assertion, exertion or defense of legal claims.
If the processing takes place for the purpose of direct advertisement, you can exercise your right of objection concerning this matter at all times (article 21 section 2 GDPR), and then your personal data will no longer be processed for the purpose of direct advertisement, regardless of the reasons for the objection.
20. Obligation of provision of data
The provision of personal data is neither legally nor contractually required, you are also not obligated to provide personal data. However, the disclosure of personal information for conclusion and fulfillment of contracts is insofar necessary, as certain information is absolutely necessary for being able to fulfill or conclude a contract.
21. Automated decision making
We do not conduct automated decision making, including profiling.
22. Storage and deletion
We abide by the basic principles of data avoidance and data economy. Therefore, we only store your personal data as long as this is necessary for achievement of the purposes listed here or for as long as the storage periods provided by legislation intend.
If the storage purpose is omitted or the storage period intended by legislation runs out, the personal data will be blocked or deleted routinely and according to the legal regulations.
23. Technical and organizational measures of data security
We take organizational, contractual and technical safety measures conforming to the state of the art, to make sure that the regulations of the data security laws are abided and to safeguard the data processed by us against random or intentional manipulation, loss, destruction or against the access of unauthorized people.
24. Changes to this data privacy statement
We reserve the right to occasionally adapt this data privacy statement, so that it always complies with the current legal requirements or to implement changes of our services in the data privacy statement, for example the introduction of new services. If you revisit the website, the new data privacy statement applies.
