PRIVACY POLICY
Subject
In the following, we would like to inform you about which of your personal data we process when you use our offers and the processes described below.
Personal data (hereinafter referred to as “data”) is all information that can be related to you personally, e.g. your name, your e-mail address and your use of our offers.
Controller
The “controller“ within the meaning of the General Data Protection Regulation (GDPR) (responsible person) is SmartStep Data Institute GmbH, Alter Teichweg 25a, 22081 Hamburg, Germany, contact@smartstep-data-institute.de.
You can contact our data protection officer by e-mail at contact@smartstep-data-institute.de or by post to our address, with the addition “the Data Protection Officer”.
Browser data
When you visit our website, the web-server, on which our website is hosted, automatically collects the following data which is transmitted by your browser:
- IP address of your device
- Date and time of the request
- Content of the request (specific page)
- Access status and transferred data volume
- Product and version information of your browser
- Operating system of your device
- The website from which our website was accessed
This data is necessary for us to display our website, and ensure the stability and security of our website. The recipient in this context is our server host.
The IP address of your device is only stored for the time you use the website and is then immediately deleted or anonymised.
The legal basis is Art. 6(1), subparagraph 1(f) GDPR, whereby our legitimate interests arise from the aforementioned purposes.
Functional Cookies
We use cookies to facilitate your use of our website.
Cookies are small text files that are sent to your browser by our web server when you visit our website and are stored on your computer for later retrieval. Cookies enable us to identify your internet browser.
We use cookies to access your preferences, enter your personal data into the input mask in future interactions with our website, or validate your authorization.
Session cookies are automatically deleted when you close the browser. Other cookies are automatically deleted after a preset period, which may vary depending on the cookie. You can find the exact storage period in your browser settings.
You can configure your browser settings according to your requirements, for example, you may refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all of the functions of this website if you do so.
You may delete the cookies in the security settings of your browser at any time.
The legal basis is Art. 6(1), subparagraph 1(f) GDPR, whereby our legitimate interests arise from the aforementioned purposes.
Your Enquiry
We provide various methods for contacting us, e.g. our address, our e-mail address, our telephone number and our social media.
When you contact us, we use the information which you provide, such as your e-mail address, your name and the content of your enquiry, in order to process your request.
During the communication, we may also use Messenger. You are entitled to use our other means of communication at any time. The Messenger provider cannot access the message content If the end-to-end encryption is used. However, the Messenger service provider may have access to the information that a communication was made, and which device was used. This information is processed by the Messenger provider, the privacy policy of the Messenger provider applies.
We delete the data that is collected in this process when it is no longer necessary, or we restrict processing if there are legal storage obligations to do so.
The legal basis is Art. 6(1), subparagraph 1(b) GDPR.
Applications
We publish job advertisements for recruitment purposes.
To process your application, we need certain data from you.
In addition to your name and contact details, we also need and process your other applicant data, e.g. your application letter, CV, certificates or interview notes.
We delete the data collected during the application process when the data is no longer needed for the purpose of the application. This is the case after a maximum of six months subsequent to the completion of the application process if the applicant has not been appointed. This does not apply if legal regulations do not permit deletion, if the data is required for the provision of evidence, or if you have expressively agreed to a longer storage period.
If we request your consent, e.g. to store your data for a longer period of time, the legal basis is Art. 6(1), subparagraph 1(a) GDPR, § 26(2) BDSG (German Data Protection Act). Otherwise, the legal basis is Art. 6(1), subparagraph 1(b) GDPR, § 26 BDSG.
Business Relationship
We require personal data for the conclusion and execution of contracts for the services offered either by us or by you.
Within the context of initiation or implementation of the contract, we require your personal data for the establishment, implementation and termination of the contractual relationship and fulfilment of the associated contractual obligations. We process your data in order to fulfil the contract with you, as well as to comply with existing legal requirements, e.g. commercial or tax law. This may include the transfer of data to subcontractors, payment service providers or authorities.
According to commercial and tax law requirements, we are obliged to store the contract data for ten years. However, we restrict processing after two years, i.e. your data is only be used in order to comply with legal obligations.
The legal basis is Art. 6(1), subparagraph 1(b) GDPR.
Credit assessment
In individual cases, we reserve the right to obtain credit information from credit agencies prior to the conclusion of a contract if we are obliged to make significant advance payments. This is to protect against payment defaults.
The data communicated by the credit agency is deleted after the decision regarding the conclusion of the respective contract.
The legal basis is Art. 6(1), subparagraph 1(f) GDPR, whereby our legitimate interests arise from the aforementioned purposes.
Advertisements to existing customers
If you become a customer, we may use your e-mail address to offer you advertisements for similar goods or services.
You can object to this advertising at any time, in particular by informing us via the contact details given in the Legal Notice. If we do not send you any advertisements for a period of two years, we will bar your e-mail address from receiving advertising. The commercial and tax law provisions relating to your purchase from us apply to the storage of your e-mail address accordingly.
The legal basis is Art. 6(1), subparagraph 1(f) GDPR in conjunction with § 7(3) UWG (German Act Against Unfair Competition), whereby our legitimate interests arise from the aforementioned purposes.
Third party services
We use third-party services to optimise our offers.
A direct connection to the servers of the third-party provider may be established when you visit an offer that contains such a service. The third-party provider therefore receives information that you or your IP address have accessed the corresponding page of our offer.
If you are logged in to the service provider, the third-party provider can assign the visit to our offer to your account. If you interact with the services, for example by clicking a button, this will be transmitted directly from your end device to the third-party provider. If you do not wish for collection of your personal data by a third-party provider with whom you have an account, you must log out of the respective account before visiting our offers.
In some cases, identification and recognition procedures are used, which are stored on your device and/or are generated from automatically transmitted information. These may include cookies or fingerprint procedures. If necessary, we can provide a tool with which you can control the use of these procedures.
Please refer to the data protection declarations of the respective provider for the scope of collection and use of your data as well as your rights and setting options for protection of your privacy by the third party provider.
Embedded services:
We embed third-party services to make our offers more informative by the provision of additional services.
Specifically, we embed services from the following providers on our website:
- Google Maps – Website: https://cloud.google.com/maps-platform ; Privacy Policy: https://policies.google.com/privacy
If Google services are embedded, Google fonts are also loaded: Google Fonts – Website: https://fonts.google.com/ ; Privacy Policy: https://policies.google.com/privacy
Analysis services:
We use analysis services to record and statistically evaluate the user behaviour of visitors to our offers and to use the results to improve our offers and make them more interesting to you as a user.
In detail, we use the following analysis tools on our website:
- Google Analytics – Website: https://marketingplatform.google.com/intl/de/about/analytics/ ; Privacy Policy: https://policies.google.com/privacy
If we request your consent for use of the services, the legal basis is Art. 6(1), subparagraph 1(a) GDPR. Otherwise, the legal basis is Art. 6(1), subparagraph 1(f) GDPR, whereby our legitimate interests arise from the aforementioned purposes.
Service provider
We have concluded corresponding contracts with service providers who cooperate with us for processing in accordance with Art. 28 GPDR.
If we utilise service providers in so-called third countries outside the European Union or the European Economic Area, on the basis of special guarantees such as contractual obligations, your data will only be processed in third countries with a level of data protection which is approved according to the standard data protection clauses of the EU Commission.
We will be glad to provide you with more detailed information on request.
Presentations on social media
We make presentations on social media to communicate with our customers, interested parties and users and inform them about our services. In general, cookies are stored on the users’ computers. Cookies are small text files which are stored on the hard drive, from which the site which sets the cookie (in this case the social network) can obtain certain information.
Cookies enable the creation of statistics on the use of a presentation on the social network. For this reason, we have concluded an agreement on the joint control of the processing of personal data. The processing may take place regardless of whether you have a profile on the social network and are logged in to it during your visit. In addition, user data is also regularly used for advertising purposes by creating user profiles (especially of registered users) for usage behaviour. User data is also used to place suitable advertisements. The social network can also associate the visit to our presentation with your profile. In relation to our posts or visits to our presentation, we can view statistics (esp. demographic and geographic) about usage in anonymized form. If necessary, the social network offers you a tool or setting options with which you can control the use of these procedures.
The legal basis for the operation of our presence on social media is Art. 6(1), subparagraph 1(f) GDPR. Our legitimate interest is the comprehensive and optimised information of users. We wish like to point out that only the relevant social network has access to the full data and therefore any demand for information should be made directly to the social network.
Joint Controller agreement:
The social network may provide us with information about the behaviour of visitors to our presentation, but only in the form of statistics. The insights gained help us to improve our offers and make them more interesting to you as a visitor. We have entered into a joint controller agreement with the social network for this purpose, in connection with the collection of data from our visitors.
In detail, we have concluded an agreement with the following social networks:
- LinkedIn – Website: https://de.linkedin.com/ ; Information on Joint Controllership: https://legal.linkedin.com/pages-joint-controller-addendum ; Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Information, including the nature, scope and purpose of processing and exercise of your rights can be found in the information provided.
Your rights
You have the following rights with respect to your data:
- Right to information
- Right of correction or deletion
- Right to limit processing
- Right to object to processing
- Right to data transferability
- Right to complain to a data protection supervisory authority
If you have granted us permission to process your data, you may revoke this permission at any time with effect for the future.
You can object to direct mail at any time. If your particular circumstances require, you can also object to processing at any time on the basis of Art. 6 (1), subparagraph 1.