Privacy policy

Thank you for your interest in our company. Below we inform you in detail about our handling of personal data when using our services. If there is no legal basis for processing, we generally obtain your consent.
Since new technologies and constant further development may result in changes to this data protection declaration, we recommend that you check the data protection declaration at regular intervals for updates.

Definitions of the terms used within this Privacy Policy (e.g. "personal data" or "processing") can be found in Art. 4 GDPR. 

If you have any questions or suggestions regarding data protection, you can contact our data privacy officer directly at any time:  

Mr. Marcel Hoffmann
Telephone: +49 (0)7361 55986-30
E-mail: seydelmann@aantispy.de 

The PGP key for encrypted communication with our data protection officer can be found at: https://aantispy.de/FTP/public/PGP_seydelmann.txt.  

 a) Processing and purpose
We maintain online presences within social networks and process user data in this context in order to communicate with users who are active there or to offer information about us, as well as to recruit specialist personnel and illustrate our products and services. We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights.
Furthermore, user data is usually processed within social networks for market research and advertising purposes. For example, usage profiles can be created based on the usage behavior and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and interests of the users are stored. Furthermore, data independent of the devices used by the users may also be stored in the usage profiles (especially if the users are members of the respective platforms and are logged in to them).
For a detailed presentation of the respective forms of processing and the options to object (opt-out), we refer to the privacy statements and information provided by the operators of the respective networks.
In case of requests for information and the enforcement of data subject rights, we also point out that these can be asserted most effectively with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still need help, you can contact us.  

If you interact with our contributions, we do believe that you do so - especially as a user of the respective network – in an informed manner and out of no compulsion whatsoever.
Since we neither encourage you to use the networks nor derive data operations from requests that go beyond the specific request itself, the provision of the requested content is necessary for us to meet your request or interest. For these reasons, we do not see any conflicts of interest.
As a company, we do not derive any further benefit from statistics or profiles that may be created by the respective network operator.  

These are the following networks/services:  

• "Facebook" (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) https://www.facebook.com/privacy/explanation 
• "Instagram" (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) https://help.instagram.com/519522125107875 
• "Twitter" (Twitter, Inc. 1355 Market St, Suite 900, San Francisco, CA 94103, USA), https://twitter.com/privacy?lang=de 
• "Xing" (XING AG, Dammtorstrasse 30, 20354 Hamburg, Germany) https://privacy.xing.com/de/datenschutzerklaerung
• "LinkedIn" (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA), https://www.linkedin.com/legal/privacy-policy 
• "Youtube" (Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland) https://policies.google.com/privacy 

 b) Legal basis
The legal basis for data processing is Art. 6 para. 1 (f) GDPR. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.
Furthermore, we assume the use of EU standard contractual clauses for networks located outside the EU.  

c) Storage period
The storage period of the data collected and processed by the operators of the respective networks depends on the data protection provisions of the respective provider.  

d) Social media within the website
The buttons for social media shown on our website are not plug-ins. Behind the buttons is a redirect to the respective platform. We neither store cookies on your computer for this purpose, nor do we transmit your data. For further action on these pages, the privacy policies of the respective service apply. You can find more information on this above under section 5 a).  

When visiting our website, your browser does not establish a connection with the servers of the respective network or service unless you click on the corresponding button. Thus, the information about the visit to our website is not forwarded to the respective service.
If, during your visit to our website, you are also simultaneously logged in to the respective network via your personal user account (e.g. via another browser session) and you click on the buttons, your visit to our website can be assigned to your account.
If you wish to prevent such data transmission, you must log out of your user account of the respective service before visiting our website or do not use the links. The scope and purpose of the data collection by the respective service and the further processing and use of your data there can be found in the data protection information directly from the website of the provider. There you will also receive further information about your corresponding data protection rights and setting options to protect your privacy.

e) Facebook / Instagram
Together with Facebook Ireland Ltd we are responsible for collecting (but not further processing) data from visitors of our Facebook page (known as a "Fan Page") and our Instagram profile. This data includes information about the types of content users view or interact with, or the actions they take (see under "Things You and Others Do and Provide" in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices users use (e.g. IP addresses, operating system, browser type, language settings, cookie data; see under "Device Information" in the Facebook Data Policy statement: https://www.facebook.com/policy)
As explained in the Facebook Privacy Policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services called "Page Insights" to Page operators to provide them with insights into how people interact with their Pages and the content associated with them. We have entered into a special agreement with Facebook ("Page Insights Information", https://www.facebook.com/legal/terms/page_controller_addendum), which in particular regulates which security measures Facebook must observe and in which Facebook has agreed to fulfil the data subject rights (i.e. users can, for example, send information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook.
Further information can be found in the "Information on Page Insights" (https://www.facebook.com/legal/terms/information_about_page_insights_data).

a) Processing and purpose
We offer you the opportunity to apply to us directly on the website. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other legal provisions and that your data will be treated in strict confidence. If you send us an application, we will process your personal data associated with it and with the further application process (e.g. contact and communication data, application documents, notes taken during interviews, etc.) insofar as this is necessary to decide whether to establish an employment relationship. This also includes internal forwarding to HR and specialist departments, as well as your possible future superiors and other persons involved in the decision-making process.
In the event of employment, the data may also be passed on to financial accounting, the works council, the disabled persons' representative/integration office, the equal opportunities officer, the employment agency, tax consultants, banks and insurance companies.

b) Legal basis
The legal basis for this is § 26 FDPA under German law (initiation of an employment relationship) and Art. 6 para. 1 (b) GDPR (general initiation of contract). Your personal data will only be passed on within our company to persons who are involved in processing your application.
If the application is successful, the data submitted by you will be stored and processed in our data processing systems on the basis of Section 26 FDPA and Art. 6 para. 1 (b) GDPR for the purpose of implementing the employment relationship.

c) Storage period
If we are unable to make you a job offer, if you reject a job offer or if you withdraw your application, we reserve the right to store the data you have provided on the basis of our legitimate interests (Art. 6 para. 1 (f) GDPR) for up to 7 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and any physical application documents that may have been created will be destroyed. This storage serves in particular as evidence in the event of a legal dispute. If it is apparent that the data will be required after the 7-month period has expired (e.g. due to an impending or pending legal dispute), the data will not be deleted until the purpose for continued storage no longer applies.  

Longer storage may also take place if you have given your consent (Art. 6 para. 1 (a) GDPR) or if legal storage obligations prevent deletion.  

d) Cookies
The applicant portal sometimes uses so-called cookies. These are small text files that are stored on your computer and saved by your browser. They are very small, do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure.
The cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit and are necessary for the use of the applicant portal.  

e) External service providers
The operation of our applicant portal is handled by the service provider coveto ATS GmbH, Zeppelinstraße 9, 63667 Nidda.  

There are precise specifications regarding the scope and restrictions of processing by coveto ATS GmbH, which are contractually recorded in an order processing agreement.  

Further information on data protection at coveto ATS GmbH can also be found at https://www.coveto.de/Datenschutz.html.

f) Special categories of personal data
Insofar as we obtain your consent for the processing of special categories of personal data (Art. 9 para. 1 EU GDPR) such as, among others, religious affiliation, nationality as well as health data, Art. 9 para. 2 (a) EU GDPR serves as the legal basis.  

If the processing of special categories of personal data is necessary to enable us to exercise the rights accruing to us under labor law and social security and social protection law and to fulfill our obligations in this regard, the legal basis for the processing follows from Art. 9 para. 2 (b) EU GDPR, Art. 88 para. 1 EU GDPR in conjunction with. § Section 26(3) FDPA.  

If the processing of special categories of personal data is necessary to protect vital interests, the legal basis for the processing follows from Art. 9 para. 2 (c) EU GDPR.  

If the processing relates to special categories of personal data that you have obviously made public, the legal basis follows from Art. 9 para. 2 (e) EU GDPR.  

If the processing of special categories of personal data is necessary for the purposes of preventive health care, occupational medicine or the assessment of fitness for work, the legal basis follows from Art. 9 para. 2 (h) EU GDPR. 

Insofar as you have provided us with personal data, this will not be passed on to third parties. A passing on takes place only

• within the framework of this data protection declaration or with your consent.
• within the scope of processing your inquiries, your orders and the use of our services to commissioned subcontractors, who only receive the necessary data for the execution of this order and use it for the intended purpose.
• in the context of commissioned data processing pursuant to Art. 28 GDPR to external service providers. These have been carefully selected and commissioned by us, are bound by our instructions as well as the provisions of the GDPR and are regularly monitored.
• in the context of fulfilling legal obligations to bodies entitled to receive information.