I. Introduction and terms
By operating our website with the URL www.aomation.de (hereinafter referred to as "website"), we process personal data. These are treated confidentially by us and processed in accordance with the applicable laws - in particular the German Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG). With these data protection provisions, we want to inform you about what personal data we collect from you, for what purposes and on what legal basis we use it and, if applicable, to whom we disclose it. In addition, we will explain what rights you have to protect and enforce your data privacy.
2.1 Personal data
"Personal data" is any information relating to an identified or identifiable individual (Art. 4 No. 1 DSGVO). Information of an identified person can be, for example, the name or the e-mail address. However, personal data is also data for which the identity is not immediately apparent, but can be determined by combining one's own information or that of others and thus finding out who it is. A person can be identified, for example, by providing your address or bank details, date of birth or user name, IP addresses and/or location data. Relevant here is all information that in any way allows a conclusion to be drawn about a person.
Under a "processing" understands Art. 4 No. 2 DSGVO any operation in connection with personal data. This applies in particular to the collection, recording, organization, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or other form of making available, alignment or combination, restriction, erasure or destruction of personal data.
II. Responsible person and data protection officer
Responsible for data processing is:
Company: aomation GmbH ("we")
Legal representative: Horst Buchfink (Managing Director)
Address: Schloßstraße 8f, 22041 Hamburg
Phone: +49 40 3344122-0
4. DATA PROTECTION OFFICER
We have appointed an external data protection officer for our company. You can reach him at:
Company: HABEWI GmbH & Co. KG
Legal representative: General partner HABEWI Beteiligungs GmbH, represented by Arne Platzbecker (Managing Director)
Adress: Palmaille 96, 22767 Hamburg
Phone: 040/ 46008966
Fax: 040/ 46008977
III. Processing framework
5. PROCESSING FRAMEWORK: WEBSITE
Within the framework of the website, we process the personal data from you listed in detail below in section IV. We only process data from you that you actively provide on the website (e.g. by filling out forms) or that you automatically provide when using our offer.
Your data will be processed exclusively by us and will not be sold, lent or passed on to third parties. If we use the help of external service providers to process your personal data, this is done within the framework of so-called order processing, in which we as the client are authorized to issue instructions to our contractors. To operate our website, we use an external service provider for hosting: Homepage Helden GmbH, Poststraße 20, 20354 Hamburg. If further external service providers are used for individual processing operations listed in section IV, they will be named there.
As a matter of principle, we do not transfer data to third countries and do not plan to do so. We will provide information about exceptions to this principle in the processing operations described below. Any data transfer to third countries will then take place on the basis of the so-called EU standard contractual clauses.
IV. The processing in detail
6. PROVISION OF THE WEBSITE AND SERVER LOGFILES
6.1 Description of the processing
Each time you visit the website, we automatically collect information that your browser transmits to our server. This is the following data:
- IP address
- the date and time the website was called up
- browser software used, as well as its version and language
- operating system
- the website from which visitors came to the website (so-called referrer)
- the subpages accessed on the website
- the date and time the website was accessed
- Internet service provider
- country and place from which a user visited the website
- directory protection user
- status code
- Data volume
- user agent
- called hostname
These are also stored in the so-called log files of our system. The temporary storage of your IP address by the system is necessary in order to deliver our website to a user's terminal device. For this purpose, the user's IP address must remain stored for the duration of the session. The IP address is only recorded in the log files shortened by the last three digits.
The processing is carried out to enable the website to be called up and to ensure its stability and security. In addition, the processing serves the statistical evaluation and improvement of our online offer.
6.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose named in section 6.2.
6.4 Storage period
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. Deletion of the log files takes place after 60 days.
7. CONTACT FORM AND CONTACT BY E-MAIL
7.1 Description of processing
By providing a contact form on our website, we want to offer you a convenient way to contact us. The data transmitted with and in the contact form or your e-mail will be used exclusively for the purpose of processing and responding to your request.
7.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose named in section 7.2. If the e-mail contact is aimed at the conclusion or fulfillment of a contract, the data processing is carried out for the fulfillment of the contract (Art. 6 para. 1 lit. b DSGVO).
7.4 Storage period
We delete the data as soon as they are no longer required to achieve the purpose for which they were collected. This is usually the case when the respective communication with you has ended. The communication is terminated when it is clear from the circumstances that your concern has been conclusively clarified. If legal retention periods prevent deletion, the data will be deleted immediately after the expiry of the legal retention period.
8. Applicant data
8.1 Description of processing
We process the data you provide in connection with your application in order to assess your suitability for the position (or other open positions in our company, if applicable) and to carry out the application process. Overall, this involves general data about you (such as your name, address and contact details), information about your professional qualifications and school education, information about professional training, knowledge and skills, and other information that you disclose to us in connection with your application. This is usually done through letters of application, resumes, references, correspondence, telephone or verbal statements from you.
We would like to evaluate all applicants only according to their qualifications and therefore ask you to refrain from disclosing "special categories of personal data" according to Art. 9 of the General Data Protection Regulation in your application if possible (e.g. a photo that reveals ethnic origin, information about severely disabled status, etc.).
If your application contains such information, please send us a corresponding declaration of consent, otherwise your application cannot be considered. If your application is successful, we will include your data in your personnel file and use it to carry out and terminate your employment.
If we are currently unable to offer you employment, we will continue to process your data after sending the rejection in order to defend ourselves against any legal claims, in particular due to alleged discrimination in the application process.
If you are not selected for the vacant position, we will transfer your data to our applicant pool - provided we have your consent to do so.
The processing is carried out to carry out the application procedure, to decide on the establishment of an employment relationship with us and to document compliance with legal requirements in the application procedure.
8.3 Legal basis
Data processing in connection with the application procedure has its legal basis in Section 26 (1) sentence 1 BDSG and Article 6 (1) (1) b DSGVO. If your application is successful, further data processing will be carried out in accordance with Art. 6 Para. 1 Sentence 1 lit. b DSGVO in conjunction with Art. 88 Para. 1 DSGVO in conjunction with Section 26 Para. 1 BDSG for the purpose of establishing, implementing and terminating the employment relationship. If you have given your consent, e.g. for the inclusion of your data in our applicant pool, the data processing is based on Art. 6 (1) (1) a DSGVO. Incidentally, the legal basis for data processing after a rejection is Art. 6 (1) (1) (f) DSGVO. Our legitimate interest is the defense against legal claims.
8.4 Storage period
If your application is successful, your data will be transferred to your personnel file and deleted in accordance with the regulations applicable to personnel files. If we are currently unable to offer you employment, we will continue to process your data for up to six months after sending the rejection letter. If we transfer your data to our applicant pool after completion of the application process, we will delete it from the applicant pool in the event of subsequent establishment of an employment relationship or otherwise two years after inclusion.
8.5 Recipients of your data, transfer of data to third parties and transfer to third countries
Your applicant data will be viewed by the HR department after receipt of your application. Suitable applications are then forwarded internally to the department managers for the respective open position. The further procedure is then coordinated. As a matter of principle, only those persons in the company who require your data for the proper conduct of our application process have access to it. Data is not passed on to third parties. Likewise, no data is transferred to third countries, nor is this planned.
V. Security measures
9. Security measures
To protect your personal data from unauthorized access, we have provided our website with an SSL or TLS certificate. SSL stands for "Secure Sockets Layer" and TLS for "Transport Layer Security" and encrypts the communication of data between a website and the user's terminal device. You can recognize active SSL or TLS encryption by a small lock logo that appears on the far left of the browser's address bar.
VI. Your rights
10. Data subject rights
With regard to the data processing by our company described above, you are entitled to the following data subject rights:
10.1 Information (Art. 15 DSGVO)
You have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, they have a right to information about this personal data and to the information listed in detail in Art. 15 DSGVO under the conditions specified in Art. 15 DSGVO.
10.2 Correction (Art. 16 DSGVO)
You have the right to demand that we correct any inaccurate personal data concerning you and, if necessary, complete any incomplete personal data without undue delay.
10.3 Deletion (Art. 17 DSGVO)
You have the right to demand that we delete personal data concerning you without undue delay, provided that one of the reasons listed in detail in Art. 17 DSGVO applies, e.g. if your data is no longer required for the purposes we pursue.
10.4 Restriction of data processing (Art. 18 DSGVO)
You have the right to request us to restrict processing if one of the conditions listed in Art. 18 DSGVO applies, e.g. if you dispute the accuracy of your personal data, data processing will be restricted for the period of time that allows us to verify the accuracy of your data.
10.5 Data portability (Art. 20 DSGVO)
You have the right, under the conditions set out in Art. 20 DSGVO, to request that the data concerning you be handed over in a structured, common and machine-readable format.
10.6 Withdrawal of consent (Art. 7 Abs. 3 DSGVO)
You have the right to revoke your consent at any time in the case of processing based on consent. The revocation applies from the time it is asserted. In other words, it has effect for the future. The processing therefore does not become unlawful retroactively as a result of the revocation of consent.
10.7 Complaint (Art. 77 GDPR)
If you believe that the processing of personal data concerning you violates the GDPR, you have the right to lodge a complaint with a supervisory authority. You can assert this right at a supervisory authority in the EU member state of your place of residence, your place of work or the place of the alleged infringement.
10.8 Prohibition of automated decisions/profiling (Art. 22 GDPR)
Decisions that have legal consequences for you or significantly affect you must not be based solely on automated processing of personal data - including profiling. We inform you that we do not use automated decision-making, including profiling, with regard to your personal data.
10.9 Right to object (Art. 21 DSGVO)
If we process personal data from you on the basis of Art. 6(1)(f) DSGVO (to protect overriding legitimate interests), you have the right to object to this under the conditions listed in Art. 21 DSGVO. However, this only applies insofar as there are reasons arising from your particular situation. After an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms. We also do not have to stop processing if it serves the assertion, exercise or defense of legal claims. In any case - also regardless of a specific situation - you have the right to object at any time to the processing of your personal data for direct marketing.
Status: September 2021