Table of Contents
The Controller for processing of your personal data within the meaning of the German Federal Data Protection Act is ALTEN GmbH, Rosenauer Str. 27, 96450 Coburg and ALTEN SW GmbH, Elsenheimerstr. 55a, 80687 Munich (hereafter referred to jointly as: ALTEN). If you wish to object to the processing of your data by ALTEN in accordance with these data protection regulations, or object to individual measures, you can do so by sending your objection by e-mail, fax or letter to the following points of contact: ALTEN GmbH, Rosenauer Str. 27, 96450 Coburg, fax: +49 9561 5533-759, e-mail: firstname.lastname@example.org. Of course, you can at any time also obtain information free of charge about your personal data stored by us (see also point 6 in this regard).
2. WHICH DATA IS COLLECTED BY ALTEN AND HOW IS IT PROCESSED?
2.1 PERSONAL DATA
Personal data means any information that can be assigned to an identified natural person or to one who can be identified, directly or indirectly.
Personal data includes general personal data (e.g. name, address, data of birth, telephone number, e-mail address, etc.), bank details (account number, etc.), and data issued by authorities (e.g. driving license number, identity card number, passport number), evaluations (e.g. school reports and references from employers, etc.), online data (IP address, location data, etc.), customer data and supplier data and so forth.
2.2 COLLECTION, PROCESSING AND USE OF YOUR PERSONAL DATA
Data protection is very important to us. That is why, when processing your personal data, we adhere strictly to the statutory provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (new) (FDPA (new)), German Telemedia Act (TMA) and the other data protection legislation in the European Economic Area (EAA) and in Switzerland.
The ALTEN Group operates throughout Germany as an engineering service provider. As an adviser, driver of innovation and support provider, we are a competent development partner of German and international companies. We support our customer along the whole process chain from inception to serial production. ALTEN processes data in order to carry out advisory and development activities at or for ALTEN’s customers and its group companies as well as all related ancillary business.
Your personal data will only be used for the purposes of advertising / market research and for the configuration of our services if you have explicitly granted us your consent thereto.
2.2.1 DESCRIPTION OF THE CATEGORIES OF PERSONS CONCERNED
In general, the only data collected is that needed for the fulfilment of the corporate purpose and contractual agreements. In essence, personal data is collected, processed and used in relation to the following categories of persons:
- Customer data: Personal identification data, and communication data are processed in order to fulfil the company purpose. Also in order to initiate business contacts and provide information to customers.
- Supplier data: Personal identification data, communication data are as well as payment data and bank details, are processed in order to fulfil the company purpose.
- Employee data: Personal identification data, Performance data (references e.g.), contract master data, insurance data, data on absences (due to illness), payment and bank details, tax and social insurance data, login data, communication data, data on travel bookings and expenses and the booking of vehicles are processed to implement and process the respective employment relationship.
- Applicant data: Personal identification data, performance data, payment and bank details as well as data on travel bookings (in case of booking via ALTEN) of applicants are processed to initiate employment.
- Website visitors: Usage data (pseudonymised profiles pursuant to section 15 TMA) is processed for statistical purposes and to improve the information provided on our website.
- Interested parties: Personal identification data, communication data and, where appropriate, commercial and financial information of parties interested in ALTEN is only processed in order to fulfil the business purpose.
- Other personal data: Personal data of other business partners (e.g. system partners, chambers, associations, banks and authorities) is also processed in order to fulfil the business purpose.
2.2.2 RECIPIENTS OR CATEGORIES OF RECIPIENTS OF DATA
In general, the only data shared internally and externally is that needed for the fulfilment of the corporate purpose and the contractual agreements. These are mainly the following recipients:
- Service providers commissioned to assist in the correct performance of business (e.g. Suppliers to support administrative processes, including travel service providers for the execution of employees’ business trips, landlords for employee accommodation, the “Verwaltungs-Berufsgenossenschaft” (Administrative Professional Association) and company doctor as part of occupational health care and health & safety, insurers in relation to claims arising from the employment relationship). The legal basis is either Art. 28 GDPR in the case of order processing or, where appropriate, § 26 FDPA (in conjunction with Art. 88 GDPR) for the purposes of initiating or executing a business relationship with you
- External bodies for the fulfilment of the purposes mentioned under 2 (e.g. customers or ALTEN Group companies within the meaning of sections 15 et seqq. of the German Stock Corporation Act at which the employee is, or the employee or applicant is to be, deployed as part of their employment, customers and suppliers for the implementation of projects, banks for the payment of salaries, tax consultants and auditors). The legal basis is generally § 26 FDPA (in conjunction with Art. 88 GDPR) for the initiation or implementation of an employment relationship with the employees or Art. 6(1) letter f GDPR in relation to the Group’s general obligations such as tax returns, audits of annual accounts, etc.
- Public authorities in the event of overriding statutory provisions (e.g. social security institutions, financial authorities). The legal basis for this is Art. 6(1) letter c GDPR in conjunction with the respective legislation, in particular employment legislation and social welfare law.
No personal data is transmitted to third countries. Should this be necessary for project reasons, we will adhere strictly to the statutory requirements for appropriate guarantees as a precondition for the transmission of data to third countries pursuant to Art. 46 GDPR. The measures adopted by us are (in this sequence), (i) data is transmitted to a third country recognised by the EU Commission in accordance with Art. 45 GDPR, (ii) in the case of the USA, data is transmitted to a company certified under the EU-US Privacy Shield (www.privacyshield.gov), or (iii) otherwise data is transmitted to companies in accordance with the standard data protection clauses recognised by the EU Commission pursuant to Art. 46(2) letter c GDPR.
2.3 COLLECTION OF DATA WHEN YOU VISIT OUR WEBSITE
When you access our website, information of a general nature is automatically collected. This information (server log files) includes the browser type, the operating system used, the domain names of your internet service provider, and similar. This is exclusively information that permits no conclusions to be drawn regarding you as an individual. This information is needed for technical reasons in order to correctly delivery website content requested by you and is an integral component of internet usage. Anonymous information of this type analysed statistically in order to optimise our website and the technology behind it. The legal basis is our legitimate interest in providing the services of our website pursuant to Art. 6(1) letter f GDPR.
2.4 CONTACT FORM
Should you contact us by e-mail or using a contact form, the information you provide is stored for the purposes of processing your enquiry and responding to possible follow-on questions. The legal basis is our legitimate interest in providing the services of our website pursuant to Art. 6(1) letter f GDPR, and in responding to an enquiry made by you within the meaning of Art. 6(1) letter b GDPR.
2.5 DATA PROTECTION INFORMATION FOR APPLICANTS
Should you apply to ALTEN in the hope of entering an employment relationship with ALTEN, ALTEN processes your personal data, provided by you to us as part of your application, in order to initiate and, where appropriate, execute the contract. The legal basis for this in each case is § 26 FDPA (in conjunction with Art. 88 GDPR) for the purposes of initiating or executing an employment relationship.
Of necessity, this is the data provided by you, such as the title, name, address, e-mail address and telephone number as well as information regarding your training and further education, professional experience, knowledge in the sense of additional qualifications, preferences in relation to employment by ALTEN including your occupational field, preferred work location and working hours, etc.
The following categories of data are collected:
- Personal identification data and contract master data (e.g. name, postal address, e-mail address, telephone number)
- (Work) preferences (e.g. occupational field, form of employment)
- Training, professional experience, knowledge
- Application documents (e.g. certificates, references, CV, photo)
- Usage and inventory data (e.g. IP address, name of the file retrieved, data and time of retrieval, data volume transferred, notification of successful retrieval, browser, original domain).
Furthermore, we use your e-mail address to contact you when we conduct internal surveys with a view to improving quality at ALTEN. Participation in the surveys is voluntary and the results are only used once they have been rendered anonymous.
This personal data is also processed for the purpose of compliance with laws and regulations, such as employment legislation, tax and social welfare law, as well as international sanction regulations (e.g. EU anti-terrorism directive).
2.5.1 ONLINE APPLICATION FORM
Should you apply using our online form, you will be asked for personal information. The data you provide will be used exclusively within the application process and stored in our personalised database and used for that purpose. Other declarations made by you that are not necessarily required, but made voluntarily, are only processed by us if you provide us with them explicitly and voluntarily.
2.5.2 APPLICATION OR CONTACT AT TRADE FAIRS
Should you contact us in person at trade fairs with your application and provide us with personal data in your application documents for that purpose, we will use the data provided by you exclusively within the application process and only then store it in our personalised database.
2.5.3 APPLICATION BY OTHER MEANS (E.G. BY E-MAIL):
Should you contact us in another way (e.g. by e-mail) with your application and provide us with personal data in your application documents for that purpose, we will use the data provided by you exclusively within the application process.
2.6 Information on data protection for customers and suppliers
We process personal data as part of our business relationship with customers and suppliers, or prospective customers and suppliers. If you have a business relationship with ALTEN or are involved in negotiations regarding a possible business relationship with ALTEN, ALTEN processes your personal data, which you have provided us with, for the purposes of initiating and, where appropriate, executing contracts.
Data is also processed for the purposes of invoicing, accounting, project management and the maintenance of the ongoing business relationship. In each case, the legal basis is Art. 6(1) letter b GDPR.
The following categories of data are collected:
- Personal identification data and contract master data (e.g. name, postal address, e-mail address, phone number) of business partners and their contact persons
- Order and invoice data
- Payment data and bank details
- Data for and about advertising and direct marketing
Data is also processed for the purposes of invoicing, accounting, project management and the maintenance of the ongoing business relationship, including for advertising and direct marketing. The legal basis for this is, in each case, Art. 6(1) letter b GDPR in relation to the conclusion, execution and handling of contracts as well as Art. 6(1) letter f GDPR in relation to our legitimate interests, for example in bookkeeping and direct marketing.
This personal data is also processed for the purpose of compliance with laws and regulations, such as employment legislation, tax and social welfare law, German Money Laundering Act as well as international sanction regulations (e.g. EU anti-terrorism directive). The legal basis is Art. 6(1) letter c GDPR in conjunction with the respective provision of national law.
3. FORWARDING OF YOUR PERSONAL DATA TO THIRD PARTIES
ALTEN itself collects and stores the data. Your data is neither sold nor provided to other unauthorised third parties. ALTEN assures you that the data will only be forwarded within the ALTEN Group and to customers, limited respectively to the scope necessary for the achievement of the purpose:
3.1 TO INITIATE CONTRACTS
Your data will only be forwarded to customers and related companies of ALTEN within the meaning of sections 15 et seqq. German Stock Corporation Act to the extent that this is necessary for the hirers within the framework of temporary employment for the acquisition of activities. Applications in the areas of back office and business management are not affected by this.
3.2 TO EXECUTE CONTRACTS
Insofar necessary for the purpose of implementing your work relationship with ALTEN, your personal data is transmitted to the third parties necessarily involved in the contract execution (customers, suppliers, companies related to ALTEN within the meaning of Sections 15 et seqq. German Stock Corporation Act).
3.3 WITHIN THE FRAMEWORK OF OUR BUSINESS PURPOSES OR WHEN PERMITTED OR REQUIRED BY STATUTE
We can forward information about you to third parties for business reasons or when permitted or required to do so by statute. The data is also only communicated to state institutions or authorities entitled to receive such information within the scope of the statutory obligations to furnish information or where ALTEN is obliged to communicate it by court order.
4. SSL ENCRYPTION
We employ state-of-the-art encryption processes (e.g. SSL) to protect your data during transfer using HTTPS.
5. ERASURE AND BLOCKING OF YOUR DATA
We adhere to the principles of data avoidance and data minimisation. We store your personal data only for as long as is necessary to fulfil the purposes described here or for the various retention periods stipulated by the legislator. When the respective purpose no longer exists or the retention periods have expired, the corresponding data is routinely blocked or erased in accordance with the statutory regulations.
6. WHAT RIGHTS DO YOU HAVE?
You have the right at any time to receive information about any of your personal data stored by us. You also have the right to rectification, blocking or, except for data storage required for the performance of business, erasure of your personal data. Furthermore you have a right to have data transferred in a structured, customary and machine-readable format if you have provided that data on the basis of a consent or on the basis of a contract between you and us. You have a right to object on the basis of processing based on a legitimate interest; we retain the right to provide you with our compelling grounds (Art. 21(1) GDPR). We indicated above when this right exists. If you wish to assert these rights, please contact our data protection officer. You will find the contact details above.
So that the blocking of data can be considered at any time, that data must be kept available in a ‘blocking file’ for checking purposes. You can also request the erasure of data, provided it is not subject to a statutory obligation to archive data. If such an obligation exists, we will block your data at your request.
You can request changes or withdraw a consent with effect for the future by sending a corresponding communication to us.
Please contact us at email@example.com if you wish to exercise these rights. If you would like to apply to receive detailed information about all your personal data stored by ALTEN, you must send us proof of your identity including a photograph.
7. HOW DO WE PROTECT YOUR PERSONAL DATA?
We take physical, technical and administrative security measures in order to protect your personal data appropriately against loss, misuse, unauthorised access and sharing and change. These security measures include firewalls, data encryption, physical restrictions on access to our computer centres, and rights controls on access to data.
Like many other websites, we use so-called cookies. Cookies are small text files that are transferred to your hard drive by a website server. They enable us, via your computer and internet connection, to automatically receive certain data such as your IP address, the browser and operating system used.
Cookies cannot be used to run programs or to transfer viruses to a computer. Using information received on the basis of cookies, we can make it easier for you to navigate our sites and display them correctly.
The data collected by us is never passed onto third parties or linked to personal data unless you have granted your consent thereto.
9. GOOGLE ANALYTICS
This website uses Google Analytics, a web analysis service of Google Inc. (hereafter: Google). Google Analytics uses so-called “cookies”, i.e. text files, which are saved on your computer and enable an analysis of your use of the website. The information generated by a cookie on your usage of the website is sent to and stored on a Google server in the United States. However, when IP anonymisation is activated on these web pages, your IP address is first of all truncated by Google when the website is accessed from within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases is the complete IP address transferred to a Google server in the United States and truncated there. On behalf of the operator of this website, Google uses this information to analyse your usage of the website, compile reports on website activity and provide other services connected to the use of the website and the internet for the website operator. The IP address your browser supplies to Google Analytics is never combined with any other data held by Google.
You can prevent the storage of cookies using the relevant setting in your browser software. However, we would like to point out that you may then not be able to fully use all the functions of this website. Furthermore, you can prevent Google from collecting and processing the data generated by the cookie and relating to your use of the website (including your IP address) by downloading and installing the browser plugin available under the following link: Browser-Add-on for deactivation of Google Analytics.
In addition or as an alternative to the browser add-on, you can prevent tracking by Google Analytics on our pages by clicking this link. An opt-out cookie is then installed on your device. This prevents Google Analytics from tracking you in future on this website and this browser, provided the cookies remains installed on your browser.
10. USE OF SOCIAL PLUGINS
On our website we use social media plugins of the social networks Facebook, Xing, LinkedIn and kununu. The social media plugins can be identified from the logo of the respective social media network.
Facebook Inc. (1601 S. California Ave – Palo Alto – CA 94304 – USA)
XING AG (Gänsemarkt 43 – 20354 Hamburg – Germany)
LinkedIn Corp. (2029 Stierlin Court – Mountain View – CA 94043 – USA)
Kununu GmbH (Neutorgasse 4-8, Top 3.02 – 1010 Vienna – Austria)
The social media plugins on our website are deactivated unless you activate them. To be able to use the social media plugins you must activate them by clicking the corresponding button. No data will be transferred to the social network if the social media plugin is not activated. After it has been activated, the social media plugin established a connection with the social media network’s servers and remains active until you deactivate it again or delete your corresponding cookies. Activation establishes a direct connection with the servers of the respective social media network. The content of the social media plugin is transmitted by the social media network directly to your browser, which integrates it into the website visited. We therefore have no influence on the scope of the data collected by the social media plugin.
More information about the purpose and scope of data collection as well as the further processing and use of the data by the respective social media network, your rights in respect of this and the possibilities to alter settings in order to protect your privacy can be found in the data protection policies of the social media networks.
11. AMENDMENTS TO OUR DATA PROTECTION REGULATIONS
We reserve the right to amend this Data Protection Declaration in order to ensure it always meets the legal requirements applicable at the time or to implement in the Data Protection Declaration any adjustments to our services, e.g. the introduction of new services. The new Data Protection Declaration will then apply when you next visit our website.