Privacy Policy

This privacy policy informs you how your personal data is collected and processed when you use our website or contact us by email, telephone or using a contact form. For the purposes of this policy, “personal data” is deemed to be all data that can be referenced to you personally, for example your name, address, email addresses and user behaviour.

I. Contact information for the controller and data protection officer

1. The controller as per the EU General Data Protection Regulation (GDPR), s 4(7), is (please refer to our legal notice).

2. Our data protection officer is the lawyer Christian Krösch, SLK Compliance Services GmbH, Königsbrücker Straße 76, 01099 Dresden, Germany, +49 (0) 351 896 763 60, datenschutz@slk-compliance.de.

II. General information on the collection, passing on and storage of personal data

1. We process your personal data as per the terms of the GDPR, the German Data Protection Act (BDSG) and all other relevant, definitive laws.

2. Data processing is primarily necessary for the establishment and performance of contracts between us and you. If you contact us by email, telephone or using a contact form, the information you disclose (e.g. your email address, and, where applicable, your name and telephone number) will be stored by us in order to enable us to answer your questions. The prerequisites for the processing and storage of your personal data in this way are defined in GDPR, s 6(1)(b). In addition, it may be permissible to regard separate consent given by you as per GDPR, s 6(1)(a) and 7, as a statement of consent to our privacy policy. We will also process your data in order to fulfil our legal obligations in the fields of commercial and tax law in particular. Data processing for this purpose occurs as per GDPR, s 6(1)(c). Where necessary, we will also process your data as per GDPR, s 6(1)(f), in order to protect the legitimate interests of us or third parties.

3. Your personal data will not be passed on to third parties for any purpose other than those described in the following. We will only pass your data on to third parties if you have given your explicit consent to the passing on of your personal data as per GDPR, s 6(1)(a), if the passing on of your personal data is necessary for the assertion, exertion or defence of legal rights as per GDPR, s 6(1)(f) and there is no reason to assume that you have an overriding, protection-worthy interest in the non-communication of your data, or if the passing on of your personal data is a legal obligation as per GDPR, s 6(1)(c), legally permissible and necessary for the performance of a contract as per GDPR, s 6(1)(b).

4. If we wish to commission subcontractors to perform individual elements of our products and services or use your data for advertising purposes, we will inform you in detail of the processes involved at the bottom of the description of the respective offer. We will also inform you of the storage periods involved.

5. We will delete your personal data as soon as it is no longer required for the following purposes. Once our contractual relationship has ended, we will store your data for as long as we are legally obliged to do so. Storage periods are generally governed by legal obligations to perpetuate evidence and store data as defined in statute such as the German Commercial Code (Handelsgesetzbuch) and German Tax Code (Abgabenordnung). Storage periods can be up to ten years in duration. Personal data may also need to be stored until such time as claims can no longer be made against us (here: a statutory period of limitation of between three and thirty years).

III. Collection of personal data on our website

1. Data collected when you visit our website

1.1 If you use our website for purely informational purposes (i.e. if you neither register nor actively communicate data to us by other means) we will only collect the personal data sent to our server by your browser. If you wish to view our website, we will collect the data we require in order to be able to display our website on your device and ensure the stability and security of our website. The data will also be stored in logfiles in our system. The data in question will not be stored along with other user-specific personal data. The data stored includes your IP address, the date and time of your request, the difference between your time zone and Greenwich Mean Time (GMT), the content (i.e. specific page) to which your request refers, your access status/HTTP status code, the volume of data transferred, the website from which the request is sent, your browser software (including language and version) and your operating system and interface.

1.2 The prerequisites for the lawful temporary storage of data and logfiles are defined in GDPR, s 6(1)(f).

1.3 The temporary storage of your IP address in our system is necessary for the display of our website in your browser. Your IP address must therefore be stored for the duration of your session. Logfiles are stored in order to ensure website functionality. The aforementioned data also enables us to optimise our website and ensure the security of our information systems. These purposes substantiate our legitimate interest in the processing of personal data as per GDPR, s 6(1)(f). This does not constitute an opportunity for the evaluation of data for marketing purposes, nor will it be used as such.

1.4 Data will be deleted as soon as it is no longer required for the purpose it was collected for. In the case of data collected in order to display our website on your device, this is the case at the end of the respective session. Logfiles are deleted within 60 days of when the website was retrieved.

1.5 The collection of data when a user visits our website and the storage of that data in logfiles are essential to the proper operation of our website. You are therefore unable to appeal against it.

2. Use of cookies

2.1 Cookies are stored on your device when you use our website. Cookies are text files stored in your internet browser and/or by your internet browser on your device. Any visit to a website may result in a cookie being stored on your operating system. Each cookie contains a specific character sequence which enables the identification of your browser the next time you visit the website.

2.2 This website uses the following types of cookies, the scope and function of which are described in the following sections:

  • Transient cookies (temporary);
  • Persistent cookies (time-limited);
  • Third-party cookies (from third parties, information provided separately).

2.3 Transient cookies are automatically deleted when you close your browser. They include session cookies, which store a so-called session ID that keeps track of various requests sent by your browser during a continuous session. This makes it possible to recognise your device when you return to our website. Session cookies are deleted when you log out or close your browser. The prerequisites for the lawful processing of personal data with the aid of transient cookies are defined in GDPR, s 6(1)(f). The aim of transient cookies is to make websites more convenient for you to use. A number of functions on our website cannot be delivered without the aid of cookies, as they depend on your browser being recognised even when you return from another page. These purposes substantiate our legitimate interest in the processing of personal data as per GDPR, s 6(1)(f).

2.4 Persistent cookies are used exclusively in combination with the web analysis services we employ and only for as long as they are actually required. They have a maximum storage life of two years. You can delete these cookies using the security settings in your browser at any time, though this may restrict the usability and user-friendliness of our website. The prerequisites for the lawful processing of personal data with the aid of persistent cookies are defined in GDPR, s 6(1)(f). We use analytical cookies for the purpose of enhancing the quality of our website and the content thereof. Analytical cookies give us insights into how our website is used, thus enabling us to continuously improve the functions and content we provide on it. These purposes substantiate our legitimate interest in the processing of personal data as per GDPR, s 6(1)(f).

2.5 Cookies that are not essential to the performance of our services from a technical perspective are only stored with your consent, which can be revoked at any time. By continuing to use our website with corresponding browser settings, you consent to the use of cookies as set out in this privacy policy. You can manage your consent using your browser settings, for example by stipulating that you wish to be informed of any cookies stored and that they may only be stored once you have given your explicit consent. To give an example, you can elect to allow cookies in all or only in specific cases. You can configure your browser settings in accordance with your wishes, for example by allowing or blocking third-party cookies or all cookies. We nevertheless remind you that this may restrict the usability and user-friendliness of our website. The prerequisites for the lawful processing of personal data with the aid of analytical cookies for which the user has provided their consent are defined in GDPR, s 6(1)(a).

3. Other functions and offers on our website

3.1 In additional to its purely informational function, our website also offers various other services you may be interested in using. The submission of additional personal data is generally essential to the performance of these services, which are again subject to the aforementioned data processing principles.

3.2 In some cases we commission external service providers to process data on our behalf. They are carefully selected by us, given clear instructions to which they are obliged to adhere and assessed on a regular basis.

3.3 We may also pass your personal data on to third parties within the context of initiatives, competitions, contracts or similar services offered in cooperation with external partners. Further information will be provided to you when you submit your personal data or at the bottom of the description of the respective offer.

3.4 If one or more of our subcontractors or partners is based on a country outside the European Economic Area (EEA) we will inform you of any consequences in the description of the respective offer.

4. Use of contact forms

4.1 Any personal data you choose to make available to us using our contact forms will be collected by us. We will also store the information subsequently generated as a result of you making contact with us. In particular, this includes you name, contact details and the date and reason you made contact with is. Your personal data will only be used to make the requested products and services available to you and engage in correspondence with you. The prerequisites for the lawful processing of personal data as described above are defined in GDPR, s 6(1)(b).

4.2 We will delete your personal data as soon as it is no longer required for the purpose for which it was collected. In the case of personal data submitted via contact forms, this is deemed to be the case when the respective conversation with you ends. A conversation is deemed to end when circumstances clearly indicate that the issue at hand has been brought to a definitive conclusion. Insofar as it is subject to storage periods defined in tax and commercial law, the data submitted by you will be stored for the statutory storage period of ten years. It will then be deleted unless you have consented to a longer storage period or the data is necessary for the assertion, exertion or defence of legal rights (statutory periods of limitation range from three to thirty years).

5. Use of Google Analytics

5.1 This website uses Google Analytics, a web analysis service operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) which uses so-called “cookies” (text files stored on your device in order to facilitate the analysis of how you use the website). As a general rule, the data on your use of this website collected by the cookie is sent to and stored on a Google server located in the USA. If IP anonymization is activated on this website and you are in an EU member state or another treaty state in the EEA, your IP address will be abbreviated/anonymized by Google prior to being sent to and stored on a server in the USA. Your full IP address will only be sent to and abbreviated/anonymized on a Google server in the USA in exceptional cases. Working on behalf of the operator of this website, Google uses the data collected by the cookie to analyse your use of this website, compile website activity reports and provide the website operator with other services linked to website use and internet use.

5.2 The IP address sent by your browser in connection with Google Analytics will not be matched to any other data held by Google.

5.3 You may prevent the generation and storage of cookies by activating the appropriate settings in your browser. Please note that cookie deactivation may render you unable to utilise the full range of functions available on this website. You can also prevent cookie-generated data on your use of this website (including your IP address) from being sent to and processed by Google by downloading and installing the browser plugin available on the following webpage: https://tools.google.com/dlpage/gaoptout?hl=en.

5.4 This website uses Google Analytics in combination with the “_anonymizeIp()” function. This means that IP addresses are abbreviated prior to processing, thus preventing data from being matched to a specific user. If the personal data collected from you can still be matched to you it will be blocked and deleted immediately.

5.5 We use Google Analytics to analyse and enhance the use of our website. The statistics provided by the service enable us to improve our offers and make them more interesting for you the user. In the exceptional cases in which personal data is sent to the USA, Google undertakes to comply with the EU-US-Privacy-Shield (https://www.privacyshield.gov/EU-US-Framework). The prerequisites for the lawful use of Google Analytics are defined in GDPR, s 6(1)(f).

5.6 Information on the third-party provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001, user terms and conditions: https://www.google.com/analytics/terms/de.html, general information on privacy: https://support.google.com/analytics/answer/6004245?hl=de privacy policy: https://www.google.de/intl/de/policies/privacy.

6. Use of social media plug-ins (Shariff solution)

6.1 We are currently using the following social media plug-ins: Facebook, Google+, Twitter, Xing, LinkedIn. Thereby we are using the so called shariff solution. To increase the protection of your data when visiting our website, plug-ins are not unrestricted but integrated into the page only by using a HTML-link. This integration ensures that by visiting a page on our website which contains such plug-ins no connection with the servers of the provider of the respective social network is made. When you click on one of the buttons a new window in your browser opens and loads the page of the respective service provider on which you can (if necessary after entering your login data) for example use the like or share button. Purpose and extent of data collection and the further processing and use of the data by the provider on its pages as well as your corresponding rights and setting options for privacy protection can be found in the data protection notice of the provider.

6.2 We neither have influence on the collected data and data processing nor do we know about the full extent of the data collection, the purpose of the processing, the storage times. We don’t have information either regarding the deletion of the collected data by the plug-in provider.

6.3 The plug-in provider saves the collected data as user profiles and uses them for advertising, market research and/or needs-based design of its website. Such an evaluation is done especially (also for users not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object against the creation of these user profiles but must contact the respective plug-in provider to do so. Through the plug-ins we provide the opportunity to interact with the social network and other users so that we can improve our offer and make it more interesting for you as a user. Legal basis for the use of the plug-ins is GDPR, s 6(1)(f).

6.4 The data transfer is done independently of the fact whether you have an account with the plug-in provider and are logged in there. When you are logged in to the plug-in provider your data collected by us are directly assigned to your existing account with the plug-in provider. When you click the activated button and for example link the page, the plug-in provider saves also this information in you user account and shares them publicly with your contacts. We recommend logging out regularly after the use of a social network, but especially before the activation of the button as you can therefore avoid an assignment to your account with the plug-in provider.

6.5 Further information regarding the purpose and extent of the data collection and their processing by the plug-in provider can be found in the following data protection declarations of these providers. They also provide further information regarding your corresponding rights and setting options for privacy protection:

7. Use of Google Maps

7.1 On our website we use Google Maps operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Consequently, we can show you interactive maps directly in the website and enable you a comfortable use of the map function. Legal basis for the use of Google Maps is GDPR, s 6(1)(f).

7.2 By visiting the website Google receives the information that you opened the relevant subpage of our website. In addition, the data named under III. 1. of this declaration are transmitted. This happens independently of the fact whether Google provides a user account to which you are logged in or no user account exists. When you are logged in to Google your data are directly assigned to your account. If you don’t want the assignment with your profile to Google, you must log out before activating the button. Google saves your data as user profiles and uses them for advertising, market research and/or needs-based design of their website. Such an evaluation is done especially (even for users not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object against the creation of these user profiles but must contact Google to do so.

7.3 Further information regarding the purpose and extent of the data collection and their processing by this provider can be found in the data protection declarations of the provider. They also provide further information regarding your corresponding rights and setting options for privacy protection: https://www.google.de/intl/de/policies/privacy. Google processes your personal data also in the US and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. Opt-Out: https://adssettings.google.com/authenticated.

8. Use of Google Fonts

8.1 We use Google Fonts operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on our website. We use this service in order to ensure that our website is displayed in a uniform and attractive way. Each time you visit a page your browser will load the web fonts required into your browser cache in order to ensure that text and fonts are displayed correctly. If your browser does not support web fonts your device will use a default font instead. The prerequisites for the lawful use of Google Fonts are defined in GDPR, s 6(1)(f).

8.2 When you visit our website Google will receive notification that you have accessed the corresponding section of our website. Data is also transmitted as per section III.1 of this privacy policy, regardless of whether or not you are logged into a Google user account or do not have a Google user account. If you are logged into a Google user account your data will be matched directly to your account. If you do not wish your data to be matched to your Google profile you must log out before activating the button. Google stores your data as a user profile and uses it for the purposes of advertising, market research and/or the needs-oriented design of its own website. In particular, and even in the case of users who are not logged in, data evaluation is used to deliver needs-oriented advertising and inform other social network users about your activities on our website. You have the right to appeal against the generation of such user profiles; please contact Google if you wish to exercise this right.

8.3 Further information on the purpose and scope of the data gathering and processing engaged in by this provider is available in the provider’s privacy policies, which also include information on your rights in this regard as well as settings that enable you to protect your privacy (https://www.google.de/intl/de/policies/privacy). In some cases Google processes your personal data in the USA in compliance with the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework). To opt out, please visit https://adssettings.google.com/authenticated.

9. Social media presence

9.1 We currently use the following social networks, communication services and platforms: Facebook, Google+, Twitter, Xing and LinkedIn. We maintain these social media presences primarily to communicate with customers, prospects and users, increase our brand awareness and promote our products and services.

9.2 We have no control over the data and data processing operations collected, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also do not have any information on the deletion of the collected data.

9.3 The respective provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or the design of its website to meet requirements. Such an evaluation takes place in particular (also for users who are not logged in) for the representation of demand-meeting advertisement. The legal basis for the use of these social media presences is Art. 6 para. 1 lit. f) DSGVO, as we have a justified interest in communication and information of customers and interested parties about these presences. If the respective provider has obtained your consent for the processing of your personal data, the legal basis for the processing is Art. 6 Para. 1 a), 7 DSGVO.

9.4 The purpose and scope of the data collection and the further processing and use of the data by the providers as well as your rights in this regard and setting options for the protection of your privacy can be found in the data protection information of the providers. In any case, you have the right to object to the creation of user profiles, whereby you must contact the respective provider to exercise this right. Also in the case of the assertion of your concerning rights, we refer you to the respective providers. Only the providers have access to your data and can, for example, provide information or delete data. Beyond that we are to you gladly at the disposal.

10. Data security

10.1 Data communicated via our website is protected with the aid of the widely used SSL procedure (Secure Socket Layer) in combination with the highest level of encryption supported by your browser, which is generally 256-bit encryption. If your browser does not support 256-bit encryption we will use 128-bit v3 technology instead. A key or closed padlock icon in your browser’s lower status bar indicates that the respective page of our website is transmitted in encrypted form.

10.2 We also implement appropriate technical and organisational measures in order to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction and unauthorised access by third parties. We continually optimise our safety measures in order to keep up with technological developments.

IV. Collection of personal data when you contact us by email, post or telephone

1. Collection of personal data from customers, interested parties and suppliers

1.1 We only collect personal data from customers, interested parties and suppliers if they disclose it to us voluntarily by email, post or telephone. When a customer, interested party or supplier enters into contact with us we collect the data generated as a result, and in particular names, contact details and the date and time when contact was made. The personal data we collect from you will only be used for the purpose of providing you with the desired products and services (the prerequisites for the lawful processing of personal data for this purpose are defined in GDPR, s 6(1)(b)) or other purposes to which you have consented (the prerequisites for the lawful processing of personal data for such purposes are defined in GDPR, s 6(1)(a)) as described in this privacy policy. You have the right to revoke your consent to the processing of your personal data at any time.

1.2 You are not obliged to disclose the aforementioned personal data to us. The data may nevertheless be a prerequisite for the conclusion of a contract between us. Failure to submit the data required may prevent communication and/or the conclusion and performance of a contract between us.

1.3 Any disclosure of your personal data will occur in accordance with statutory regulations and contractual agreements. Where relevant, data may be disclosed to official bodies (provided there is a legitimate legal reason to do so), external service providers, other contractors or other external bodies insofar as you have given your consent or disclosure is permissible for a compelling reason. We have no intention to disclose your data to recipients in third countries (i.e. countries outside the EU/EEA) or international organisations.

1.4 Data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of any personal data collected from you, this is deemed to be the case when the respective conversation with you ends. A conversation is deemed to end when circumstances clearly indicate that the issue at hand has been brought to a definitive conclusion. To the extent that it is subject to storage periods defined in tax and commercial law, any personal data collected will be stored for the statutory period of ten years. It will then be deleted unless you have consented to a longer storage period or the data is necessary for the assertion, exertion or defence of legal rights. The prerequisites for the lawful processing of personal data for the purpose of the fulfilment of statutory obligations to archive and store data are defined in GDPR, s 6(1)(c).

2. Collection of personal data from applicants

2.1 We only collect personal data from applicants if they disclose it to us voluntarily by email, post or telephone. This applies to applications for advertised positions and unsolicited applications alike. When an applicant enters into contact with us we collect the data they disclose to us within the context of their application, and in particular their name, contact details, interests, qualifications and educational and professional careers. The prerequisites for the lawful processing of personal data within the context of application processes are defined in GDPR, s 6(1)(a), (b) and (f) and § 26 BDSG.

2.2 You are not obliged to disclose the aforementioned personal data to us. The data may be a prerequisite for the conclusion of a contract between us further to the conclusion of the application process. Failure to submit the data required may prevent communication, the completion of the application process and the conclusion of a contract between us.

2.3 Any disclosure of your personal data will occur in accordance with statutory regulations and contractual agreements. Relevant data will be disclosed to employees responsible for recruitment and human resource management, management level employees and the head of the respective department. Your personal data will not be disclosed to any third parties. There is no intention to disclose your data to recipients in a third country (i.e. a country outside the EU/EEA) or an international organisation.

2.4 Data will be deleted as soon as it is no longer required for the purpose for which it was collected. If your application is rejected we will store your data for a period of six months after you have been notified that your application has been rejected. If you consent to a longer storage period your data will be stored for a period of two years. When that period expires we will either delete your data or request that you renew your consent. You have the right to revoke your consent to the processing of your personal data at any time.

V. Appealing against and revoking your consent to the processing of your data

1. If you consent to the processing of your data you have the right to revoke that consent at any time. Revocation only affects the permissibility of the processing of your personal data after such time as we receive notification of the revocation of your consent.

2. If we process your personal data on the basis of the balancing of interests alone you have the right to appeal against such processing. This applies in particular to processing which is not essential to the performance of a contract with you. If you wish to exercise your right of appeal we request that you explain the reasons why we should not process your personal data in the way to which you object. If your appeal is legitimate we will examine the situation and either cease to process your data, adjust the way in which we process your data or provide compelling reasons why we will continue to process your data in the way to which you object.

3. You naturally have the right to appeal against the processing of your personal data for the purposes of advertising and data analysis at any time. Please use the following contact details if you wish to appeal against the processing of your personal data for advertising purposes: social@fuu-sachsen.de

VI. Your rights

1. Section 15 of the GDPR gives you the right to demand information on the personal data we have collected on you. In particular, you can demand information on the purposes for which your data is processed, the categories of personal data held, the categories of recipients to whom your data has been or may be disclosed, the foreseen storage period, the existence of a right of correction, deletion, restriction on processing or appeal, the existence of a right of complaint, the origin of your data (insofar as it was not collected by us), the existence of a system of automated decision-making (including profiling) and, where applicable, definitive information on any decisions made using that system.

2. Section 16 of the GDPR gives you the right to demand the immediate correction or completion of incorrect or incomplete personal data we store on you. Section 17 of the GDPR gives you the right to demand the deletion of personal data we store on you insofar as the processing of that data is not essential i) to the exertion of the right to free speech, ii) to the fulfilment of a legal obligation, iii) for reasons in the public interest or iv) to the assertion, exertion or defence of legal rights.

3. Section 18 of the GDPR gives you the right to demand restrictions on the processing of your personal data insofar as you dispute the correctness of that data and the processing thereof is not lawful but you object to the deletion thereof – even though we no longer require the data in question – due to the fact that you require it for the assertion, exertion or defence of legal rights or have filed an appeal against the processing thereof as per section 21 of the GDPR.

4. Section 20 of the GDPR gives you the right to demand that your personal data is made available to you or another responsible person in a structured, conventional, machine-readable format.

5. Section 7(3) of the GDPR gives you the right to revoke consent you have granted us in the past at any time. The exertion of this right prohibits us from continuing with the data processing to which that consent referred in the future.

6. In addition, section 77 of the GDPR gives you the right to lodge a complaint regarding the processing of your personal data by us with a supervisory authority, for example with the supervisory authority responsible for our region: Sächsischer Datenschutzbeauftragter, Bernhard-von-Lindenau-Platz 1, 01067 Dresden, Telefon: 03 51 / 49 3-5401, E-Mail: saechsdsb@slt.sachsen.de.

VII. Topicality of and changes to this privacy policy

1. This privacy policy is valid in its current form, which was published in May 2018. The German version is binding; the English version is provided for information only.

2. Changes to our website, products and services as a result of changes to statutory and/or official regulations may necessitate changes to this privacy policy. The current version of this privacy policy is always available to retrieve and print at https://fuu-sachsen.international/privacy-policy/ (to the german version of the Privacy policy: https://www.fuu-sachsen.de/datenschutz/).