Privacy Policy

Our data protection for you – interdisciplinary, strategically clever

1. Introduction; content of our data protection notice

The high standards you set for our services are our guideline for handling your data. We process and use your data carefully, for the intended purpose, in accordance with your consent and in compliance with the statutory provisions on data protection.

The data protection declaration applies to all processing of personal data carried out by us, both as part of the provision of our services and in particular on our websites, in mobile apps and within external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offer”). The terms used are not gender-specific.

In addition, you will find out in these notes which rights, choices and objection options you have with regard to your personal data.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

 

2. SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses SSL or TLS encryption.

You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

 

3. Responsible according to Art. 4 No. 7 EU General Data Protection Regulation

The responsible party pursuant to Art. 4 No. 7 of the EU General Data Protection Regulation is secureIO GmbH, Ainmillerstraße 22, 80801 Munich, Germany.

For questions and concerns regarding data protection, you can reach us at the above postal address or at the e-mail address: datenschutz@secure-io.de.

 

4. Cases and situations in which we process your data

secureIO GmbH collects and processes your personal data,

  • if you contact us directly, for example via our website, through our customer service department or our registered office,
  • if your personal data is transferred to us by partners or third parties if and to the extent that the necessary data protection requirements are met (you have consented or not objected to the transfer of your data to secureIO GmbH for the purpose of customer care/written correspondence in the knowledge of a right to object)
  • when our business partners permissibly provide us with data about you.

 

5. Lawfulness of our data processing

The lawful processing of data by us takes place primarily on the basis of

  • Consent (Art. 6 para. 1 lit. a GDPR)

This means that you, as the “data subject”, have given your consent to the processing of personal data relating to you for one or more specific purposes.

  • the fulfilment of a contract and/or the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR)

This means that the data processing is necessary for the performance of a contract to which you, as the data subject, are a party, or for the performance of pre-contractual measures which are carried out at your request or by persons authorised by you.

  • necessary for the fulfilment of a legal obligation (Art. 6 para. 1 lit. c GDPR)

This means that the data processing is necessary for the fulfilment of a legal obligation that may result from laws and regulations.

  • Legitimate interests (Art. 6 Abs. 1 lit. f GDPR)

This means that the data processing is necessary to protect our legitimate interests or those of a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data override these.

We will only retain your data for as long as is necessary for the particular purposes for which we process your data.

If you assert a legitimate request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, deletion will take place after these reasons cease to apply.

 

6. Your data protection rights and your right to complain to the data protection authority

Under the GDPR, you have the following rights as a data subject:

  • Right of access pursuant to Art. 15 of the GDPR.
  • Right to rectification pursuant to Article 16 of the GDPR.
  • Right to erasure pursuant to Article 17 of the GDPR, provided that the legal requirements for this are met.
  • Right to restriction of processing pursuant to Article 18 of the GDPR.
  • Right to data portability pursuant to Article 20 of the GDPR.
  • Right to object pursuant to Art. 21 of the GDPR.
  • Right of revocation pursuant to Art. 7 (3) sentence 1 of the GDPR.

We endeavour to comply with all requests without delay, in any case within one month of receipt of your request (Art. 12 (3) sentence 1 DSGVO). This period may be extended by a further two months due to the complexity of the request and the number of requests.

In certain cases, we cannot provide you with information about all of your data due to legal requirements. If we have to specifically refuse your request for information, we will inform you of the reasons for refusal.

If you feel that we have not adequately addressed your complaints or concerns, you have the right to lodge a complaint with the relevant data protection authority.

 

7. Data collection through your visit to this website

7.1 Cookies

Our internet pages use so-called “cookies”. Cookies are small data packets and do not cause any damage to your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or until they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the display of videos). Other cookies are used, for example, to evaluate user behaviour.

If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you separately about this within the framework of this data protection declaration and, if necessary, request your consent.

 

7.2 Consent with Usercentrics

This website uses the consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document this in a data protection compliant manner. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, website: https://usercentrics.com/de/ (hereinafter “Usercentrics”).

When you enter our website, the following personal data is transferred to Usercentrics:

  • Your consent(s) or the revocation of your consent(s)
  • Your IP address
  • Information about your browser
  • Information about your terminal device
  • Time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser in order to be able to allocate the consents granted to you or their revocation. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

Order processing

We have concluded a contract on order processing (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

7.3 Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources.

The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – for this purpose, the server log files must be collected.

7.4 Contact form; enquiry by e-mail, telephone or fax

If you send us enquiries via the contact form, e-mail, telephone or fax, your details from the enquiry form, including all personal data arising from it (name, enquiry), will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b GDPR, insofar as your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of enquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested; consent can be revoked at any time.

The data you send us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

7.5 Analysis tools and advertising

IONOS WebAnalytics

This website uses the analysis services of IONOS WebAnalytics (hereinafter: IONOS). The provider is 1&1 IONOS SE, Elgendorfer Straße 57, D – 56410 Montabaur. As part of the analyses with IONOS, visitor numbers and behaviour (e.g. number of page views, duration of a website visit, bounce rates), visitor sources (i.e. from which page the visitor comes), visitor locations and technical data (browser and operating system versions) can be analysed, among other things. For this purpose, IONOS stores the following data in particular:

  • Referrer (previously visited website)
  • Requested website or file
  • browser type and version
  • type of device used
  • Time of access
  • IP address in anonymised form (only used to determine the location of the access)

According to IONOS, the data collection is completely anonymised so that it cannot be traced back to individual persons. Cookies are not stored by IONOS WebAnalytics.

The storage and analysis of the data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the statistical analysis of user behaviour in order to optimise both its website and its advertising. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

For further information on data collection and processing by IONOS WebAnalytics, please refer to the IONOS privacy policy at the following link: https://www.ionos.de/terms-gtc/index.php?id=6

Order processing

We have concluded a contract on order processing (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

7.6 Plugins and Tools

YouTube with enhanced data protection

This website embeds videos from the website YouTube. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube – regardless of whether you watch a video – establishes a connection to the Google DoubleClick network.

As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, after starting a video, YouTube may save various cookies on your end device or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts.

If necessary, further data processing processes may be triggered after the start of a YouTube video, over which we have no control.

YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

For more information about data protection at YouTube, please see their privacy policy at: https://policies.google.com/privacy?hl=de.

7.7 Google Fonts (local hosting)

This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. The Google Fonts are installed locally. There is no connection to Google servers.

Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

 

8. Personal data via our contact channels or when performing our services

The following categories of data may be collected through the many services and contact channels described in this privacy notice:

  • Contact details (name, address, telephone number, e-mail address)
  • Concerns, interests (information provided by you about your concern or interest)
  • Other personal data (information provided by you on date of birth, marital status, education or professional situation)
  • Contract data (customer number, contract number, payment information provided by you such as account details, VAT ID)
  • Website usage and communications (information about how you use the website, via cookies and other tracking technologies)
  • Transaction and interaction data (interactions with secureIO customer care)

8.1 Handling of applicant data

We offer you the opportunity to apply to us (e.g. by e-mail, post or via recruiting platforms). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other legal provisions and that your data will be treated in strict confidence.

8.2 Scope and purpose of data collection

When you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) to the extent that this is necessary to decide whether to establish an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation) and – if you have given your consent – Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons involved in processing your application.

If the application is successful, the data you submitted will be stored in our data processing systems on the basis of Section 26 BDSG and Art. 6 (1) lit. b GDPR for the purpose of implementing the employment relationship.

8.3 Retention period of the data

If we are unable to make you a job offer, if you reject a job offer or withdraw your application, we reserve the right to retain the data you have provided on the basis of our legitimate interests (Art. 6 para. 1 lit. f DSGVO) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. This storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for further retention no longer applies.

Longer storage may also take place if you have given your consent (Art. 6 para. 1 lit. a DSGVO) or if legal storage obligations prevent deletion.

8.4 Admission to the applicant pool

If we do not make you a job offer, it may be possible to include you in our applicant pool. In the event of inclusion, all documents and details from the application will be transferred to the applicant pool in order to contact you in the event of suitable vacancies.

Inclusion in the applicant pool is based exclusively on your express consent (Art. 6 para. 1 lit. a GDPR). The provision of consent is voluntary and is not related to the current application process. The person concerned can revoke his/her consent at any time. In this case, the data from the applicant pool will be irrevocably deleted, unless there are legal reasons for retention.

The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given.

 

9. Principles for the transfer of data

We disclose personal data to state institutions, authorities and courts if we are obliged to do so or if this is necessary for efficient legal defence or assertion of rights and claims.

When you contact us, the data you provide will be stored by us in order to process your requests and answer questions. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are legal obligations to retain data.

As a matter of principle, we do not transfer personal data to countries outside the European Union (EU) or the European Economic Area (EEA).

For the operation of the website, we use technical service providers by way of commissioned processing.

Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

If, in exceptional cases, a transfer of personal data to third countries or international organisations is necessary, and if we can actively influence this, this will be done in accordance with Art. 44 to 50 GDPR, if possible.

 

10. Security measures for your data

Despite all efforts and precautions, complete security cannot be achieved. Our technical and organisational measures to ensure the confidentiality, integrity and availability of data in accordance with the GDPR include:

  • Permanent control of physical and electronic access to data.
  • Permanent control of access, input, transfer, assurance of availability and its separation.
  • Establish processes that ensure the exercise of data subjects’ rights, the deletion of data and responses to data compromise.
  • Protection of personal data already during the development or selection of hardware, software and processes in accordance with the principle of data protection, through technology design and data
  • protection-friendly default settings.
  • Encryption algorithms for communication and data exchange to ensure that your data cannot be read by unauthorised persons during transmission.

 

11. Applicable rules for data protection

Insofar as we collect, process or use personal data, we comply with the applicable legal provisions, in particular the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the Telecommunications Telemedia Data Protection Act (TTDSG).

The BDSG contains, in particular, special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated and automated decision-making in individual cases including profiling. Furthermore, it regulates data processing for purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships as well as the consent of employees. Furthermore, provincial data protection laws of the individual federal states may apply.

Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your country.