Data-Protection

Privacy Statement

Introduction

With the following data protection declaration, we, fr8control GmbH, would like to inform you about which kind of
personal data we use and to what extent we process it (hereinafter also referred to briefly as “data”).
The data protection declaration applies to all processing of personal data carried out by us,
both within the framework of the provision of our services and in particular on our websites as well as in mobile
applications (hereinafter collectively referred to as the “Online Offer”).

Table of contents

Responsible

fr8control GmbH
Gewerbepark 33
83670 Bad Heilbrunn
Germany

Authorized representatives: Markus Hintner, Thomas Krug
E-Mail address: info@fr8control.com
Imprint: https://www.fr8control.com/en/imprint/

Overview of processing

The following table summarizes the types of data processed and the purposes for which they are processed, and
refers to the data subjects.

1. Types of data processed

  • Basic data (e.g. names, addresses)
  • Candidate data (e.g. personal details, contact details, application documents such as cover letter, curriculum
    vitae),
    certificates, as well as any other certificates communicated by applicants with respect to a certain position,
    or, on a voluntary basis,
    information of their person or qualification)
  • Content data (e.g. text input, photographs, videos)
  • Contact details (e.g. e-mail, telephone numbers)
  • Meta/communication data (e.g. device information, IP addresses)
  • Contract data (for example, contract object, term, customer category)
  • Payment data (for example, bank details, invoices, payment history)

2. Categories of persons affected

  • Customers, business partners and contract partners
  • Interested parties and communication partners
  • Candidates
  • Users (e.g. website visitors, users of online services)

3. Purposes of processing

  • Provision of our online services and usability
  • Application procedure
  • Office and organisational procedures
  • Direct marketing (e.g. by e-mail or by post)
  • Contact enquiries and communication
  • Security measures
  • Contract services
  • Administration and response to requests

4. Relevant legal bases

In the following, we share the legal bases of the Data Protection Basic Regulation (GDPR), on the basis of which we
process
your personal data. Please note that in addition to the regulations of the GDPR, the
national data protection regulations may apply in your or our country of residence and domicile.

  • Consent (Art. 6 Para. 1 S. 1 lit. a GDPR) – The data subject has given his/her consent to the
    processing of personal data relating to his/her for a specific purpose or for several specific purposes.
  • Fulfilment of contract and pre-contractual enquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR) – The processing
    is necessary
    for the performance of a contract of which the data subject is a party, or for the performance of
    pre-contractual measures, of which the data
    subject is a party at the request of the data subject.
  • Legal obligation (Art. 6 Par. 1 S. 1 lit. c. GDPR) – The processing is required for the fulfilling of a
    legal obligation which the person responsible is subjected to.
  • Legitimate interests (Art. 6 Para. 1 S. 1 lit. 1 f. GDPR) – Processing is required for the purpose of
    safeguarding the legitimate interests of the person responsible or of a third party, unless the interests or
    fundamental rights and freedoms of the data subject which require the protection of personal data,
    prevail.
  • Art. 9 Para. 1 S. 1 lit. b GDPR (application procedure as pre-contract or contract relationship)
    Insofar as special categories of personal data within the meaning of Art. 9 of the German Data Protection Act
    have been identified within the framework of the application procedure, the following shall apply
    para. 1 GDPR (e.g. health data, such as severely handicapped status or ethnic origin) for applicants
    in order that the person responsible or the person concerned may take into account the provisions of labour law
    and
    exercise the rights conferred by the law on social security and social protection and exercise his or her right
    to
    fulfil its obligations in this respect, their processing shall be carried out in accordance with Art. 9 Para. 2
    lit. b. GDPR, in the case of
    the protection of vital interests of applicants or other persons according to Art. 9 para. 2 lit. c. GDPR or
    for the purposes of preventive health care or occupational medicine, for the assessment of the ability to work
    for medical diagnostics, care or treatment in the health or medical care sector.
    Social sector or for the management of systems and services in the health or social sector according to Art. 9
    Para. 2 lit. h. GDPR. In the case of a notification of specific categories of data based on voluntary consent,
    their processing is carried out on the basis of Art. 9 Para. 2 lit. a. GDPR.

Safety measures

In accordance with the legal requirements, we shall take into account the state of the art, the
implementation costs and the nature, extent, circumstances and purposes of the processing, as well as the
the different probabilities of occurrence, and the extent to which the rights and freedoms of natural persons are
threatened, technical and organisational measures in order to achieve a level of protection appropriate to the risk.

Measures shall include, in particular, ensuring the confidentiality, integrity and availability of data
by controlling the physical and electronic access to the data as well as the access concerning them, the
input, passing on, securing availability and their separation. In addition, we have procedures
which allow for the exercise of data subjects’ rights, the deletion of data and responses to the threat
of the data. In addition, we take the protection of personal data into account as early as the development stage
or selection of hardware, software and procedures in accordance with the principle of data protection, by
technology design and user-friendly data protection pre-settings.

Shortening the IP address: If it is possible for us or a storage of the IP address is not necessary
we shorten or have your IP address shortened. In the case of shortening the IP address, also known as “IP masking”.
the last octet, i.e. the last two numbers of an IP address, is deleted (the IP address is
in this context, an identifier individually assigned to an Internet connection by the online access provider).
The purpose of shortening the IP address is to prevent a person from being identified on the basis of their IP
address, or
can be made considerably more difficult.

SSL encryption (https): To protect your data transmitted via our online service, we use
an SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar
of your browser.

Transmission and disclosure of personal data

As part of our processing of personal data, it happens that the data is disclosed to other places,
transferred to undertakings, legally independent organisational units or persons.
The recipients of this data can be for example, payment institutions for payment transactions,
IT service providers or providers of services and content that are integrated into a website and are responsible for
IT tasks.
In such a case, we shall observe the statutory provisions and shall in particular conclude corresponding
contracts or agreements, which serve the protection of your data, with the recipients of your data.

Data transfer within the organization: We may transfer personal data to other locations within our
organization, and
grant them access to this information. Insofar as such a disclosure is used for
administrative purposes, the passing on of the data is based on our authorized entrepreneurial and
business interests or, provided that it fulfils our contractual obligations, that it is necessary for the business
management of the company, or if the consent of the persons concerned or a legal permission is available.

Data processing in third countries

If we collect data in a third country (i.e., outside the European Union (EU), the European Economic Area
(EEA)) or the processing takes place in the context of the use of third party services or disclosure
or the transfer of data to other persons, bodies or companies, this shall only take place in accordance
with the legal requirements.

Subject to clear consent or contractually or legally required transmission of data, we process
or leave the data only in third countries with a recognised level of data protection or on the basis of special guarantees, such as
contractual obligation by so-called standard protection clauses of the EU Commission, the existence of
certifications or obligatory internal data protection regulations (Art. 44 to 49 GDPR),
Information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de

 

Cookies are text files that contain data from visited websites or domains and are stored by a browser on your
computer’s hard drive.
A cookie is primarily used to store information about users during or after their visit within an online offer. The stored
data
can include e.g. the language settings on a web page or the login status. The term cookies includes
for us also other technologies that perform the same functions as cookies (e.g. if user information is
stored using pseudonymous online identifiers, also referred to as “user IDs”).

We use the following cookie types and functions:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest,
    after a user has left an online offer and closed his browser.
  • Permanent cookies: Permanent cookies remain stored even after closing the browser. So
    for example, the login status can be saved or preferred content can be displayed directly if the user
    revisits a website. Likewise, the interests of users, that are used to measure the range or for
    marketing purposes, may be stored in such a cookie.
  • First-Party-Cookies: First-Party-Cookies are set by ourselves.
  • Third party cookies Third party cookies are mainly used by
    advertisers (so-called third parties) in order to process user information.
  • Necessary cookies (also: essential or absolutely necessary cookies): Cookies may be absolutely necessary
    for
    the operation of a website (e.g. to save logins or other user input or for security reasons).

Information on legal basis: On which legal basis we collect your personal data with the help of
cookies, depends on whether we ask you for consent. If this is the case and if you consent to the use of cookies,
the legal basis for processing your data is your declared consent.
Otherwise, the data processed with the aid of cookies will be processed on the basis of our legitimate interests
(e.g.
in a business operation of our online service and its improvement) or, if
the use of cookies is necessary to meet our contractual obligations.

General information on revocation and objection: Depending on whether the processing is based on a
consent or legal permission, you have the possibility to withdraw your consent to the use of your personal data
or to object to the processing of your data using cookie technologies (collectively referred to as “cookies” any
time
“Opt-Out”). You may declare your objection using the settings of your browser, e.g.
by deactivating the use of cookies (whereby the functionality of our online offer can be restricted).
An objection to the use of cookies for the purposes of online marketing can also be declared
by means of a variety of services, especially in the case of tracking, via the US side http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/ or generally on http://optout.aboutads.info

Webtracking procedure (range measurement): Analysis programs and other techniques for evaluating your
user procedures are not used on our website.

Commercial and business services

We process data of our contractual and business partners, e.g. customers and interested parties (in summary
referred to as “Contractual Partner”) within the framework of contractual and comparable legal relationships as well
as connected measures and
within the scope of communication with the contractual partners (or pre-contractual), e.g. in order to
to answer any questions you may have.

We process this data in order to fulfil our contractual obligations, to safeguard our rights and for
the purpose of administrative tasks connected with this information and the entrepreneurial organisation.
Within the framework of the applicable law, we will only pass on data of the contractual partners to third parties
to the extent that this is necessary to
the aforementioned purposes or is necessary for the fulfilment of legal obligations or with the consent of the
the contractual partner (e.g. to telecommunications, transport and other auxiliary services involved, as well as to
subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). About other
forms of processing, e.g. for marketing purposes, the parties to the contract shall be informed within the scope of
this Privacy Policy.

For the aforementioned purposes, we inform the contracting partners before or in the context of the
Data collection, e.g. in online forms, by special marking (e.g. colours) or symbols (e.g. asterisks etc.), or
personally.

We delete the data after expiry of legal retention period and comparable obligations, i.e. basically
after 4 years, unless the data is stored in a customer account, or legal reasons because it must be kept for
(e.g. for tax purposes usually 10 years). We shall delete data,
which have been disclosed to us by the contractual partner within the framework of an order, in accordance with the
requirements of
of the order, generally after the end of the order.

Insofar as we use third parties or platforms to provide our services, the following shall apply in the relationship
between the parties,
the terms and conditions and data protection notices of the respective third party providers, or
platforms will apply.

Contact

In case of contact us (e.g. via contact form, e-mail, telephone or via social media),
the data of the inquiring persons will be processed, as far as this is necessary to answer the contact inquiries and
to take the requested measures.

The answering of the contact inquiries within the scope of contractual or pre-contractual relations takes place to
fulfil our contractual obligations or to respond to (pre)contractual enquiries and in all other respects to our
contractual obligations,
and due to the legitimate interests in answering the questions.

  • Processed data types: Inventory data (e.g., names, addresses), contact data (e.g., e-mail,
    telephone numbers), content data (e.g. text input, photographs, videos).
  • Affected persons: Communication partners
  • Purposes of processing: Contact requests and communication
  • Legal basis: Performance of contract and pre-contractual enquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR),
    legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

Provision of the online offer and web hosting

In order to be able to provide our online services safely and efficiently, we use the services of one or more of our
partners,
several web hosting providers, from whose servers (or servers managed by them) the online offer is available.
For these purposes, we may use infrastructure and platform services, computing capacity,
storage space and database services as well as security and technical maintenance services.

The data processed within the framework of the provision of the hosting offer, may encompass all information
pertaining to the users of our website
that occur during use and communication which arise in the context of use and communication. This includes
regularly the IP address that is necessary to deliver the contents of online offers to browsers,
and all entries made within our online offer or from websites.

Collection of access data and log files: We ourselves (or our web hosting provider) collect data on each
access to the server (so-called server log files). The server logfiles may encompass the websites and files
retrieved,
the date and time of the retrieval, the amount of data transferred, the notification of successful
use of the operating system, referrer URL (the page previously visited) and the browser type and version.
The system of the user and usually IP addresses and the requesting provider.

The server logfiles can be used for security purposes, e.g. to prevent server overload
(especially in the case of abusive attacks, so-called DDoS attacks) and, on the other hand, in order to
ensure server utilization and stability.

  • Processed data types: Content data (e.g. text input, photographs, videos), Usage data (e.g.
    websites visited, interest in content, access times), meta/communication data (e.g.
    device information, IP addresses).
  • Affected persons: Users (e.g. website visitors, users of online services).
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. 1 f. GDPR).

Application procedure

The application procedure requires that applicants provide us the data necessary for assessment and selection.
The information necessary can be found in the job description.

In general, the required information includes personal information, such as name, address,
contact details and proof of the qualifications required for the position. On request we
will be happy to tell you also what information is required.

  • Processed data types: Applicant data (e.g. personal data, postal and contact addresses,
    documents and information contained in the application, such as cover letter and curriculum vitae,
    certificates, as well as any other information on their person or qualification communicated voluntarily by
    applicants with respect to a specific post.
  • Affected persons: Applicants.
  • Purpose of processing: Application procedure (justification and possible later implementation as well as
    potential
    later termination of the employment).
  • Legal basis: Art. 9 para. 1 sentence 1 lit. b GDPR (application procedure as a pre-contractual or
    contractual relationship) Insofar as special categories of personal data are involved in the application process
    data within the meaning of Art. 9 para. 1 GDPR (e.g. health data, such as severely disabled status or ethnic
    origin) are requested from applicants so that the person responsible or the person concerned can identify him or
    her, exercise rights arising from labour law and social security and social protection law
    and fulfil his or her obligations in this respect, their processing shall be carried out in accordance with Art.
    9 para. 2.
    lit. b. GDPR, in the case of the protection of vital interests of applicants or other persons according to Art.
    9
    para. 2 lit. c. GDPR or for the purposes of preventive health care or occupational medicine, for the assessment
    of the
    the ability of the employee to work, for medical diagnostics, care or treatment in the
    health or social sector or for the management of systems and services in the health or social sector
    according to Art. 9 para. 2 lit. h. GDPR. In the case of a voluntary agreement based on
    notification of special categories of data, their processing is carried out on the basis of Art. 9 Par. 2 lit.
    a. GDPR).

Promotional communication via mail, fax or telephone

We process personal data for the purposes of advertising communication, which may be transmitted via various
channels, e.g.
e-mail, telephone, mail or fax. In this context, we comply with the statutory requirements and
obtain the necessary consent unless communication is permitted by law.

Recipients have the right to revoke any consent given at any time or to object to advertising communication any
time.
After revocation or objection, we may save the data required for proof of consent for up to three years,
on the basis of our legitimate interests before we delete them. The processing of this data will be
limited to the purpose of a possible defence against claims. An individual request for cancellation is possible any
time,
provided that the former existence of a consent is confirmed at the same time.

  • Processed data types: Inventory data (e.g., names, addresses), contact data (e.g., e-mail),
    telephone numbers).
  • Affected individuals: Communication partners.
  • Purposes of processing: Direct marketing (e.g. by e-mail or post).
  • Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR), Legitimate interests (Art. 6 Para. 1 GDPR), Right
    to vote (Art. 6 Para. 1 GDPR), Right to vote (Art. 6 Para. 1 GDPR)
    S. 1 lit. f. GDPR).

Presences in social networks

We maintain online presences within social networks in order to communicate with the users active there, or
to provide information about us.
We would like to point out that user data may be processed outside the European Union.
This may result in risks for the users, because e.g. the enforcement of the rights of the users
could be made more difficult. With regard to US vendors who are certified under the Privacy Shield or who
offer comparable guarantees of a secure level of data protection, we would like to point out those are therefore
obliged
to comply with EU data protection standards.

Furthermore, the data of users within social networks are usually used for market research and advertising purposes.
For example, the user’s behaviour and interests resulting from it, can be used to
create user profiles. The user profiles can in turn be used, e.g. to create advertisements within and outside the
networks which are presumably correspond to the interests of the users.
As a rule, cookies are stored on the user’s computers for the purpose to store the user behaviour and the
interests of the users. Furthermore, data may also be stored in the user profiles independently of the
users (in particular, if the users are members of the respective platforms and are logged in to these).

For a detailed description of the respective forms of processing and the possibilities for objection (opt-out)
we refer to the data protection declarations and information of the operators of the respective networks.
Also in the case of requests for information and the assertion of rights of data subjects, we would like to point
out that these
can be asserted most effectively with the providers. Only the providers have access to
the data of the users and can directly take appropriate measures and give information. Should you still need help,
you may turn to us.

    • Processed data types: Inventory data (e.g., names, addresses), contact data (e.g., e-mail),
      telephone numbers), content data (e.g. text input, photographs, videos), usage data (e.g. websites visited,
      interest in content, access times), meta/communication data (e.g. device information, IP addresses).
    • Affected persons: Users (e.g. website visitors, users of online services).
    • Purposes of the processing: Contact requests and communication, tracking (e.g.
      interest/behavioural profiling, use of cookies), remarketing, range measurement (e.g.
      access statistics, recognition of returning visitors).
    • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. 1 f. GDPR).

Services and service providers in use:

Deletion of data

The data processed by us will be deleted in accordance with the statutory provisions as soon as permissions are
revoked
or other permissions end (e.g. if the purpose of the processing of the data is not valid anymore or they are not
necessary for the purpose).

If the data are not deleted because they are required for other and legally permissible purposes,
their processing is limited to these purposes. This means that the data will be blocked and not used for other
purposes.
This applies, for example, to data that must be stored for commercial or tax reasons, or
their storage for the purpose of asserting, exercising or defending legal claims or for the protection of rights
for any other natural or legal person.

Further information regarding the deletion of personal data may also be provided within the framework of the
individual
privacy notices of this privacy policy.

Change and update of the privacy policy

We ask you to inform yourself regularly about the content of our data protection declaration. We adapt the
data protection declaration as soon as the changes in data processing carried out by us make this necessary.
We will inform you as soon as the changes result in an action of cooperation on your part (e.g. consent),
or any other individual notification is required.

If you have any questions regarding our data protection declaration, please contact the person in charge
(Contact details see above and in the imprint).

Rights of the persons concerned

Under the GDPR, you are entitled to various rights as data subjects, which are derived in particular from Articles
15 to 18 and 21 of the GDPR:

  • Right of objection: You have the right, for reasons arising from your particular situation,
    at any time to object to the processing of personal data concerning you, which are processed on the basis of
    Art. 6 Par. 1
    e or f GDPR; this also applies to any objection to profiling based on these provisions.
    If the personal data concerning you are processed for the purpose of direct marketing,
    you have the right at any time to object to the processing of your personal data for the purpose of each
    advertising, this also applies to profiling to direct advertising in case it is connected to such direct advertising.
  • Right of revocation for consents: You have the right to revoke consent given at any time.
  • Right to information: You have the right to demand confirmation as to whether the data in question
    is processed and to obtain information about these data as well as further information and a copy of the data,
    in accordance with legal requirements.
  • Right to rectification: You have the right, in accordance with the legal requirements, to demand the
    completion
    of the data concerning you or the rectification of inaccurate data concerning you.
  • Right to delete and restrict processing: In accordance with legal requirements, you have the right to
    the right to demand that data concerning you be deleted immediately or, alternatively, in accordance with the
    following provisions
    to demand a restriction of the processing of the data in accordance with the statutory provisions.
  • Right to transfer data: You have the right to obtain any data concerning you, that you provide us
    in accordance with legal requirements, in a structured, common and machine-readable format,
    or to request their transmission to another responsible person.
  • Complaint to the supervisory authority: You also have the right, in accordance with the statutory
    provisions, to
    inform a supervisory authority, in particular in the Member State of your habitual residence, of your
    workplace or the site of the alleged infringement, if you believe that the processing of your personal data
    violates of the GDPR.

The supervisory authority responsible for fr8control GmbH is:
Bayerische Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach.

Stand: 07. September 2020

Used Imageagencys / Author

© iStockphoto.com / erikona Businessman and businesswoman working in office
© iStockphoto.com / cybrain Image of businessmen hands during discussion of data in touchpad at meeting
© iStockphoto.com / shironosov Computer, Warehouse, Service