Table of contents
- Overview of processing
- Applicable legal bases
- Security measures
- Transmission and disclosure of personal data
- Third party data processing
- Commercial and business services
- Online offer and web hosting
- Use of Google Analytics
- Application procedures
- Promotional communication via mail, fax or telephone
- Presence in social networks
- Deletion of data
- Rights of the persons concerned
With the following data protection declaration, we, fr8control GmbH, would like to inform you about which kind of
personal data we use and to what extent we process it (hereinafter also referred to briefly as “data”).
The data protection declaration applies to all processing of personal data carried out by us,
both within the framework of the provision of our services and in particular on our websites as well as in mobile
applications (hereinafter collectively referred to as the “Online Offer”).
Overview of processing
The following table summarizes the types of data processed and the purposes for which they are processed, and
refers to the data subjects.
1. Types of data processed
- Basic data (e.g. names, addresses)
- Candidate data (e.g. personal details, contact details, application documents such as cover letter, curriculum
certificates, as well as any other certificates communicated by applicants with respect to a certain position,
or, on a voluntary basis,
information of their person or qualification)
- Content data (e.g. text input, photographs, videos)
- Contact details (e.g. e-mail, telephone numbers)
- Meta/communication data (e.g. device information, IP addresses)
- Contract data (for example, contract object, term, customer category)
- Payment data (for example, bank details, invoices, payment history)
2. Categories of persons affected
- Customers, business partners and contract partners
- Interested parties and communication partners
- Users (e.g. website visitors, users of online services)
3. Purposes of processing
- Provision of our online services and usability
- Application procedure
- Office and organisational procedures
- Direct marketing (e.g. by e-mail or by post)
- Contact enquiries and communication
- Security measures
- Contract services
- Administration and response to requests
4. Relevant legal bases
In the following, we share the legal bases of the Data Protection Basic Regulation (GDPR), on the basis of which we
your personal data. Please note that in addition to the regulations of the GDPR, the
national data protection regulations may apply in your or our country of residence and domicile.
- Consent (Art. 6 Para. 1 S. 1 lit. a GDPR) – The data subject has given his/her consent to the
processing of personal data relating to his/her for a specific purpose or for several specific purposes.
- Fulfilment of contract and pre-contractual enquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR) – The processing
for the performance of a contract of which the data subject is a party, or for the performance of
pre-contractual measures, of which the data
subject is a party at the request of the data subject.
- Legal obligation (Art. 6 Par. 1 S. 1 lit. c. GDPR) – The processing is required for the fulfilling of a
legal obligation which the person responsible is subjected to.
- Legitimate interests (Art. 6 Para. 1 S. 1 lit. 1 f. GDPR) – Processing is required for the purpose of
safeguarding the legitimate interests of the person responsible or of a third party, unless the interests or
fundamental rights and freedoms of the data subject which require the protection of personal data,
- Art. 9 Para. 1 S. 1 lit. b GDPR (application procedure as pre-contract or contract relationship)
Insofar as special categories of personal data within the meaning of Art. 9 of the German Data Protection Act
have been identified within the framework of the application procedure, the following shall apply
para. 1 GDPR (e.g. health data, such as severely handicapped status or ethnic origin) for applicants
in order that the person responsible or the person concerned may take into account the provisions of labour law
exercise the rights conferred by the law on social security and social protection and exercise his or her right
fulfil its obligations in this respect, their processing shall be carried out in accordance with Art. 9 Para. 2
lit. b. GDPR, in the case of
the protection of vital interests of applicants or other persons according to Art. 9 para. 2 lit. c. GDPR or
for the purposes of preventive health care or occupational medicine, for the assessment of the ability to work
for medical diagnostics, care or treatment in the health or medical care sector.
Social sector or for the management of systems and services in the health or social sector according to Art. 9
Para. 2 lit. h. GDPR. In the case of a notification of specific categories of data based on voluntary consent,
their processing is carried out on the basis of Art. 9 Para. 2 lit. a. GDPR.
In accordance with the legal requirements, we shall take into account the state of the art, the
implementation costs and the nature, extent, circumstances and purposes of the processing, as well as the
the different probabilities of occurrence, and the extent to which the rights and freedoms of natural persons are
threatened, technical and organisational measures in order to achieve a level of protection appropriate to the risk.
Measures shall include, in particular, ensuring the confidentiality, integrity and availability of data
by controlling the physical and electronic access to the data as well as the access concerning them, the
input, passing on, securing availability and their separation. In addition, we have procedures
which allow for the exercise of data subjects’ rights, the deletion of data and responses to the threat
of the data. In addition, we take the protection of personal data into account as early as the development stage
or selection of hardware, software and procedures in accordance with the principle of data protection, by
technology design and user-friendly data protection pre-settings.
Shortening the IP address: If it is possible for us or a storage of the IP address is not necessary
we shorten or have your IP address shortened. In the case of shortening the IP address, also known as “IP masking”.
the last octet, i.e. the last two numbers of an IP address, is deleted (the IP address is
in this context, an identifier individually assigned to an Internet connection by the online access provider).
The purpose of shortening the IP address is to prevent a person from being identified on the basis of their IP
can be made considerably more difficult.
SSL encryption (https): To protect your data transmitted via our online service, we use
an SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar
of your browser.
Transmission and disclosure of personal data
As part of our processing of personal data, it happens that the data is disclosed to other places,
transferred to undertakings, legally independent organisational units or persons.
The recipients of this data can be for example, payment institutions for payment transactions,
IT service providers or providers of services and content that are integrated into a website and are responsible for
In such a case, we shall observe the statutory provisions and shall in particular conclude corresponding
contracts or agreements, which serve the protection of your data, with the recipients of your data.
Data transfer within the organization: We may transfer personal data to other locations within our
grant them access to this information. Insofar as such a disclosure is used for
administrative purposes, the passing on of the data is based on our authorized entrepreneurial and
business interests or, provided that it fulfils our contractual obligations, that it is necessary for the business
management of the company, or if the consent of the persons concerned or a legal permission is available.
Data processing in third countries
If we collect data in a third country (i.e., outside the European Union (EU), the European Economic Area
(EEA)) or the processing takes place in the context of the use of third party services or disclosure
or the transfer of data to other persons, bodies or companies, this shall only take place in accordance
with the legal requirements.
Subject to clear consent or contractually or legally required transmission of data, we process
or leave the data only in third countries with a recognised level of data protection, as the
“Privacy-Shield” certified US processors, or on the basis of special guarantees, such as
contractual obligation by so-called standard protection clauses of the EU Commission, the existence of
certifications or obligatory internal data protection regulations (Art. 44 to 49 GDPR),
Information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de
Cookies are text files that contain data from visited websites or domains and are stored by a browser on your
computer’s hard drive.
A cookie is primarily used to store information about users during or after their visit within an online offer. The stored
can include e.g. the language settings on a web page or the login status. The term cookies includes
for us also other technologies that perform the same functions as cookies (e.g. if user information is
stored using pseudonymous online identifiers, also referred to as “user IDs”).
We use the following cookie types and functions:
- Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest,
after a user has left an online offer and closed his browser.
- Permanent cookies: Permanent cookies remain stored even after closing the browser. So
for example, the login status can be saved or preferred content can be displayed directly if the user
revisits a website. Likewise, the interests of users, that are used to measure the range or for
marketing purposes, may be stored in such a cookie.
- First-Party-Cookies: First-Party-Cookies are set by ourselves.
- Third party cookies Third party cookies are mainly used by
advertisers (so-called third parties) in order to process user information.
- Necessary cookies (also: essential or absolutely necessary cookies): Cookies may be absolutely necessary
the operation of a website (e.g. to save logins or other user input or for security reasons).
Information on legal basis: On which legal basis we collect your personal data with the help of
the legal basis for processing your data is your declared consent.
Otherwise, the data processed with the aid of cookies will be processed on the basis of our legitimate interests
in a business operation of our online service and its improvement) or, if
General information on revocation and objection: Depending on whether the processing is based on a
consent or legal permission, you have the possibility to withdraw your consent to the use of your personal data
or to object to the processing of your data using cookie technologies (collectively referred to as “cookies” any
“Opt-Out”). You may declare your objection using the settings of your browser, e.g.
by means of a variety of services, especially in the case of tracking, via the US side http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/ or generally on http://optout.aboutads.info
Webtracking procedure (range measurement): Analysis programs and other techniques for evaluating your
user procedures are not used on our website.
Commercial and business services
We process data of our contractual and business partners, e.g. customers and interested parties (in summary
referred to as “Contractual Partner”) within the framework of contractual and comparable legal relationships as well
as connected measures and
within the scope of communication with the contractual partners (or pre-contractual), e.g. in order to
to answer any questions you may have.
We process this data in order to fulfil our contractual obligations, to safeguard our rights and for
the purpose of administrative tasks connected with this information and the entrepreneurial organisation.
Within the framework of the applicable law, we will only pass on data of the contractual partners to third parties
to the extent that this is necessary to
the aforementioned purposes or is necessary for the fulfilment of legal obligations or with the consent of the
the contractual partner (e.g. to telecommunications, transport and other auxiliary services involved, as well as to
subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). About other
forms of processing, e.g. for marketing purposes, the parties to the contract shall be informed within the scope of
For the aforementioned purposes, we inform the contracting partners before or in the context of the
Data collection, e.g. in online forms, by special marking (e.g. colours) or symbols (e.g. asterisks etc.), or
We delete the data after expiry of legal retention period and comparable obligations, i.e. basically
after 4 years, unless the data is stored in a customer account, or legal reasons because it must be kept for
(e.g. for tax purposes usually 10 years). We shall delete data,
which have been disclosed to us by the contractual partner within the framework of an order, in accordance with the
of the order, generally after the end of the order.
Insofar as we use third parties or platforms to provide our services, the following shall apply in the relationship
between the parties,
the terms and conditions and data protection notices of the respective third party providers, or
platforms will apply.
In case of contact us (e.g. via contact form, e-mail, telephone or via social media),
the data of the inquiring persons will be processed, as far as this is necessary to answer the contact inquiries and
to take the requested measures.
The answering of the contact inquiries within the scope of contractual or pre-contractual relations takes place to
fulfil our contractual obligations or to respond to (pre)contractual enquiries and in all other respects to our
and due to the legitimate interests in answering the questions.
- Processed data types: Inventory data (e.g., names, addresses), contact data (e.g., e-mail,
telephone numbers), content data (e.g. text input, photographs, videos).
- Affected persons: Communication partners
- Purposes of processing: Contact requests and communication
- Legal basis: Performance of contract and pre-contractual enquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR),
legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).
Provision of the online offer and web hosting
In order to be able to provide our online services safely and efficiently, we use the services of one or more of our
several web hosting providers, from whose servers (or servers managed by them) the online offer is available.
For these purposes, we may use infrastructure and platform services, computing capacity,
storage space and database services as well as security and technical maintenance services.
The data processed within the framework of the provision of the hosting offer, may encompass all information
pertaining to the users of our website
that occur during use and communication which arise in the context of use and communication. This includes
regularly the IP address that is necessary to deliver the contents of online offers to browsers,
and all entries made within our online offer or from websites.
Collection of access data and log files: We ourselves (or our web hosting provider) collect data on each
access to the server (so-called server log files). The server logfiles may encompass the websites and files
the date and time of the retrieval, the amount of data transferred, the notification of successful
use of the operating system, referrer URL (the page previously visited) and the browser type and version.
The system of the user and usually IP addresses and the requesting provider.
The server logfiles can be used for security purposes, e.g. to prevent server overload
(especially in the case of abusive attacks, so-called DDoS attacks) and, on the other hand, in order to
ensure server utilization and stability.
- Processed data types: Content data (e.g. text input, photographs, videos), Usage data (e.g.
websites visited, interest in content, access times), meta/communication data (e.g.
device information, IP addresses).
- Affected persons: Users (e.g. website visitors, users of online services).
- Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. 1 f. GDPR).
Use of Google Analytics
Insofar as you have given your consent, this website uses Google Analytics, a web analysis service of Google Ireland Limited („Google“). The use includes the operating mode „Universal Analytics“. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous User-ID and thus to analyze the activities of a user across devices.
purposes of processing
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the Internet.
Art. 6 para. 1 S.1 lit. a DSGVO.
The recipient of the collected data is Google.
Duration of data storage
The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser add-on. Opt-out cookies prevent the future collection of your data when visiting this website. To prevent Universal Analytics from collecting data across multiple devices, you must opt-out on all systems in use. Click here to set the opt-out cookie: Deactivate Google Analytics
The application procedure requires that applicants provide us the data necessary for assessment and selection.
The information necessary can be found in the job description.
In general, the required information includes personal information, such as name, address,
contact details and proof of the qualifications required for the position. On request we
will be happy to tell you also what information is required.
We process personal data for the purposes of advertising communication, which may be transmitted via various Recipients have the right to revoke any consent given at any time or to object to advertising communication any We maintain online presences within social networks in order to communicate with the users active there, or Furthermore, the data of users within social networks are usually used for market research and advertising purposes. For a detailed description of the respective forms of processing and the possibilities for objection (opt-out) Services and service providers in use: The data processed by us will be deleted in accordance with the statutory provisions as soon as permissions are If the data are not deleted because they are required for other and legally permissible purposes, Further information regarding the deletion of personal data may also be provided within the framework of the We ask you to inform yourself regularly about the content of our data protection declaration. We adapt the If you have any questions regarding our data protection declaration, please contact the person in charge Under the GDPR, you are entitled to various rights as data subjects, which are derived in particular from Articles The supervisory authority responsible for fr8control GmbH is: Used Imageagencys / Author © iStockphoto.com / erikona Businessman and businesswoman working in office
documents and information contained in the application, such as cover letter and curriculum vitae,
certificates, as well as any other information on their person or qualification communicated voluntarily by
applicants with respect to a specific post.
later termination of the employment).
contractual relationship) Insofar as special categories of personal data are involved in the application process
data within the meaning of Art. 9 para. 1 GDPR (e.g. health data, such as severely disabled status or ethnic
origin) are requested from applicants so that the person responsible or the person concerned can identify him or
her, exercise rights arising from labour law and social security and social protection law
and fulfil his or her obligations in this respect, their processing shall be carried out in accordance with Art.
9 para. 2.
lit. b. GDPR, in the case of the protection of vital interests of applicants or other persons according to Art.
para. 2 lit. c. GDPR or for the purposes of preventive health care or occupational medicine, for the assessment
the ability of the employee to work, for medical diagnostics, care or treatment in the
health or social sector or for the management of systems and services in the health or social sector
according to Art. 9 para. 2 lit. h. GDPR. In the case of a voluntary agreement based on
notification of special categories of data, their processing is carried out on the basis of Art. 9 Par. 2 lit.
Promotional communication via mail, fax or telephone
e-mail, telephone, mail or fax. In this context, we comply with the statutory requirements and
obtain the necessary consent unless communication is permitted by law.
After revocation or objection, we may save the data required for proof of consent for up to three years,
on the basis of our legitimate interests before we delete them. The processing of this data will be
limited to the purpose of a possible defence against claims. An individual request for cancellation is possible any
provided that the former existence of a consent is confirmed at the same time.
to vote (Art. 6 Para. 1 GDPR), Right to vote (Art. 6 Para. 1 GDPR)
S. 1 lit. f. GDPR).
Presences in social networks
to provide information about us.
We would like to point out that user data may be processed outside the European Union.
This may result in risks for the users, because e.g. the enforcement of the rights of the users
could be made more difficult. With regard to US vendors who are certified under the Privacy Shield or who
offer comparable guarantees of a secure level of data protection, we would like to point out those are therefore
to comply with EU data protection standards.
For example, the user’s behaviour and interests resulting from it, can be used to
create user profiles. The user profiles can in turn be used, e.g. to create advertisements within and outside the
networks which are presumably correspond to the interests of the users.
As a rule, cookies are stored on the user’s computers for the purpose to store the user behaviour and the
interests of the users. Furthermore, data may also be stored in the user profiles independently of the
users (in particular, if the users are members of the respective platforms and are logged in to these).
we refer to the data protection declarations and information of the operators of the respective networks.
Also in the case of requests for information and the assertion of rights of data subjects, we would like to point
out that these
can be asserted most effectively with the providers. Only the providers have access to
the data of the users and can directly take appropriate measures and give information. Should you still need help,
you may turn to us.
telephone numbers), content data (e.g. text input, photographs, videos), usage data (e.g. websites visited,
interest in content, access times), meta/communication data (e.g. device information, IP addresses).
access statistics, recognition of returning visitors).
Privacy Shield (guarantee data protection level when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active;
Possibility of opposition (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Deletion of data
or other permissions end (e.g. if the purpose of the processing of the data is not valid anymore or they are not
necessary for the purpose).
their processing is limited to these purposes. This means that the data will be blocked and not used for other
This applies, for example, to data that must be stored for commercial or tax reasons, or
their storage for the purpose of asserting, exercising or defending legal claims or for the protection of rights
for any other natural or legal person.
data protection declaration as soon as the changes in data processing carried out by us make this necessary.
We will inform you as soon as the changes result in an action of cooperation on your part (e.g. consent),
or any other individual notification is required.
(Contact details see above and in the imprint).
Rights of the persons concerned
15 to 18 and 21 of the GDPR:
at any time to object to the processing of personal data concerning you, which are processed on the basis of
Art. 6 Par. 1
e or f GDPR; this also applies to any objection to profiling based on these provisions.
If the personal data concerning you are processed for the purpose of direct marketing,
you have the right at any time to object to the processing of your personal data for the purpose of each
advertising, this also applies to profiling to direct advertising in case it is connected to such direct advertising.
is processed and to obtain information about these data as well as further information and a copy of the data,
in accordance with legal requirements.
of the data concerning you or the rectification of inaccurate data concerning you.
the right to demand that data concerning you be deleted immediately or, alternatively, in accordance with the
to demand a restriction of the processing of the data in accordance with the statutory provisions.
in accordance with legal requirements, in a structured, common and machine-readable format,
or to request their transmission to another responsible person.
inform a supervisory authority, in particular in the Member State of your habitual residence, of your
workplace or the site of the alleged infringement, if you believe that the processing of your personal data
violates of the GDPR.
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen Postfach 20 04 44, 40102 Düsseldorf
Telefon: 0211 / 38424-0 E-Mail: firstname.lastname@example.org Internet: www.ldi.nrw.de
© iStockphoto.com / cybrain Image of businessmen hands during discussion of data in touchpad at meeting
© iStockphoto.com / shironosov Computer, Warehouse, Service
We process personal data for the purposes of advertising communication, which may be transmitted via various
Recipients have the right to revoke any consent given at any time or to object to advertising communication any
We maintain online presences within social networks in order to communicate with the users active there, or
Furthermore, the data of users within social networks are usually used for market research and advertising purposes.
For a detailed description of the respective forms of processing and the possibilities for objection (opt-out)
Services and service providers in use:
The data processed by us will be deleted in accordance with the statutory provisions as soon as permissions are
If the data are not deleted because they are required for other and legally permissible purposes,
Further information regarding the deletion of personal data may also be provided within the framework of the
We ask you to inform yourself regularly about the content of our data protection declaration. We adapt the
If you have any questions regarding our data protection declaration, please contact the person in charge
Under the GDPR, you are entitled to various rights as data subjects, which are derived in particular from Articles
The supervisory authority responsible for fr8control GmbH is:
Used Imageagencys / Author
© iStockphoto.com / erikona Businessman and businesswoman working in office