Privacy Policy

 

1. An overview of data protection

General information

The
following information will provide you with an easy to navigate overview of
what will happen with your personal data when you visit this website. The term
“personal data” comprises all data that can be used to personally identify you.
For detailed information about the subject matter of data protection, please
consult our Data Protection Declaration, which we have included beneath this
copy.

Data recording on this website

Who is the responsible party for the recording of data
on this website (i.e., the „controller“)?

The data
on this website is processed by the operator of the website, whose contact
information is available under section “Information about the responsible party
(referred to as the “controller” in the GDPR)” in this Privacy Policy.

How do we record your data?

We
collect your data as a result of your sharing of your data with us. This may,
for instance be information you enter into our contact form. Other data shall
be recorded by our IT systems automatically or after you consent to its
recording during your website visit. This data comprises primarily technical
information (e.g., web browser, operating system, or time the site was
accessed). This information is recorded automatically when you access this
website.

What are the purposes we use your data for?

A
portion of the information is generated to guarantee the error free provision
of the website. Other data may be used to analyze your user patterns.

What rights do you have as far as your information is
concerned?

You have
the right to receive information about the source, recipients, and purposes of
your archived personal data at any time without having to pay a fee for such
disclosures. You also have the right to demand that your data are rectified or
eradicated. If you have consented to data processing, you have the option to
revoke this consent at any time, which shall affect all future data processing.
Moreover, you have the right to demand that the processing of your data be
restricted under certain circumstances. Furthermore, you have the right to log
a complaint with the competent supervising agency.

Please
do not hesitate to contact us at any time if you have questions about this or any
other data protection related issues

 

 

2. Hosting

We are
hosting the content of our website at the following provider: noris network AG

External Hosting

This
website is hosted externally. Personal data collected on this website are
stored on the servers of the host. These may include, but are not limited to,
IP addresses, contact requests, metadata and communications, contract
information, contact information, names, web page access, and other data
generated through a web site.

The
external hosting serves the purpose of fulfilling the contract with our
potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of
secure, fast, and efficient provision of our online services by a professional
provider (Art. 6(1)(f) GDPR). If appropriate consent has been obtained, the
processing is carried out exclusively on the basis of Art. 6 (1)(a) GDPR and §
25 (1) TTDSG, insofar the consent includes the storage of cookies or the access
to information in the user’s end device (e.g., device fingerprinting) within
the meaning of the TTDSG. This consent can be revoked at any time.

Our
host(s) will only process your data to the extent necessary to fulfil its
performance obligations and to follow our instructions with respect to such
data.

We are using the following host(s):

noris network AG

Thomas-Mann-Straße 16 – 20

D-90471 Nürnberg

 

Data processing

We have
concluded a data processing agreement (DPA) for the use of the above-mentioned
service. This is a contract mandated by data privacy laws that guarantees that
they process personal data of our website visitors only based on our
instructions and in compliance with the GDPR.

 

3. General information and mandatory information

Data protection

The
operators of this website and its pages take the protection of your personal
data very seriously. Hence, we handle your personal data as confidential
information and in compliance with the statutory data protection regulations
and this Data Protection Declaration.

Whenever
you use this website, a variety of personal information will be collected.
Personal data comprises data that can be used to personally identify you. This
Data Protection Declaration explains which data we collect as well as the purposes
we use this data for. It also explains how, and for which purpose the
information is collected.

We
herewith advise you that the transmission of data via the Internet (i.e.,
through e-mail communications) may be prone to security gaps. It is not possible
to completely protect data against third-party access.

 

Information about the responsible party (referred to
as the “controller” in the GDPR)

The data
processing controller on this website is:

Emmet
Software Labs GmbH & Co. KG
Hertzstr. 6
32052 Herford
Germany

Telefon:
+49 5221-763 999-10
E-Mail: info@emmet-software-labs.com

The
controller is the natural person or legal entity that single-handedly or
jointly with others makes decisions as to the purposes of and resources for the
processing of personal data (e.g., names, e-mail addresses, etc.).

Storage duration

Unless a
more specific storage period has been specified in this privacy policy, your
personal data will remain with us until the purpose for which it was collected
no longer applies. If you assert a justified request for deletion or revoke
your consent to data processing, your data will be deleted, unless we have
other legally permissible reasons for storing your personal data (e.g., tax or
commercial law retention periods); in the latter case, the deletion will take
place after these reasons cease to apply.

General information on the legal basis for the data
processing on this website

If you
have consented to data processing, we process your personal data on the basis
of Art. 6(1)(a) GDPR or Art. 9 (2)(a) GDPR, if special categories of data are
processed according to Art. 9 (1) DSGVO. In the case of explicit consent to the
transfer of personal data to third countries, the data processing is also based
on Art. 49 (1)(a) GDPR. If you have consented to the storage of cookies or to
the access to information in your end device (e.g., via device fingerprinting),
the data processing is additionally based on § 25 (1) TTDSG. The consent can be
revoked at any time. If your data is required for the fulfillment of a contract
or for the implementation of pre-contractual measures, we process your data on
the basis of Art. 6(1)(b) GDPR. Furthermore, if your data is required for the
fulfillment of a legal obligation, we process it on the basis of Art. 6(1)(c)
GDPR. Furthermore, the data processing may be carried out on the basis of our
legitimate interest according to Art. 6(1)(f) GDPR. Information on the relevant
legal basis in each individual case is provided in the following paragraphs of
this privacy policy.

Designation of a data protection officer

We have
appointed a data protection officer.

Emmet
Software Labs GmbH & Co. KG
Bereich Datenschutz
Hertzstr. 6
32052 Herford
Germany

E-Mail:
gdpr@emmet-software-labs.com

 

Information on data transfer to the USA and other
non-EU countries

Among
other things, we use tools of companies domiciled in the United States or other
from a data protection perspective non-secure non-EU countries. If these tools
are active, your personal data may potentially be transferred to these non-EU
countries and may be processed there. We must point out that in these
countries, a data protection level that is comparable to that in the EU cannot
be guaranteed. For instance, U.S. enterprises are under a mandate to release
personal data to the security agencies and you as the data subject do not have
any litigation options to defend yourself in court. Hence, it cannot be ruled
out that U.S. agencies (e.g., the Secret Service) may process, analyze, and
permanently archive your personal data for surveillance purposes. We have no
control over these processing activities.

Revocation of your consent to the processing of data

A wide
range of data processing transactions are possible only subject to your express
consent. You can also revoke at any time any consent you have already given us.
This shall be without prejudice to the lawfulness of any data collection that
occurred prior to your revocation.

Right to object to the collection of data in special
cases; right to object to direct advertising (Art. 21 GDPR)

IN THE
EVENT THAT DATA ARE PROCESSED ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU
HAVE THE RIGHT TO AT ANY TIME OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA
BASED ON GROUNDS ARISING FROM YOUR UNIQUE SITUATION. THIS ALSO APPLIES TO ANY
PROFILING BASED ON THESE PROVISIONS. TO DETERMINE THE LEGAL BASIS, ON WHICH ANY
PROCESSING OF DATA IS BASED, PLEASE CONSULT THIS DATA PROTECTION DECLARATION.
IF YOU LOG AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA,
UNLESS WE ARE IN A POSITION TO PRESENT COMPELLING PROTECTION WORTHY GROUNDS FOR
THE PROCESSING OF YOUR DATA, THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS
OR IF THE PURPOSE OF THE PROCESSING IS THE CLAIMING, EXERCISING OR DEFENCE OF
LEGAL ENTITLEMENTS (OBJECTION PURSUANT TO ART. 21(1) GDPR). IF YOUR PERSONAL
DATA IS BEING PROCESSED IN ORDER TO ENGAGE IN DIRECT ADVERTISING, YOU HAVE THE
RIGHT TO OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE
PURPOSES OF SUCH ADVERTISING AT ANY TIME. THIS ALSO APPLIES TO PROFILING TO THE
EXTENT THAT IT IS AFFILIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR
PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING
PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to log a complaint with the competent
supervisory agency

In the
event of violations of the GDPR, data subjects are entitled to log a complaint
with a supervisory agency, in particular in the member state where they usually
maintain their domicile, place of work or at the place where the alleged
violation occurred. The right to log a complaint is in effect regardless of any
other administrative or court proceedings available as legal recourses.

Right to data portability

You have
the right to have data that we process automatically on the basis of your
consent or in fulfillment of a contract handed over to you or to a third party
in a common, machine-readable format. If you should demand the direct transfer
of the data to another controller, this will be done only if it is technically
feasible.

Information about, rectification and eradication of
data

Within
the scope of the applicable statutory provisions, you have the right to demand
information about your archived personal data, their source and recipients as
well as the purpose of the processing of your data at any time. You may also
have a right to have your data rectified or eradicated. If you have questions
about this subject matter or any other questions about personal data, please do
not hesitate to contact us at any time.

Right to demand processing restrictions

You have
the right to demand the imposition of restrictions as far as the processing of
your personal data is concerned. To do so, you may contact us at any time. The
right to demand restriction of processing applies in the following cases:

·        
In the event that you should dispute the correctness
of your data archived by us, we will usually need some time to verify this
claim. During the time that this investigation is ongoing, you have the right
to demand that we restrict the processing of your personal data.

·        
If the processing of your personal data was/is
conducted in an unlawful manner, you have the option to demand the restriction
of the processing of your data instead of demanding the eradication of this
data.

·        
If we do not need your personal data any longer and
you need it to exercise, defend or claim legal entitlements, you have the right
to demand the restriction of the processing of your personal data instead of
its eradication.

·        
If you have raised an objection pursuant to Art. 21(1)
GDPR, your rights and our rights will have to be weighed against each other. As
long as it has not been determined whose interests prevail, you have the right
to demand a restriction of the processing of your personal data.

If you
have restricted the processing of your personal data, these data – with the
exception of their archiving – may be processed only subject to your consent or
to claim, exercise or defend legal entitlements or to protect the rights of
other natural persons or legal entities or for important public interest
reasons cited by the European Union or a member state of the EU.

SSL and/or TLS encryption

For
security reasons and to protect the transmission of confidential content, such
as purchase orders or inquiries you submit to us as the website operator, this
website uses either an SSL or a TLS encryption program. You can recognize an
encrypted connection by checking whether the address line of the browser
switches from “http://” to “https://” and also by the appearance of the lock
icon in the browser line.

If the
SSL or TLS encryption is activated, data you transmit to us cannot be read by
third parties.

 

 

4. Recording of data on this website

Cookies

Our
websites and pages use what the industry refers to as “cookies.” Cookies are
small data packages that do not cause any damage to your device. They are
either stored temporarily for the duration of a session (session cookies) or
they are permanently archived on your device (permanent cookies). Session
cookies are automatically deleted once you terminate your visit. Permanent
cookies remain archived on your device until you actively delete them, or they
are automatically eradicated by your web browser.

Cookies
can be issued by us (first-party cookies) or by third-party companies
(so-called third-party cookies). Third-party cookies enable the integration of
certain services of third-party companies into websites (e.g., cookies for
handling payment services).

Cookies
have a variety of functions. Many cookies are technically essential since
certain website functions would not work in the absence of these cookies (e.g.,
the shopping cart function or the display of videos). Other cookies may be used
to analyze user behavior or for promotional purposes.

Cookies,
which are required for the performance of electronic communication
transactions, for the provision of certain functions you want to use (e.g., for
the shopping cart function) or those that are necessary for the optimization
(required cookies) of the website (e.g., cookies that provide measurable
insights into the web audience), shall be stored on the basis of Art. 6(1)(f)
GDPR, unless a different legal basis is cited. The operator of the website has
a legitimate interest in the storage of required cookies to ensure the
technically error-free and optimized provision of the operator’s services. If
your consent to the storage of the cookies and similar recognition technologies
has been requested, the processing occurs exclusively on the basis of the
consent obtained (Art. 6(1)(a) GDPR and § 25 (1) TTDSG); this consent may be
revoked at any time.

You have
the option to set up your browser in such a manner that you will be notified
any time cookies are placed and to permit the acceptance of cookies only in
specific cases. You may also exclude the acceptance of cookies in certain cases
or in general or activate the delete-function for the automatic eradication of
cookies when the browser closes. If cookies are deactivated, the functions of
this website may be limited.

Which
cookies and services are used on this website can be found in this privacy
policy.

Contact form

If you
submit inquiries to us via our contact form, the information provided in the
contact form as well as any contact information provided therein will be stored
by us in order to handle your inquiry and in the event that we have further
questions. We will not share this information without your consent.

The
processing of these data is based on Art. 6(1)(b) GDPR, if your request is
related to the execution of a contract or if it is necessary to carry out
pre-contractual measures. In all other cases the processing is based on our
legitimate interest in the effective processing of the requests addressed to us
(Art. 6(1)(f) GDPR) or on your agreement (Art. 6(1)(a) GDPR) if this has been
requested; the consent can be revoked at any time.

 

The
information you have entered into the contact form shall remain with us until
you ask us to eradicate the data, revoke your consent to the archiving of data
or if the purpose for which the information is being archived no longer exists
(e.g., after we have concluded our response to your inquiry). This shall be
without prejudice to any mandatory legal provisions, in particular retention
periods.

 

5. Plug-ins and Tools

Google Maps

This
website uses the mapping service Google Maps. The provider is Google Ireland
Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To
enable the use of the Google Maps features, your IP address must be stored. As
a rule, this information is transferred to one of Google’s servers in the
United States, where it is archived. The operator of this website has no
control over the data transfer. In case Google Maps has been activated, Google
has the option to use Google Fonts for the purpose of the uniform depiction of
fonts. When you access Google Maps, your browser will load the required web
fonts into your browser cache, to correctly display text and fonts.

We use
Google Maps to present our online content in an appealing manner and to make
the locations disclosed on our website easy to find. This constitutes a
legitimate interest as defined in Art. 6(1)(f) GDPR. If appropriate consent has
been obtained, the processing is carried out exclusively on the basis of Art.
6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of
cookies or the access to information in the user’s end device (e.g., device
fingerprinting) within the meaning of the TTDSG. This consent can be revoked at
any time.

Data
transmission to the US is based on the Standard Contractual Clauses (SCC) of
the European Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

For more
information on the handling of user data, please review Google’s Data Privacy
Declaration under: https://policies.google.com/privacy?hl=en.

 

6. Custom Services

Handling applicant data

We offer
website visitors the opportunity to submit job applications to us (e.g., via
e-mail, via postal services on by submitting the online job application form).
Below, we will brief you on the scope, purpose and use of the personal data
collected from you in conjunction with the application process. We assure you
that the collection, processing, and use of your data will occur in compliance
with the applicable data privacy rights and all other statutory provisions and
that your data will always be treated as strictly confidential.

 

Scope and purpose oft he collection of data

If you
submit a job application to us, we will process any affiliated personal data
(e.g., contact and communications data, application documents, notes taken
during job interviews, etc.), if they are required to make a decision
concerning the establishment or an employment relationship. The legal grounds
for the aforementioned are § 26 BDSG according to German Law (Negotiation of an
Employment Relationship), Art. 6(1)(b) GDPR (General Contract Negotiations) and
– provided you have given us your consent – Art. 6(1)(a) GDPR. You may revoke
any consent given at any time. Within our company, your personal data will only
be shared with individuals who are involved in the processing of your job
application.

If your
job application should result in your recruitment, the data you have submitted
will be archived on the grounds of § 26 BDSG and Art. 6(1)(b) GDPR for the
purpose of implementing the employment relationship in our data processing system.

Data Archiving Period

If we
are unable to make you a job offer or you reject a job offer or withdraw your
application, we reserve the right to retain the data you have submitted on the
basis of our legitimate interests (Art. 6(1)(f) GDPR) for up to 6 months from
the end of the application procedure (rejection or withdrawal of the
application). Afterwards the data will be deleted, and the physical application
documents will be destroyed. The storage serves in particular as evidence in
the event of a legal dispute. If it is evident that the data will be required
after the expiry of the 6-month period (e.g., due to an impending or pending
legal dispute), deletion will only take place when the purpose for further
storage no longer applies.

Longer
storage may also take place if you have given your agreement (Article 6(1)(a)
GDPR) or if statutory data retention requirements preclude the deletion.

Admission tot he applicant pool

If we do
not make you a job offer, you may be able to join our applicant pool. In case
of admission, all documents and information from the application will be
transferred to the applicant pool in order to contact you in case of suitable
vacancies.

Admission
to the applicant pool is based exclusively on your express agreement (Art.
6(1)(a) GDPR). The submission agreement is voluntary and has no relation to the
ongoing application procedure. The
affected person can revoke his agreement at any time. In this case, the
data from the applicant pool will be irrevocably deleted, provided there are no
legal reasons for storage.

The data
from the applicant pool will be irrevocably deleted no later than two years
after consent has been granted.

 

Status:
June 2023