Privacy Notice

In the following, we inform you about the processing of your personal data by us and the claims and rights to which you are entitled under data protection regulations, in particular the European General Data Protection Regulation (GDPR).

This Privacy Notice informs you about the type, scope and purpose of the processing of personal data within our website (hereinafter “website”). The Privacy Notice applies regardless of the domains, platforms and devices used (e.g. desktop, mobile, etc.).

Personal data within the meaning of the GDPR are all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior. Which data is processed in detail and how it is used depends largely on the services you use with us.

In our Privacy Notice, we use various other terms within the meaning of the GDPR. These include terms such as processing, restriction of processing, profiling, pseudonymization, controller, processor, recipient, third party, consent, supervisory authority and international organization. You can find the corresponding definitions for these terms in Art. 4 GDPR.

 

  1. Who is responsible for data processing and who can I contact?

The person responsible is:

ABiTEP GmbH
Glienicker Weg 185
12489 Berlin

Phone: +49 (0)30 67057-0
E-Mail: personal@abitep.de

You can reach our Data Protection Officer at:

mip Consult GmbH
Jan Käding
Wilhelm-Kabus-Str. 9
10829 Berlin

Phone: 030 67057-16
E-Mail: datenschutz@abitep.de
www.sofortdatenschutz.de

 

  1. What sources and data do we use?

We process personal data that we receive from you as part of the use of our website and, if applicable, our business relationship.

When using the website purely for information purposes, we only collect the personal data that your browser transmits to our server. When you visit our website, we collect the following access data, which is technically necessary for us to display our website to you and to ensure stability and security. The access data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i.e. name of the specific website accessed), access status/HTTP status code, amount of data transferred in each case, referrer URL (previously visited page), operating system and its interface, language and version and type of browser software, notification of successful access.

We also receive your personal data if you contact us, e.g. via the contact form, telephone or e-mail. Personal data in this case is, for example, your name, e-mail address, telephone number and, if applicable, the data that you send us as a message (hereinafter referred to as “contact data”). Depending on the type of request, it may be necessary to provide further data. Please note that when communicating by e-mail, we cannot guarantee complete data security for this transmission method, so we recommend that you send information requiring a high level of confidentiality by post.

 

  1. What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Data Protection Act (BDSG) for the following purposes and on the following legal bases:

3.1 Data processing on the basis of your consent

If you have given us your consent to process personal data for specific purposes, in particular to contact you (e.g. via our web forms or by e-mail to process and handle your request), to send newsletters or for the purpose of advertising by telephone, e-mail, SMS (direct advertising), the lawfulness of this processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

Any consent given can be revoked at any time.

Please note that the revocation is only effective for the future. Processing that took place before the revocation is therefore not affected by the revocation. You can revoke your consent at any time by contacting us using the contact details above.

3.2 Data processing for the implementation of pre-contractual measures at the request of the person

When you contact us (e.g. via web form, telephone or e-mail), your details will be processed to process the contact request and its handling, Art. 6 para. 1 sentence 1 lit. b GDPR.

3.3 Data processing for the fulfillment of legal obligations

Insofar as the processing of your personal data is necessary to fulfill a legal obligation to which we are subject, the data processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. c GDPR.

3.4 Processing to protect our legitimate interests or those of third parties

We may process your personal data to protect our legitimate interests or those of third parties. We pursue the following legitimate interests in particular:

  • Ensuring IT security, in particular the security of the website;
  • Improvement of the website in terms of structure and content;
  • Assertion of legal claims and defense in legal disputes;

 

3.5 Realization of the job application procedure

When you contact us (via contact form or email) in connection with your application, we process your data in order to check your suitability for the position (or any other open positions in our company) and to carry out the application process, Art. 6 para. 1 sentence 1 lit. b GDPR. Your applicant data will be reviewed by the HR department after receipt of your application. Suitable applications will then be forwarded internally to the department managers responsible for the respective open position. They will then decide on the next steps. Within the company, only those persons have access to your data who need it for the proper conduct of our application process.

For data processing that is not absolutely necessary for the application process, we obtain your consent, Art. 6 para. 1 sentence 1 lit. a GDPR.

3.6 Storage of data on your end device or access to data stored on your end device

We use cookies and similar technologies in the website. We store information on your end device if this is absolutely necessary in order to make our website available to you, Section 25 para. 2 No. 2 TDDDG. Data processing is carried out to safeguard our legitimate interest in the best possible functionality of the website in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

Further information on the use of cookies and similar technologies can be found under “Cookies and similar technologies”.

 

  1. Who receives my data?

Within our company, those departments that require your data to fulfill our contractual and legal obligations will have access to it.

Processors used by us (Art. 28 GDPR) may also receive data for the above-mentioned purposes. These are companies in the categories of IT services, logistics, telecommunications, debt collection, advice and consulting as well as sales and marketing. If we pass on data to our service providers, they may only use the data to fulfill their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have suitable technical and organizational measures in place to protect the rights of the data subjects, guarantee an appropriate level of data protection and are carefully monitored by us.

Data will only be passed on to third parties who are not processors within the framework of the legal requirements. We only pass on user data to third parties if this is necessary, e.g. on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR for contractual purposes or on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR in the economic and effective operation of our business operations or if you have consented to the transfer of data. When using the website for purely informational purposes, we do not pass on any data to third parties.

 

  1. How long will my data be stored?

5.1 Access data

For security reasons (e.g. to clarify acts of abuse or fraud), log file information is stored for a maximum period of fourteen days and then deleted (see point 2 above). Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

5.2 (Pre-)contractual measures

Where necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation of a contract via the contact form or by e-mail.

5.3 Applicant data

Applicant data will be deleted after 6 months in the event of a rejection. If we fill the advertised position with you, your data will be stored in our personnel management system.

5.4 Statutory retention obligations

In addition, we are subject to various retention and documentation obligations, including those arising from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods specified there are six to ten years.

5.5 Limitation periods

Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to Sections 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years, whereby the regular limitation period is three years.

If you assert your rights as a data subject, we will store the information provided to you in this regard until expiry of the statutory limitation period in accordance with Section 31 para. 2 No. 1 OWiG, Section 41 para. 1 BDSG, Art. 83 para. 5 lit. b GDPR for 3 years. This period may be extended if the statutory limitation period is extended due to interruptions of the limitation period (e.g. in the context of inquiries by the supervisory authorities).

 

  1. Is data transferred to a third country or to an international organization?

The data provided will be processed within the European Union (“EU”) and the European Economic Area (“EEA”), specifically Switzerland. In the case of data transfer outside the EU, we ensure that an adequacy decision of the European Commission exists for the respective recipient country.

 

  1. What data protection rights do I have?

Every data subject has

  • the right to information in accordance with Art. 15 GDPR (i.e. you have the right to request information about your personal data stored by us at any time),
  • the right to rectification in accordance with Art. 16 GDPR (i.e. if your personal data is incorrect or incomplete, you can request the rectification of this data),
  • the right to erasure pursuant to Art. 17 GDPR and the right to restriction of processing pursuant to Art. 18 GDPR (i.e. you may have the right to request the erasure or restriction of processing of your personal data if, for example, there is no longer a legitimate business purpose for such processing and statutory retention obligations do not require further storage),
  • the right to data portability under Art. 20 GDPR (i.e. you may have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance).

Furthermore, you can revoke your consent with effect for the future.

You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG). You can find the supervisory authority responsible for you at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html. We would appreciate it if we could resolve your concerns before you contact the supervisory authority and therefore ask you to contact us first with your complaint.

We would also like to draw your attention to your right to object in accordance with Art. 21 GDPR:

Information about your right to object in accordance with Art. 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. 1 sentence 1 lit. e GDPR (data processing in the public interest) and Art. 6 para. 1 sentence 1 lit. f GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

The objection can be sent to us in any form using the contact details above and no costs other than the transmission costs according to the basic rates will be incurred.

 

  1. To what extent is there automated decision-making in individual cases, including profiling?

When you access our website or contact us by form or email, we generally do not use fully automated decision-making in accordance with Article 22 GDPR. If we use these procedures in individual cases, we will inform you of this separately if this is required by law. We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).

 

  1. Do I have an obligation to provide data?

When you visit our website, you must provide the personal data that is required for technical or IT security reasons in order to use our website. If you do not provide this data, you will not be able to use our website.

When contacting us by form or e-mail, you only need to provide the personal data required to process your request. Otherwise, we will not be able to process your request.

If your request is aimed at the conclusion of a contract or if the provision of data is necessary in the context of the initiation of a contract, the non-provision of data may mean that we cannot provide the intended service.

 

  1. Cookies and similar technologies

We ourselves process personal data in the website and use cookies and similar technologies, such as web storage, in this context. These technologies can store information on your device or access information that is stored on your device.

Cookies are stored in the browser on the user’s end device. They contain information that is stored about a visited page. The cookie is either sent to the browser by the web server or generated in the browser by a script (JavaScript). The web server can read this cookie information directly on subsequent visits to this page or transmit the cookie information to the server via a script on the website. If cookies are set, they generally collect and process certain user information such as browser and location data as well as IP address values to an individual extent. Some of these cookies are essential for the functioning of our website, while other cookies help us to improve our website by providing us with insights into how you use the website.

With web storage, information is stored locally in the cache of your browser. The stored information is either automatically deleted again after the browser window is closed (“session storage”) or remains there so that it can be read again when you visit the website again (“local storage”), unless you delete your browser cache (“browser data”).

You can prohibit the storage of cookies individually via the settings of your browser (you can find out how to set the cookie handling on the browser’s help page). You can find help on cookie management in the most common browsers at the following addresses:

Please note that disabling cookies may limit the functionality of this website.

We will inform you about the specific use of the above-mentioned technologies and the scope of the information collected in each case in the following paragraphs.

 

  1. Our social media presence

You can find us on social networks and platforms so that we can also communicate with you there and inform you about our services.

We would like to point out that your data may also be processed outside the European Union when using social media networks or platforms and that the providers of the social networks generally process the data for market research and advertising purposes. Usage profiles can be created from the usage behavior and resulting interests of the users. These user profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For this purpose, cookies and similar technologies may be stored on the user’s end device, in which the user’s usage behavior and interests are stored. Other data may also be stored in these user profiles, in particular if the users are members of the respective platforms and are logged in to them.

On our website, we only link to our company profiles on the respective social networks. Please note, however, that when you click on a link to the social networks, data is transferred to their servers. If you are logged in to the respective social network with your username and password at this time, the information that you have visited our company profile on the respective social network from our website will be transmitted there and the respective provider can save this information in your user account.

In principle, we have no significant influence on the data processing of social networks. However, we receive statistics from the providers about the use of and visits to our company profiles in the social networks (e.g. information about the number of views, interactions such as likes and comments as well as summarized demographic and other information or statistics). You can find more information on the data used by the providers in the providers’ Privacy Notices linked below.

If we receive personal data from you via the social networks (e.g. as part of a message) and process it exclusively ourselves, we are responsible for the data processing. In this case, you are entitled to the rights set out above in this Privacy Notice. You can address your inquiries regarding data processing in the context of our company profiles to us using the contact details above. Please check carefully which personal data you share with us via social networks.

Insofar as the data transmitted by you via the social network is also or exclusively processed by the provider of the social network (Insights data), the respective provider is also responsible for data processing within the meaning of the GDPR in addition to us. In this respect, data processing is carried out on the basis of an agreement between jointly responsible parties in accordance with Art. 26 GDPR.

If you wish to assert rights against the provider of the social network in this regard, the easiest way to do so is to contact the respective provider directly. The provider knows both the details of the technical operation of the platform and the associated data processing as well as the specific purposes of the data processing. The contact details can be found in the Privacy Notices linked below. We will also be happy to support you in asserting your rights, insofar as this is possible for us.

The processing of users’ personal data is generally based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. The legal basis is also Art. 6 para. 1 sentence 1 lit. b GDPR if we receive and process your data as part of a contract-related request via our social media presence. The legal basis for the linking and operation of our company profiles in social networks, including the receipt of statistics on the use of our company profiles, is Art. 6 para. 1 sentence 1 lit. f GDPR based on our legitimate interest in our corporate communication in the respective social networks.

For information on the respective processing and the respective objection options, please refer to the providers’ Privacy Notices linked below:

 

  1. Overview: Cookies and similar technologies used

Below you will find more detailed information on the cookies and similar technologies used in the website according to the scheme [name of the service]: [name of the cookie] ([description, storage duration, type]).

ABiTEP GmbH

  • pll_language (Saves the language settings of the website visitor, session, HTML session storage)

  A member of the Andermatt Group