We're hiring!

Jobs

Data protection statement

Privacy Policy

Privacy Policy for the use of our website

Thank you for visiting our websites. The protection of your personal data („data“) is very important to us. This Privacy Policy is designed to give you an overview of which Data we collect and process when you visit our websites and contact us and what rights you have in relation to the processing of your Data.

Please click on a topic and display the contents of the selected question:

I. Who are we and how you can contact us?

 

We,

CPU 24/7 GmbH
August-Bebel-Straße 26-53
14482 Potsdam

are responsible for protecting your Data. If you have any questions regarding the processing of Data, regarding your rights or this Privacy Policy, please do not hesitate to contact our Group Data Protection Officer. He can be reached

By post at:
CPU 24/7 GmbH
Data Protection Officer
August-Bebel-Straße 26-53
14482 Potsdam

As well as by email at:
datenschutzbeauftragter@cpu-24-7.com

 

 

II. Data processing in connection with your visit to our websites

 

A. Log Files

Description and scope of the data processing:

When you visit our website your browser automatically transmits the following Data:

  • your IP – address,
  • date and time of access,
  • the website from which access is made (referrer URL),
  • the browser used and its version (if transmitted by the browser),
  • and the operating system used.

Purposes of data processing:

The temporary storage of this data is necessary to enable the delivery of the websites to your device and to ensure the functionality of the websites. In addition, we collect the Data in order to trace and prevent unauthorized access to the webserver and the misuse of the websites and to ensure the security of our information technology systems.

Legal basis:

We store this Data temporarily on the basis of legitimate interests (Art. 6 sec. 1 f General Data Protection Regulation (“GDPR”)). Our legitimate interest lies in achieving the purposes described above.

Term of storage and control options:

The Data will be erased if they are no longer necessary to achieve the purposes. Log files are usually deleted after 28 days.

B. Third Party Cookies and Tracking Technologies

When you visit our websites, we set so-called cookies. These are small text files that are stored on your device. Cookies typically contain a distinctive string of characters, the so-called cookieID, which identify your browser when revisiting the websites.

 

Borlabs Cookie:

Description and scope of the data processing:

On our websites, we use the cookie content technology of „Borlabs Cookie“, a service of „Borlabs“ – Benjamin A. Bornschein, Georg-Wilhelm-Str.17, 21107 Hamburg.

With the help of Borlabs Cookies, we document whether you have consented to the setting of certain cookies in the cookie banner, whether you have withdrawn your consent or have objected to any data processing. The following Data is stored: cookie lifetime, cookie version, domain and path, consent/withdrawal/objection, a randomly generated user ID.

Details about the Borlabs Cookie can be found here.

Purposes of data processing:

Borlabs Cookie is used to meet privacy requirements for the setting and documentation of cookies.

Legal basis:

We use Borlabs Cookie content technology to prove compliance with legal obligations, Art. 6 sec. 1 c GDPR.

Term of storage and control options:

The cookie is valid for 365 days. In any case, the collected Data will be deleted if you ask us to do so or if you delete the Borlabs cookie yourself or if the purpose for which the Data is stored no longer exists. Mandatory legal retention periods remain unaffected.

 

Matomo (PIWIK)

Description and scope of the data processing:

On our websites, we use the free web analysis software “Matomo”.

Matomo:

Matomo uses cookies to enable us to analyse your use of the websites. The analysis is based mainly on the following information: visitor numbers, number of returning visitors, visited sites, visitors’ actions on the site (e.g. filling out the contact form), visitors’ time spent on the site, keywords used by visitors to find the site, visitors’ behaviour on the site, visitors’ location, devices used when visiting our site, including device settings (screen resolution, operating system, browser used), visitors’ interests. The information generated by the cookie about your use of the websites (including your IP address) will be transmitted to and stored by a server. The IP address is made anonymous before being stored.

We:

We use this information exclusively for the purpose of evaluating your use of the websites and compiling reports on website activity.

Purposes of data processing:

Matomo:

On our order, the Data collected is used to evaluate the use of our websites, to compile reports on website activity and to provide other services related to website and Internet use.

We:

We use the statistics provided by Matomo to analyze the activities on our websites. This allows us to evaluate our services and improve the quality of our websites and content and adjust them to the needs of our users.

Legal basis:

We use Matomo on the basis of Art. 6 sec. 1 f GDPR. Our legitimate interest lies in evaluating the use of our websites and adjusting their content and design to your needs.

Term of storage and control options:

The cookies are automatically deleted after 13 months.

You can decide here that no unique web analysis cookie may be stored in your browser to enable us to collect and analyze various statistical data.

Opt-out:

You have total control over the use of cookies and can delete cookies in your browser, you can deactivate the storage of cookies completely, accept only certain cookies selectively and possibly set up your browser in a way that it notifies you when a cookie is to be set. To learn how to change these settings, please use the help feature of your browser. Please note that this can restrict the functionality of our website.

Deactivate in Firefox
Deactivate in Internet Explorer
Deactivate in Chrome

 

Social-Media (Twitter, LinkedIn)

We:
On our websites, you can find icons of social media platforms. These icons are designed as external links; no data processing is performed. If you click on one of the icons, you will be forwarded to the respective social media platform.

Social media platforms:

If you click on an icon your user Data will be transferred to the website of the social media platform.

You can find further information on data processing on social media platforms, purposes and legal bases for the data processing as well as your rights vis-á-vis the social media platforms under the following links:

LinkedIn
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland
Datenschutzerklärung LinkedIn

Twitter
Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Datenschutzerklärung Twitter

You can also prevent the collection and processing of the Data by the social media platforms by downloading and installing on your devices the browser add-on available under the following links:

LinkedIn Opt-Out
Twitter Opt-Out

 

III. Which Data is processed when you contact us?

 

Description and scope of data processing:

We collect and process the Data provided by you, such as your contact Data, your name and your request, when you contact us via a contact form or by e-mail. All Data that you send to us is encrypted between your browser and our server.

Purposes of data processing:

We process your Data exclusively to handle your query.

Legal basis:

We process your Data in order to perform pre-contractual and contractual measures, that occur on the basis of your query (Art. 6 sec. 1 b GDPR). In all other cases, the processing is based on our legitimate interest in the effective processing of the queries addressed to us (Art. 6 sec. 1 f GDPR).

Term of storage and control options:

We store your Data for as long as we need it for the specific processing purpose. In addition, we store certain Data for the duration of the statutory limitation periods (usually three years, in individual cases up to 30 years) and for as long as is prescribed by statutory retention periods (e.g. as defined in the Commercial Code (HGB), the Fiscal Code (AO)) (usually ten years).

 

IV. Which Data is processed when you apply for a job with us?

 

Description and scope of data processing:

You can send us your application documents by e-mail at jobs@cpu-24-7.com or by post at

CPU 24/7 GmbH
August-Bebel-Straße 26-53
14482 Potsdam

To participate in an application process we require, depending on the type of application, your contact details, your email address, information on your professional qualifications in the form of education and graduation certificates and/or employer references as well as your CV. If you give us additional Data voluntarily, we use this exclusively for the purpose of processing your application and conducting the application process.
In principle, only those persons have access to your Data who are internally involved in filling the position.
With your consent, we store your application documents in our applicant pool so that your application can also be considered for future job vacancies.

Purposes of data processing:
The purpose of processing the Data provided by you is to select an applicant for employment. Applicants are required to provide the above-mentioned Data. Without providing the Data, participation in the application process is not possible.

Legal basis:
The legal basis for the data processing is Sec. 26 Federal Data Protection Act (BDSG) in conjunction with Art. 6 sec. 1 b GDPR. We process voluntary information on the basis of Sec. 26 para. 1 BDSG in conjunction with Art. 6 1 f GDPR. Participation in the applicant pool is on the basis of your consent according to Article 26. para. 2 BDSG in conjunction with Art. 6 1 a GDPR.

Term of storage and control options:
If we decline your application, we will store your application documents for a maximum of six months from the time of notification of the unsuccessful application. The data in the applicant pool will be deleted after 12 months unless you agree to a longer storage period.
Should you wish to withdraw any of the consents given during the application process for the processing of your data, you can contact us at the above address by letter or by e-mail to jobs@cpu-24-7.com.

 

V. Who receives your Data?

 

A. Departments within CPU 24/7 GmbH

Within CPU 24/7 GmbH, access to your Data shall only be provided to those departments/persons who require this for the purposes described (“Need-to-know principle”).

B. Service providers that support us

We will transmit your Data to our service providers, e.g. in the fields of

  • IT services,
  • telecommunications,
  • advice, legal advice,
  • compliance and data protection,
  • distribution and advertising,
  • operation and maintenance of our websites,
  • as well as communication, e.g. via our contact form and customer service (telephone and e-mail).

These service providers are contractually obliged to maintain confidentiality and fulfill the requirements under data protection law. Service providers that are processors have signed a corresponding contract, which guarantees that Data will be processed strictly according to our instructions.

 

VI. What rights do you have and how can you exercise these?

 

A. Withdrawal of consent

You can withdraw any consent you have granted to the processing of your Data at any time and with effect for the future. Please note that the withdrawal will have no impact on the legality of the previous data processing and that it does not extend to such data processing for which statutory authorisation exists and which can therefore be performed without your consent.

B. Other rights of data subjects

According to Art. 15 to 21 and 77 of the GDPR and if the conditions are met, you are furthermore entitled to the following rights.

Access:

You can at any time demand provision of information on the Data of yours that we process and demand a copy of the Data stored on you, Art. 15 GDPR. Please note that further copies of the Data stored on you may be subject to a charge.

Correction:

You can demand the correction of incorrect Data as well as the completion of incomplete Data according to Art. 16 GDPR.

Erasure:

You can demand the erasure of your Data. Please note that the erasure does not include Data required for the execution and processing of contracts and to assert, exercise and defend against legal claims as well as Data for which statutory, supervisory or contractual retention obligations exist, Art. 17 GDPR.

Restriction of processing:

You can under certain circumstances demand the restriction of the processing, e.g. if you believe that your Data is incorrect if the processing is illegal or you have raised a complaint about the data processing. This will mean that without your consent your Data may only be processed in a very restricted way, e.g. to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities, Art. 18 GDPR.

Objection to data processing:

You have the option to object to the data processing for direct advertising purposes at any time. In addition, you can object at any time to data processing performed on the basis of a legitimate interest if there is a particular reason for doing so, Article 21 GDPR.

Data portability:

You have the right to receive the Data provided by you, which was processed based on your consent or in order to fulfil a contract, in a structured, commonly used and machine-readable format and the right to demand a direct transfer of this Data to third parties within the realms of what is technically possible, Article 20 GDPR.

C. Contact routes

You can assert your rights by means of the following Contact details:

by post at:

CPU 24/7 GmbH
Data Protection Officer
August-Bebel-Straße 26-53
14482 Potsdam

As well as by email at: datenschutzbeauftragter@cpu-24-7.com.

D. Right to appeal to the competent data protection supervisory authority

If you, for example, consider that the processing of your Data is illegal or that your rights described above are not granted to you to the required extent, you have the right to file a complaint to the competent data protection supervisory authority.

 

VII. Privacy Policy for the use of our Twitter profile

 

Thank you for visiting our Twitter profile. The protection of your personal data (“Data”) is very important to us. This Privacy Policy is designed to give you an overview of which Data we collect and process when you visit our Twitter profile and contact us and what rights you have in relation to the processing of your Data.

A) Who are we and how you can contact us?

We,

CPU 24/7 GmbH
August-Bebel-Straße 26-53
14482 Potsdam

and

Twitter International Company
One Cumberland Place
Fenian Street
Dublin 2
D02 AX07
Ireland

are responsible for protecting your Data.

If you have any questions regarding the processing of data by Twitter and your relevant rights, please contact Twitter (you can find more information here).

If you have any questions regarding the processing of data by us, regarding your rights or this Privacy Policy, please do not hesitate to contact our Group Data Protection Officer. He can be reached

by post at:

CPU 24/7 GmbH
Data protection officer
August-Bebel-Straße 26-53
14482 Potsdam

As well as by email at: datenschutzbeauftragter@cpu-24-7.com.

 

B) Data processing in connection with your visit to our Twitter profile

How we jointly process your Data

To interact with you on Twitter and align our Twitter profile to the interests of our followers, we use the Twitter functions described below. The processing of the data collected by us in this process is carried out exclusively by employees entrusted with the operation of our Twitter profile.

Twitter Analytics and Audience Insights

Description and scope of data processing:

We:
We use the function of “Twitter Analytics”. This function provides us with information on the number of profile visits, tweet impressions, tweet interactions and overviews of the number of followers won and lost for the last 28 days. We also learn how often our videos are shown and how long the viewed video frequencies are.

We can also use the “Audience Insights” function to view anonymous statistics on our followers. We cannot identify any specific persons from this Data. The statistical reports contain various information, e.g.:

  • gender,
  • interests,
  • country / Region,
  • language,
  • device type.

Twitter:

In order to generate the page insights anonymously provided to us, Twitter will collect among other information, the following:

  • views of a page, post or video on a page,
  • subscribing to or unsubscribing from a Twitter profile,
  • interact with a Twitter profile or a tweet (e.g. tagging a page or a post as „liked“),
  • demographic characteristics,
  • interests,
  • the information about whether the page visit or interaction happened from a computer or a mobile device.

Further information about the scope and the purpose, as well as the legal basis of Twitter’s data processing, can be found on Twitter Privacy Policy.

Purpose and legal basis of data processing:

These statistics help us learn how our Twitter profile is being used. This enables us to improve the activities on our Twitter profile as well as the design and the contents of our Twitter profile, our advertising activities, our posts and our events. Hereon our legitimate interest is based (Art. 6 sec. 1f GDPR).

 

Notifications

Description and scope of data processing:

We:

When you interact with our Twitter profile or one of our posts, advertising activities or events (for example, „Liking“, commenting), subscribe to our Twitter profile or follow us, we get a notification from Twitter with your name, your profile picture and your interaction.
We are not able to delete the Twitter notifications, your tweets or other interactions.

Twitter:

Twitter collects information about how you use our Twitter profile (amongst others, interactions with tweets) and notifies us about it.

Further information about the scope and the purpose, as well as the legal basis of Twitter’s data processing, can be found on Twitter Privacy Policy.

Purpose and legal basis of the data processing

We will use the provided Data to learn about how you interact with regard to our Twitter profile and to be able to react to your interactions (for example, comments, „Likes“). The data processing is based on the aforementioned legitimate interest (Art. 6 sec. 1f GDPR).

 

Contacting us

Description and scope of data processing:

We:

When you contact us via Twitter, for example, when you send us messages via Twitter, we will receive the information provided by Twitter that includes your user name, your profile picture, your query as well as your contact data and will process these.
We will not be able to delete your making contact via Twitter.

Twitter:

Twitter will process the Data provided by you and will make them available to us.

Further information about the scope and the purpose, as well as the legal basis of Twitter’s data processing, can be found on Twitter Privacy Policy.

Purpose and legal basis of data processing:

We will process your Data as part of processing your query. The data processing is based on the aforementioned legitimate interest (Art. 6 sec 1f GDPR).

 

How Twitter will process your Data

When you visit our Twitter profile, Twitter will collect and process the Data previously described, as well as other different Data provided by you, through cookies and other tracking technologies, for example, to provide advertisers with statistics and analyses, market research, customization of features and contents. Twitter shares these Data with other companies and third parties and transmits Data to third countries outside of the European Union, such as the USA.
Further information about the scope and the purpose, as well as the legal basis of Twitter’s data processing, can be found in the Twitter Privacy Policy.

C) What rights do you have and how can you exercise these?

Withdrawal of consent

You can withdraw any consent you have granted to the processing of your Data at any time and with effect for the future. Please note that the withdrawal will have no impact on the legality of the previous data processing and that it does not extend to such data processing for which statutory authorisation exists and which can therefore be performed without your consent.

Other rights of data subjects

According to Art. 15 to 21 and 77 of the GDPR and if the conditions are met, you are furthermore entitled to the following rights.

Please note that we can only assist you in exercising your rights with regard to our data processing previously mentioned in II. A.

To exercise your rights with regard to Twitter´s data processing, please contact Twitter.

Access:

You can at any time demand provision of information on the Data of yours that we process and demand a copy of the Data stored on you, Art. 15 GDPR. Please note that further copies of the Data stored on you may be subject to a charge.

Correction:

You can demand the correction of incorrect Data as well as the completion of incomplete Data according to Art. 16 GDPR.

Erasure:

You can demand the erasure of your Data. Please note that the erasure does not include Data required for the execution and processing of contracts and to assert, exercise and defend against legal claims as well as Data for which statutory, supervisory or contractual retention obligations exist, Art. 17 GDPR.

Restriction of processing:

You can under certain circumstances demand the restriction of the processing, e.g. if you believe that your Data is incorrect if the processing is illegal or you have raised a complaint about the data processing. This will mean that without your consent your Data may only be processed in a very restricted way, e.g. to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities, Art. 18 GDPR.

Widerspruch gegen die Datenverarbeitung:

You have the option to object to the data processing for direct advertising purposes at any time. In addition, you can object at any time to data processing performed on the basis of a legitimate interest if there is a particular reason for doing so, Art. 21 GDPR. This also applies to profiling based on this provision according to Art. 4 No. 4 GDPR. In case of an objection your Data will no longer be processed, unless there are compelling and legitimate reasons for the processing that prevail over your interests, rights and freedoms or unless the processing serves to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities.

Data portability:

You have the right to receive the Data provided by you, which was processed based on your consent or in order to fulfil a contract, in a structured, commonly used and machine-readable format and the right to demand a direct transfer of this Data to third parties within the realms of what is technically possible, Article 20 GDPR.

Contact routes

You can assert your rights by means of the Contact details stated above.

Right to appeal to the competent data protection supervisory authority

If you, for example, consider that the processing of your Data is illegal or that your rights described above are not granted to you to the required extent, you have the right to file a complaint to the competent data protection supervisory authority.

 

Last revision: October 2020

 

 

VIII. Privacy Policy for the Use of Our LinkedIn page

 

Thank you for visiting our LinkedIn page. The protection of your personal data (hereinafter: Data) is very important to us. This Privacy Policy is designed to give you an overview of which Data we collect and process when you visit our LinkedIn page and contact us and what rights you have in relation to the processing of your Data.

A) Who are we and how you can contact us?

We,

CPU 24/7 GmbH
August-Bebel-Straße 26-53
14482 Potsdam

and

LinkedIn Ireland Unlimited Company
Wilton Place,
Dublin 2, Ireland

are responsible for protecting your Data.

If you have any questions regarding the processing of Data by LinkedIn and your relevant rights, please contact LinkedIn’s Data Protection Officer by means of the LinkedIn Data Policy.

If you have any questions regarding the processing of Data by us, regarding your rights or this Privacy Policy, please do not hesitate to contact our Group Data Protection Officer. He can be reached

by post at:

CPU 24/7 GmbH
Data Protection Officer
August-Bebel-Straße 26-53
14482 Potsdam

As well as by email at: datenschutzbeauftragter@cpu-24-7.com.

 

B) Data processing in connection with your visit to our LinkedIn page

How we process your Data

To interact with you on LinkedIn and align our LinkedIn page to the interests of our followers, we use the LinkedIn functions described below. The processing of the Data collected here is done by the staff responsible for the support of our LinkedIn page.

Analytics

Description and scope of data processing:

In the administrator view of our LinkedIn page, we receive information from LinkedIn about visitors, followers and updates to our LinkedIn page.

Purpose and legal basis of data processing:

These statistics help us learn how our LinkedIn page is being used. This enables us to improve the activities on our LinkedIn page as well as the design and the contents of our LinkedIn page, our advertising activities, our posts and our events. Hereon our legitimate interest is based (Art. 6 sec. 1f GDPR).

Notifications

Description and scope of data processing:

When you interact with our LinkedIn page or one of our posts, advertising activities or events (for example, „Liking“, commenting), subscribe to our LinkedIn page or follow us, we get a notification from LinkedIn with your name, your profile picture and your interaction.

We are not able to delete the LinkedIn notifications, your posts or other interactions.

Purpose and legal basis of the data processing:

We will use the provided Data to learn about how you interact with regard to our LinkedIn page and to be able to react to your interactions (for example, comments, „Likes“). The data processing is based on the aforementioned legitimate interest (Art. 6 sec. 1f GDPR).

Contacting us

Description and scope of data processing:

When you contact us via LinkedIn, for example, when you send us messages via LinkedIn, we will receive the information provided by LinkedIn that includes your user name, your profile picture, your query as well as your contact data and will process these.
We will not be able to delete your making contact via LinkedIn.

Purpose and legal basis of data processing:

We will process your Data as part of processing your query. The data processing is based on the aforementioned legitimate interest (Art. 6 sec 1f GDPR).

How LinkedIn will process your Data

When you visit our LinkedIn page, LinkedIn will collect and process the Data previously described, as well as other different Data provided by you, through cookies and other tracking technologies, for example, to provide advertisers with statistics and analyses, market research, customization of features and contents. LinkedIn shares these Data with other companies and third parties and transmits Data to third countries outside of the European Union, such as the USA.
Further information about the scope and the purpose, as well as the legal basis of LinkedIn’s data processing, can be found in the LinkedIn Data Policy.

 

C) What rights do you have and how can you exercise these?

Withdrawal of consent

You can withdraw any consent you have granted to the processing of your Data at any time and with effect for the future. Please note that the withdrawal will have no impact on the legality of the previous data processing and that it does not extend to such data processing for which statutory authorisation exists and which can therefore be performed without your consent..

Other rights of data subjects

According to Art. 15 to 21 and 77 of the GDPR and if the conditions are met, you are furthermore entitled to the following rights.

Please note that we can only assist you in exercising your rights with regard to our data processing previously mentioned in II. A.

To exercise your rights with regard to LinkedIn´s data processing, please contact LinkedIn.

Access:

You can at any time demand provision of information on the Data of yours that we process and demand a copy of the Data stored on you, Art. 15 GDPR. Please note that further copies of the Data stored on you may be subject to a charge.

Correction:

You can demand the correction of incorrect Data as well as the completion of incomplete Data according to Art. 16 GDPR.

Erasure:

You can demand the erasure of your Data. Please note that the erasure does not include Data required for the execution and processing of contracts and to assert, exercise and defend against legal claims as well as Data for which statutory, supervisory or contractual retention obligations exist, Art. 17 GDPR.

Restrictions of processing:

You can under certain circumstances demand the restriction of the processing, e.g. if you believe that your Data is incorrect if the processing is illegal or you have raised a complaint about the data processing. This will mean that without your consent your Data may only be processed in a very restricted way, e.g. to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities, Art. 18 GDPR.

Objection to the data processing:

You have the option to object to the data processing for direct advertising purposes at any time. In addition, you can object at any time to data processing performed on the basis of a legitimate interest if there is a particular reason for doing so, Art. 21 GDPR. This also applies to profiling based on this provision according to Art. 4 No. 4 GDPR. In case of an objection your Data will no longer be processed, unless there are compelling and legitimate reasons for the processing that prevail over your interests, rights and freedoms or unless the processing serves to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities.

Data portability:

You have the right to receive the Data provided by you, which was processed based on your consent or in order to fulfil a contract, in a structured, commonly used and machine-readable format and the right to demand a direct transfer of this Data to third parties within the realms of what is technically possible, Article 20 GDPR.

Contact routes

You can assert your rights by means of the Contact details stated above.

Right to appeal to the competent data protection supervisory authority

If you, for example, consider that the processing of your Data is illegal or that your rights described above are not granted to you to the required extent, you have the right to file a complaint to the competent data protection supervisory authority.

Last revision: July 2019

 

IX. Privacy Policy for business partners and employees of business partners of CPU 24/7 GmbH

 

In the following we inform you about how we process your personal data (“Data”) as a business partner or employee of a business partner. The protection of your Data is very important to us. This Privacy Policy is designed to give you an overview of which Data we collect and process and what rights you have in relation to the processing of your Data.

A) a) Who are we and how can you contact us?

We,

CPU 24/7 GmbH
August-Bebel-Str. 26-53
14482 Potsdam

are responsible for protecting your Data.
If you have any questions regarding the processing of data, regarding your rights or this Privacy Policy, please do not hesitate to contact our Group Data Protection Officer. He can be reached
By post at:

CPU 24/7 GmbH
August-Bebel-Str. 26-53
Datenschutzbeauftragter
14482 Potsdam

As well as by email at: Datenschutzbeauftragter[@]cpu-24-7.com.

B) Which Data do we process and how do we obtain the Data?

If you are our business partner or an employee of one of our business partners, we process your Data that we receive in the context of our business relationship with you or your employer.
These are in particular Data that are processed when using our IT systems and if you or your colleagues have contact with our employees.
In this context, the following categories of Data are processed by us:

  • Professional contact and organisational data: e.g. name, first name, title, academic degree, gender, name of the company you work for, department, e-mail address, postal address, telephone number;
  • Data on professional circumstances: e.g. job title, tasks, occupation, qualifications, advanced training and education, language skills, job-related assessments;
  • IT usage data: e.g. user ID, roles and rights, login times, computer name, IP address, user-specific settings, change documentation, log data;
  • Online data: e.g. IP address, location data, cookie data, data from analysis and tracking tools, websites accessed, log data;
  • Photos;
  • Information on work resources received and allocation plans: e.g. mobile phones, tablets, laptops, access authorisations;
  • Vehicle data: e.g. model, make, registration number, driving behaviour, position data, video and audio data during vehicle use;
  • Others: In addition, we may process other Data that is provided within the interaction with our employees or Data that we have collected about you from publicly available sources (e.g. commercial register, credit agencies, SCHUFA, press, publications) and statements with regard to data protection, such as declarations of consent to the processing of personal data.

C) Purposes and legal bases of data processing

1. Preparation, execution and termination of a business relationship between us and you or the business partner you work for

In order to evaluate and preselect suppliers and to prepare audits in the field of quality management, we process in particular professional contact and organisational data.

For general communication, processing service contracts, appointment organisation, event and participant management, billing between us and the business partner, bookkeeping and debt collection, reporting, administration, fulfilment of tax control and notification obligations, we process, in particular, your professional contact data.

Within the scope of (joint) project work, we use databases and tools in which contact persons are stored and user accounts are created (see also section 3 for the latter). In particular, we process professional contact data, online data and IT usage data.

We process the Data on the basis of the following legal bases:

  • Contract initiation and execution if you are in person our business partner (Art. 6 sec. 1 lit. b GDPR)
  • Fulfilment of legal obligations (Art. 6 sec. 1 lit. c GDPR in conjunction with legal and administrative requirements, e.g. from tax and commercial law)
  • Prevailing legitimate interests (Art. 6 sec. 1 f GDPR): Our legitimate interest lies in the functioning and practicable cooperation with our business partners.

2. Generating and administering access authorisations to premises, buildings, test areas and issuing key cards and tokens

In order to issue visitor passes and access authorisations, identify visitors and authorised persons, administer visitors, issue entry and/or parking authorisations for visitor vehicles, we process, in particular, professional contact and organisational data, IT usage data, photos and other data relating to the resource handed over.

We process the Data on the basis of the following legal bases:

  • Contract initiation and execution if you are in person our business partner (Art. 6 sec. 1 lit. b GDPR)
  • Prevailing legitimate interests (Art. 6 sec. 1 f GDPR): Our legitimate interest lies in the protection of our business and trade secrets and our house rights by means of controlling the access rights to our buildings and premises.

3. IT administration

In order to allocate IT system access, administration of authorisations, IT support, proof of changes to information in IT systems, unambiguous identification of the user for the secure operation of IT systems, detection and tracking of unauthorised access attempts and accesses, we process, in particular, professional contact data, online data and IT usage data.

We process the Data on the basis of the following legal basis:

  • Prevailing legitimate interests (Art. 6 sec. 1 f GDPR): Our legitimate interest lies in ensuring the security and integrity of the IT systems used, the troubleshooting, the tracking of unauthorized access and access attempts and the fulfillment of our obligations in the area of data security.

4. Safeguarding and defending our rights and disclosure in the context of administrative/judicial measures

For the exercise and assertion of rights and claims, disclosure within the framework of national, European or non-European administrative/judicial measures for the purposes of gathering evidence, criminal prosecution, for the execution of internal investigations, within the framework of legal defence, preparation of the assertion of claims and assertion of civil law claims, processing of enquiries of data subjects in accordance with the GDPR, we process, in particular, professional contact and organisational data, data on professional conditions, IT usage data, online data, photos, information on work resources received and allocation plans, vehicle data and other Data which can contribute to clarifying the facts of the case.

We process the Data on the basis of the following legal bases:

  • Fulfilment of legal obligations (Art. 6 sec. 1 lit. c GDPR in conjunction with legal and administrative requirements, e.g. from tax and commercial law)
  • Prevailing legitimate interests (Art. 6 sec. 1 f GDPR): Our legitimate interest lies in the assertion and defence of our rights and the fulfilment of legal and administrative requirements.

5. Direkt marketing

In order to carry out surveys, market analyses, to inform you about our competences and projects as well as to send out event invitations and Christmas post, we particularly process your professional contact data.

We process the Data on the basis of the following legal bases:

  • Consent (Art. 6 sec. 1 lit. a GDPR)
  • Prevailing legitimate interests (Art. 6 sec. 1 f GDPR): Our legitimate interest lies in the optimisation of our business processes and the long-term loyalty of our business partners.

D) How long do we store your data?

We store your Data as long as we need it for the specific processing purpose. We regularly store your Data for at least the duration of the business relationship with you or the business partner you work for.

In addition, we store certain Data for the duration of statutory limitation periods (usually 3 years, in individual cases up to 30 years) and as long as statutory retention periods (e.g. from the German Commercial Code, the Tax Code) stipulate (generally a maximum of 10 years).

Under certain circumstances, your Data must also be retained for a longer period of time, e.g. if, in connection with an administrative or judicial procedure, a prohibition of data deletion is ordered for the duration of the procedure or in case of documents concerning, for example, the construction phase of our products must be retained for a longer period of time due to product liability reasons.

E) Who receives your Data?

Departments within CPU 24/7
Within CPU 24/7, access to your Data shall only be provided to those departments / persons who require this for the purposes described.

Service providers that support us
We will transfer your Data to our service providers, e.g. in the fields of

  • IT services,
  • Development services,
  • Event services,
  • Post and telecommunications,
  • Advice, legal advice, insurances,
  • Compliance and data protection,
  • Distribution and marketing
  • as well as communication.

These service providers are contractually obliged to maintain confidentiality and fulfill the requirements under data protection law. Service providers that are processors have signed a contract, which guarantees that Data will be processed strictly according to our instructions.

Others
As part of the project work, we may also transmit Data to project partners such as affiliates of CPU 24/7 or universities.

In addition, we transmit your Data to national, European or non-European authorities (e.g. tax office, police, public prosecutor’s office, social insurance carriers) or courts within the scope of their respective responsibilities, if we are obliged to do so by law or by order.

Also, in these cases we transfer your Data only in so far as this is necessary for the respective purposes.

F) Do you have an obligation to provide any Data?

As far as we need Data in connection with the execution/handling of the business relationship as well as the projects, you are obliged to make them available, as otherwise we are not able to provide the services owed by us.

If you are obliged by law to provide us with Data, we will point this out to you when collecting the Data.

G) Are Data transferred to a third country??

GWe try to avoid transferring your Data to a third country, i.e. a country outside the European Union or the European Economic Area.

However, if a transfer should occur because, for example, a service provider or project partner has its head office in a third country, we will only transfer the Data if an adequate level of data protection in the third country is ensured in accordance with an adequacy decision of the European Commission or if appropriate safeguards (such as data protection agreements including the standard contractual clauses of the European Commission or the participation in the EU-US Privacy Shield) can guarantee an adequate protection of Data.

For instance, our contracts with processors usually contain the conclusion of the standard contractual clauses of the European Commission when the processor is established in a third country. A copy of these guarantees will be provided on request. Please use the contact routes mentioned in this privacy policy.

H) What rights do you have and how can you exercise these?

a. Withdrawal of consent

You can withdraw any consent you have granted to the processing of your Data at any time and with effect for the future. Please note that the withdrawal will have no impact on the legality of the previous data processing and that it does not extend to such data processing for which statutory authorisation exists and which can therefore be performed without your consent.

b. Other rights of data subjects

DAccording to Art. 15 to 21 and 77 of the GDPR and if the conditions are met, you are furthermore entitled to the following rights:

Access:
You can at any time demand provision of information on the Data of yours that we process and demand a copy of the Data stored on you, Art. 15 GDPR.

Correction:
You can demand the correction of incorrect Data as well as the completion of incomplete Data according to Art. 16 GDPR.

Erasure
You can demand the erasure of your Data. Please note that the erasure does not include Data required for the execution and processing of contracts and to assert, exercise and defend against legal claims as well as Data for which statutory, supervisory or contractual retention obligations exist, Art. 17 GDPR.

Restriction to data processing:
You can under certain circumstances demand the restriction of the processing, e.g. if you believe that your Data is incorrect, if the processing is illegal or you have raised a complaint about the data processing. This will mean that without your consent your Data may only be processed in a very restricted way, e.g. to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities, Art. 18 GDPR.

WObjection to data processing:
You have the option to object to the data processing for direct advertising purposes at any time. In addition, you can object at any time to data processing performed on the basis of a legitimate interest if there is particular reason for doing so, Article 21 GDPR

Data portability:
You have the right to receive the Data provided by you, which was processed based on your consent or in order to fulfill a contract, in a structured, commonly used and machine-readable format and the right to demand a direct transfer of this Data to third parties within the realms of what is technically possible, Article 20 GDPR.

c. Contact routes

You can exercise your rights by means of the following contact details:
By post at:

CPU 24/7 GmbH
Datenschutzbeauftragter
August-Bebel-Str. 26-53
14482 Potsdam
As well as by email at: datenschutzbeauftragter[@]cpu-24-7.com.

d.Right to appeal to the competent data protection supervisory authority

If you, for example, consider that the processing of your Data is illegal or that your rights described above are not granted to you to the required extent, you have the right to file a complaint to the competent data protection supervisory authority.

Last revision: May 2020

Last revision: October 2020