Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows the visited websites and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified by the unique cookie ID.
3.1 Cookie management of different browsers
The data subject can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programmes. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.
– Google Chrome
– Internet Explorer
– Safari Mobile
4. collection of general data and information
The website SOPAT collects a series of general data and information every time a data subject or automated system calls up the website. This general data and information is stored in the log files of the server. The types and versions of browsers used, the operating system used by the accessing system, the website from which an accessing system accesses our website (so-called referrer), the subpages accessed via an accessing system on our website, the date and time of an access to the website, an Internet protocol address (IP address), the Internet service provider of the accessing system and other similar data and information that serve to avert danger in the event of attacks on our information technology systems may be recorded.
When using these general data and information, the SOPAT does not draw any conclusions about the data subject. This information is needed to deliver the contents of our website correctly, to ensure the long-term functionality of our information technology systems and the technology of our website, and to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. Therefore, the SOPAT analyzes anonymously collected data and information on one hand, and on the other hand, with the aim of increasing the data protection and data security of our enterprise so as to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.
5. contact option via the website
Based on statutory provisions, the website SOPAT contains data that enable a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or by using the contact form, the personal data transmitted by the data subject will be stored automatically. Such personal data transmitted on a voluntary basis by a data subject to the controller will be stored for the purposes of processing or contacting the data subject.
6. routine erasure and blocking of personal data
The controller shall process and store personal data of the data subject only for the period of time necessary to achieve the purpose of storage or where provided for by the European Directive and Regulation or other legislator in laws or regulations to which the controller is subject.
If the storage purpose ceases to apply or if a storage period prescribed by the European Directive and Regulation Maker or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
7. rights of the data subject
SOPAT will be happy to inform the data subject which personal data is stored about him or her (§ 34 BDSG information to the data subject). The information is free of charge, will be processed by us immediately and is usually sent by e-mail. In order to receive detailed information, please state, if possible, the type of personal data for which information is requested. In order to ensure that the person requesting information is also the person he or she claims to be, we require proof of identity. This can be a copy of an official identification document. Please black out or make unrecognisable any serial numbers, passport numbers or similar. We will only use this copy for identification purposes and to process the request.
7.2 Correction, deletion or blocking:
Furthermore, there is the right to correction, deletion or blocking of personal data. In order to exercise these and other data subject rights, a data subject may contact us at any time at the contact address given above.
All rights can be read in detail here: http://www.bvdw-datenschutz.de/dsgvo/kapitel-3
SOPAT uses the prescribed encryption via SSL protocol (Secure Sockets Layer). This is an encryption method for confidential, authentic and integrity-protecting end-to-end data transmission. The TLS protocol (Transport Layer Security) is a security protocol based on SSL. By integrating the encryption certificates, a so-called transport encryption is made possible. This protects the communication from unauthorised access by third parties.
9. Legal basis for data processing
Art. 6 I lit. a DS-GVO serves as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for a delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 I lit. b DS-GVO. The same applies to processing operations that are necessary for the implementation of pre-contractual measures, for example in the case of enquiries about our products or services. If our company is subject to a legal obligation by which the processing of personal data becomes necessary, such as for the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c DS-GVO. In rare cases, the processing of personal data might become necessary in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d DS-GVO. Finally, processing operations could be based on Art. 6 I lit. f DS-GVO. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. We are permitted to carry out such processing operations because they were specifically mentioned by the European legislator. It considered that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, sentence 2 of the GDPR).
10. legitimate interests in the processing pursued by the controller or a third party.
If the processing of personal data is based on Article 6 I lit. f DS-GVO, our legitimate interest is the performance of our business activities for the benefit of the well-being of all our employees.
11. duration for which the personal data is stored
The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfilment or initiation of the contract.
12. legal or contractual regulations for the provision of personal data
The provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). It may be necessary for a contract to be concluded for a data subject to provide us with personal data which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before providing personal data by the data subject, the data subject must contact one of our employees. Our employee will explain to the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences of not providing the personal data would be.
13. existence of automated decision-making
We do not use automated decision making or profiling.
14. protection of minors
Persons under the age of 18 should not transmit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and young people. We do not knowingly collect such data and do not pass it on to third parties.
15 Links to websites of other providers
Our online offer may contain links to websites of other providers. These websites are subject to the liability of the respective operators. SOPAT has no influence whatsoever on the current and future design and content of the linked sites, nor on whether these providers comply with data protection regulations. The inclusion of external links does not imply that the provider adopts the content behind the reference or link as its own. It is not reasonable for the provider to constantly monitor the external links without concrete indications of legal violations.
Datenschutzhinweise von Facebook
Datenschutzhinweise von YouTube
Datenschutzhinweise von LinkedIn
15.1 Social plugins
SOPAT uses social plugins (“plugins”) from YouTube. With the help of these plugins you can, for example, watch a video, share content or recommend products. The plugins are deactivated by default and therefore do not send any data. You can activate the plugins by clicking on the “Playbutton”.
If these plugins are activated, your browser establishes a direct connection with the servers of the respective social network as soon as you call up a web page of our website. The content of the plugin is transmitted directly from the social network to your browser, which then integrates it into the website. By integrating the plugins, the social network receives the information that you have accessed the corresponding page of our website. If you are logged in to the social network, it can assign the visit to your account. If you interact with the plugins, for example by watching a video, the corresponding information is transmitted directly from your browser to the social network and stored there. For the purpose and scope of the data collection and the further processing and use of the data by social networks, as well as your rights in this regard and setting options for protecting your privacy, please refer to the data protection notices of the respective networks or websites. You will find the links to these above.
Even if you are not logged in to the social networks, data can be sent to the networks by websites with active social plugins. An active plugin sets a cookie with an identifier each time the website is accessed. Since your browser sends this cookie with every connection to a network server without being asked, the network could in principle use it to create a profile of which websites the user belonging to the identifier has called up. And it would then also be quite possible to assign this identifier to a person again later – for example when logging on to the social network later. We use the following plugins on our websites: YouTube.
If you do not want social networks to collect data about you via active plugins, you can either watch the video directly on YouTube or select the “Block third-party cookies” function in your browser settings. Information on different browsers can be found under point 3.1 above. The browser does not send cookies to the server for embedded content from other providers. However, with this setting, in addition to the plug-ins, other cross-page functions may no longer work.
16 Data protection for applications and in the application procedure
The controller collects and processes the personal data of applicants for the purpose of managing the application procedure. The processing may also be carried out electronically. This is in particular the case when an applicant submits relevant application documents to the controller by electronic means, for example by e-mail or via a web form located on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents are automatically deleted two months after the notification of the rejection decision, provided that no other legitimate interests of the controller conflict with such deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).
17. SOPAT uses a rented web space with the location Germany.
18. SOPAT uses Google products
18.1 Google Drive
We use Google Drive to create and store documents and data in the Google Cloud.
For this purpose, the EU-Standardvertragsklauseln and the Zusatz zur Datenverarbeitung signed.
18.2 Google Fonts
18.3 Google Analytics (with anonymisation function)
SOPAT uses Google Analytics (with anonymisation function). Google Analytics is a web analysis service. Web analysis is the collection, compilation and evaluation of data about the behaviour of visitors to websites. A web analysis service collects, among other things, data on which website a data subject came to a website from (so-called referrers), which sub-pages of the website were accessed or how often and for how long a sub-page was viewed. A web analysis is mainly used to optimise a website and to analyse the costs and benefits of internet advertising.
The operating company of the Google Analytics component is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The controller uses the addition “_gat._anonymizeIp” for web analysis via Google Analytics. By means of this addition, the IP address of the Internet connection of the data subject is shortened and anonymised by Google if access to our Internet pages is from a member state of the European Union or from another state party to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us showing the activities on our website and to provide other services in connection with the use of our website.
Google Analytics sets a cookie on the information technology system of the data subject. By setting the cookie, Google is enabled to analyse the use of our website. Each time one of the individual pages of this website operated by the data controller is called up and on which a Google Analytics component has been integrated, the internet browser on the data subject’s information technology system is automatically caused by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks and subsequently to enable commission calculations.
By means of the cookie, personal information, such as the time of access, the location and the terminal device used from which access originated and the frequency of visits to our website by the data subject, is stored. Each time the data subject visits our website, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to and stored by Google in the United States of America. Google may pass on this personal data collected via the technical procedure to third parties.
The data subject can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used, as already described above, and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programmes.
Furthermore, the data subject has the possibility to object to the collection of data generated by Google Analytics and related to the use of this website as well as to the processing of such data by Google and to prevent such processing. For this purpose, the data subject must download and install a browser add-on at the following link:
https://www.google.de/intl/de/policies/privacy/ and under http://www.google.com/analytics/terms/de.html
18.4 Google Tag Manager
We also use the Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.
We may ask our customers for permission to share some product data (e.g. account information) with other Google products to enable certain features, such as making it easier to add new conversion tracking tags for AdWords. In addition, our developers review product usage information from time to time to further optimise the product. However, we will never share data of this nature with other Google products without the user’s consent.
18.5 YouTube deployment and use
The controller has integrated YouTube components on this website. YouTube is an Internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them, also free of charge. YouTube allows the publication of all kinds of videos, which is why complete film and television programmes, but also music videos, trailers or videos made by users themselves can be accessed via the internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Each time one of the individual pages of this website operated by the data controller is called up and on which a YouTube component (YouTube video) has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information on YouTube can be found at https://www.youtube.com/yt/about/de/. Within the scope of this technical procedure, YouTube and Google receive information about which specific sub-page of our website is visited by the data subject.
If the data subject is logged into YouTube at the same time, YouTube recognises which specific sub-page of our website the data subject is visiting when a sub-page containing a YouTube video is called up. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google always receive information via the YouTube component that the data subject has visited our website if the data subject is logged into YouTube at the same time as calling up our website; this takes place regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not want this information to be transmitted to YouTube and Google, he or she can prevent the transmission by logging out of his or her YouTube account before accessing our website.
The data protection provisions published by YouTube, which can be accessed at https://www.google.de/intl/de/policies/privacy/, provide information on the collection, processing, and use of personal data by YouTube and Google.
Google’s entire data protection provisions within the meaning of the GDPR can be read here: https://policies.google.com/privacy?hl=de
19. SOPAT uses Rapidmail
SOPAT’s newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in such emails that are sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, SOPAT may see if and when an e-mail was opened by a data subject, and which links contained in the e-mail were called up by the data subject.
Such personal data collected via the tracking pixels contained in the newsletters are stored and evaluated by the controller in order to optimize the newsletter dispatch and to better adapt the content of future newsletters to the interests of the data subject. This personal data will not be disclosed to third parties. Data subjects are entitled at any time to revoke the separate declaration of consent given in this regard via the double opt-in procedure. After a revocation, this personal data will be deleted by the data controller. The SOPATs automatically regards a withdrawal from the receipt of the newsletter as a revocation.
A contract for commissioned data processing has been signed with Rapidmail.
The entire data protection provisions within the meaning of the DSGVO of Rapidmail can be read here: https://www.rapidmail.de/newsletter-marketing-dsgvo-und-datenschutz-konform
20. SOPAT uses Salesforce
Contact data such as first name, last name, e-mail address, telephone number and professional data of customers are stored here, which serve to maintain the business relationship.
A contract for data processing has been signed with Salesforce.
The entire data protection provisions within the meaning of the GDPR of Salesforce can be read here: https://www.salesforce.com/de/campaign/gdpr/
21. SOPAT uses LinkedIn
We use the conversion tracking technology and the retargeting function of LinkedIn Corporation on our website. With the help of this technology, visitors to this website can be shown personalized advertisements on LinkedIn. Furthermore, it is possible to create anonymous reports on the performance of the advertisements as well as information on website interaction. For this purpose, the LinkedIn Insight tag is integrated on this website, which establishes a connection to the LinkedIn server if you visit this website and are logged in to your LinkedIn account at the same time.
If you are logged in to LinkedIn, you can deactivate the data collection at any time under the following link: https://www.linkedin.com/psettings/enhanced-advertising.