1. DATA PROTECTION AT A GLANCE

GENERAL NOTES

What happens to your personal data when you visit this website? Personal data refers to all data with which you can be personally identified.

WHO IS RESPONSIBLE FOR THE COLLECTION OF DATA ON THIS WEBSITE?

QSANO GmbH Managementberatung
Martin Nowak, Eva Sachner
Hauptstr. 40
77871 Renchen
Phone: 07843 4509980
Email: datenschutz@qsano.de

HOW DO WE COLLECT YOUR DATA?

Your data is collected on the one hand by you providing it to us, other data is collected automatically or after your consent when you visit the website by our IT systems. The website uses a cookie consent from Usercentrics. Technical data (e.g. internet browser, operating system, etc.) is collected. This data is collected automatically as soon as you enter this website.

We would like to point out that the online transmission of data (such as via email) may be exposed to security gaps. Completely protecting data against third-party access is impossible.

WHAT DO WE USE YOUR DATA FOR?

The data is collected to ensure error-free provision of the website. We do NOT collect data to analyse your user behaviour.

WHAT RIGHTS DO YOU HAVE WITH REGARD TO YOUR DATA?

You have the right to obtain information about the origin, recipient and purpose of the personal data stored by us free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. In addition, you have the right to request the restriction of the processing of your personal data in certain circumstances. You also have the right to appeal to the competent supervisory authority.

You can contact us at any time at the address given if you have any further questions on the subject of data protection.

2. Hosting

We host our website at domainfactory GmbH, Oskar-Messter-Str. 33, 85737 Ismaning, Deutschland, Tel.: +49 89 998 288 026, https://www.df.eu/de/datenschutz/

Domainfactory GmbH is used on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in presenting our website as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

We have concluded a contract for order processing domainfactory GmbH. This is a contract stipulated by data protection law, which ensures that domainfactory GmbH processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

GOOGLE WEB FONTS (LOCAL HOSTING)

To ensure that fonts are presented as uniformly as possible, this website uses “web fonts” which are made available by Google. The Google fonts are installed locally. There is no connection to Google servers.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's data protection declaration: Google: https://policies.google.com/privacy?hl=de.

3. STORAGE DURATION

Unless a specific storage period is specified in this data protection declaration, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a justified request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (for example, retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.

4. SSL- TLS ENCRYPTION

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as enquiries that you send to us as site operator. You can check you have an encrypted connection when you see that the browser address field has changed from “http://” to “https://” and when you see the lock symbol in the browser address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

5. Cookies

Our Internet pages use so-called "cookies". Cookies are small text files and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser automatically deletes them.

Cookies have various functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behaviour or to display advertising.

Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to optimise the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 para. 1 lit. f of the GDPR provided no other legal basis has been stipulated. The website owner has a legitimate interest in the storing of cookies for the technically correct and optimised delivery of its services. If a corresponding consent has been requested (e.g. consent to the storage of cookies), processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a GDPR; the consent can be revoked at any time.

You can configure your browser to inform you about the use of cookies so that you can decide to accept or reject each cookie. Alternatively, your browser can automatically accept cookies under certain conditions or always reject them, and you can also tell it to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

6. SERVER LOG FILES

The website provider automatically collects and stores information in what are known as server log files, which your browser automatically sends to us. These data include:

  • Browser type and version
  • your operating system
  • referrer URL
  • host name of the accessing computer
  • time of the server request
  • IP address

This data will not be combined with data from other sources.

The legal basis for collecting these data is Article 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of the website - to ensure this, server log files must be recorded.

7. We have integrated rating seals from ProvenExpert on this website.


Provider is Expert Systems AG, Quedlinburger Str. 1, 10589 Berlin, https://www.provenexpert.com.

The ProvenExpert seal enables us to display customer reviews submitted to ProvenExpert about our company in a seal on our website. When you visit our website, a connection is established with ProvenExpert so that ProvenExpert can determine that you have visited our website. Furthermore, ProvenExpert collects your language settings in order to display the seal in the selected national language.

The following can be recorded in detail:

  • The types and versions of browsers used
  • The operating system used by the accessing system
  • The websites from which an accessing system reaches our websites (referrer)
  • The subpages accessed via an accessing system on our websites
  • The date and time of access to the websites
  • An Internet Protocol (IP) address
  • Other similar data and information that serve to prevent risks in the event of attacks on the provider's IT systems

The use of ProvenExpert is based on Art. 6(1)(f) of the General Data Protection Regulation (GDPR). The website operator has a legitimate interest in presenting customer reviews in a transparent manner. If consent has been obtained, the processing is based exclusively on Art. 6(1)(a) of the GDPR; consent can be revoked at any time.

You can find the provider's privacy policy here: https://www.provenexpert.com/en-en/privacy-policy/

8. Consent management with Consent Manager Provider

Our website uses the cookie consent technology of Consent Manager Provider to obtain your consent to the storage of certain cookies on your terminal device and to document this in a data protection compliant manner. The provider of this technology is consentmanager AB, Håltegelvägen 1b, 72348 Västerås, Sweden, website: https://www.consentmanager.de (hereinafter "Consent Manager Provider").

When you enter our website, a connection is established to the servers of Consent Manager Provider in order to obtain your consent and other declarations regarding the use of cookies. Consent Manager Provider then stores a cookie in your browser in order to be able to allocate the consents given to you or their revocation. The data collected in this way is stored until you request us to delete it, delete the Consent Manager Provider cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected. Consent Manager Provider is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c DSGVO.

9. Data Protection Officer

We have appointed a data protection officer.

Sachner GmbH – Intelligente Lösungen
Wilhelm-Busch-Str. 4
77871 Renchen

Phone: +49 7843 4509900
E-mail: datenschutz@sachner.com

10. ENQUIRIES BY EMAIL, PHONE OR FAX

If you contact us by email, telephone or fax, we will store and process your inquiry including all resultant personal data (name, inquiry) in order to handle your issue. We will not share this information without your consent.

The legal basis for collecting these data is Article 6 para. 1 lit. b GDPR, where your enquiry is in connection with fulfilment of a contract, or is required for execution of pre-contractual activities. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries sent to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this was queried.

We shall keep the data you enter in the contact form until you ask us to delete them, you revoke your consent for them to be stored or until the purpose for data storage no longer applies (e.g. after your issue has been processed). Mandatory statutory provisions, especially statutory retention periods, remain unaffected.

11. SOCIAL MEDIA

OUR SOCIAL MEDIA PRESENCES - DATA PROCESSING BY SOCIAL NETWORKS

We have publicly accessible profiles in social networks. The social networks that we personally use can be found below.

Social networks such as Facebook, Google+ etc. can generally analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. “like” buttons or ad banners). Visiting our social media sites triggers numerous processing processes relevant to data protection. In detail:

If you are logged into your social media account and you visit our social media platform, the operator of the social media portal can assign this visit to your user account. Under certain circumstances your personal data can also be gathered if you are not logged in or do not have an account with the respective social media portal. In this case, the data is acquired via cookies that are stored on your end device or by recording your IP address.

With the help of data acquired in this manner, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you will be shown interest-related advertising within and outside the respective social media platforms. Provided you have an account with the respective social network, the interest-related advertising can be shown on all the devices on which you are logged in or were logged in.

Furthermore, please note that we cannot follow all processing operations on the social media platforms. Therefore, depending on the provider other processing operations can be carried out by the operators of the social media portals. Details on this can be found in the terms of use and data protection regulations of the respective social media portals.

LEGAL BASIS

Our social media appearances should guarantee a comprehensive presence on the internet. This concerns a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks are based on differing legal bases, which must be stated by the operators of the social networks (e.g. consent pursuant to Art. 6 para. 1 lit. a of the GDPR).

DATA CONTROLLER AND ASSERTION OF RIGHTS

If you visit one of our social media pages (e.g. Facebook), the operator of the social media platform as well as our team will be responsible for the data processing operations triggered by this visit. You can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. Facebook).

Please note that despite joint responsibility with the operators of the social media platforms, we do not have complete influence on the data processing operations of the social media portals. Our possibilities largely depend on the corporate policy of the respective provider.

STORAGE DURATION

The data collected directly by us via the social media page will be deleted by our systems as soon as the purpose for the storage of such data is not longer applicable, your request us to delete the data, you revoke your consent to the storage or the reason for the data storage is no longer applicable. Stored cookies remain on your device until you delete them. Mandatory legal provisions - especially retention periods - remain unaffected.

We have no influence on how long the operators of the social networks save your data for their own purposes. For more detail, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Facebook

We have a Facebook profile. The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. We have signed an agreement with Facebook on shared processing (controller addendum). This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. https://www.facebook.com/legal/terms/page_controller_addendum. . For details, go to the Facebook privacy policy: https://www.facebook.com/about/privacy/.

12. VIDEO CONFERENCES

DATA PROCESSING

We use online conference tools for communication with our customers. The tools we use in detail are listed below. If you communicate with us by video or audio conference via the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.

The conference tools collect all data that you provide/enter to use the tools (email address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other "contextual information" related to the communication process (metadata).

Furthermore, the provider of the tool processes all technical data required for the handling of online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker as well as the type of connection.

If content is exchanged, uploaded or made available in any other way within the tool, it is also stored on the servers of the tool provider. Such content includes in particular cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information that is shared while using the service.

Please note that we do not have full control over the data processing operations of the tools used. Our possibilities largely depend on the corporate policy of the respective provider. For further information on data processing by the conference tools, please refer to the data protection statements of the respective tools used, which we have listed below this text.

PURPOSE AND LEGAL BASIS

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 Para. 1 lit. b GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest in the sense of Art. 6 para. 1 lit. f of the GDPR). Insofar as consent has been requested, the tools in question are used on the basis of this consent; consent can be revoked at any time with effect for the future.

STORAGE DURATION

The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

CONFERENCE TOOLS USED

We use Jitsi Meet. If you communicate with us via Jitsi Meet, all data associated with this communication process will only be processed on our servers (on premise).

13. APPLICANT DATA

Submitted application documents and other data collected in the course of the application process that can be personally assigned to you as an applicant are protected personal data within the meaning of Art. 4 No. 1 GDPR. Your personal data is collected and processed by our company exclusively within the framework of data protection regulations. In accordance with the applicable data protection law, your personal data may only be collected, stored, disseminated or used (data processing, Art. 4 No. 2 GDPR) if this is expressly permitted or ordered by law or if you have given your effective consent (Art. 6 Para. 1 S. 2 a) in conjunction with Art. 7 GDPR).

Processing of your personal data is particularly permitted if this is necessary for the decision on the establishment of an employment relationship or, after the establishment of the employment relationship, for its implementation or termination (Section 26 (1) of the Federal Data Protection Act (BDSG), Article 6 (1) p . 2 b) GDPR). The same applies insofar as the data processing is necessary to protect the legitimate interests of the controller for purposes other than the employment relationship and there is no reason to assume that your legitimate interest as a data subject in the exclusion of the processing or use outweighs this (Art. 6 para. 1 p. 2 f) GDPR).

We ask that applications be submitted exclusively via karriere@qsano.de.

In principle, we only use your application documents to decide on filling the position for which you have expressly applied. In the course of the application process, further personal data may be collected from you personally, from generally accessible sources or from former employers and trainers for this information purpose. The legal basis for data processing is Art. 6 Paragraph 1 Sentence 2 b) GDPR, Section 26 Paragraph 1 BDSG. If the application process does not result in your being hired, we will regularly delete and destroy your applicant data as soon as a period of six months has passed after you or our company have given you a final rejection.

Should an application procedure lead to a recruitment, we will include your application documents in your personnel file as far as necessary on the basis of Art. 6 para. 1 p. 2 b) GDPR, § 26 para. 1 BDSG in order to provide information about your personality profile and qualifications for the purpose of implementing the employment relationship. This is done irrespective of whether you have subsequently revoked any consent you may have given. In this case, your application documents will only be regularly deleted and destroyed when your employment relationship is terminated again and a further three years have elapsed since the end of the year of termination.