Status: March 2020
1 General Information
1.1 Preliminary remark
The protection of your privacy in the processing of personal data is an important concern for us, which we take into account in our business processes. We process personal data collected during your visit to our website or other exchanges confidentially and in compliance with the provisions of the EU Data Protection Regulation (DSGVO), the Federal Data Protection Act (BDSG) and all other relevant laws.
exoIQ takes security precautions to protect your data managed by us against manipulation, loss, destruction, access by unauthorized persons or unauthorized disclosure. Our security measures are constantly being improved according to technological development.
- Accessing or visiting the website
- Entering into, processing and handling of contractual relationships
- Within the framework of an application procedure
- Within the framework of joint project work
- In the context of the initiation and implementation of cooperation
1.3 Responsible person:
- The data will be collected and processed by exoIQ and its affiliated companies [in particular TTS Tooltechnic Systems AG & Co KG] and will only be used to fulfill the respective business purpose.
- You can reach our data protection officer at email@example.com or at our postal address with the addition “die Datenschutzbeauftragte”.
2 How is your personal data processed?
2.1 General information on the purposes of processing
Essentially, we collect, store and process your personal data only to fulfil a contractual obligation towards you, to carry out an application procedure or if you have given us your consent. However, we also use your data to comply with procedures or statutory provisions that affect us, insofar as this is necessary to protect our own interests or the legitimate interests of others, or to enforce, protect or exercise our rights or defend ourselves against claims.
2.2 Data that you provide us with
- As a rule, you can use our website without providing us with any personal information directly.
- For entering into, processing and handling contractual relationships, the collection and processing of personal data is particularly necessary to enable us to fulfil our contractual obligations.
- For the purpose of submitting and processing an application, the collection and processing of your personal data is necessary. Your personal data is usually collected directly from you. We would like to draw your attention to the fact that you must provide those personal data within the scope of the respective application process that are necessary for the implementation of the application process. If you make use of your right of objection in this respect or do not provide us with this data, we will not be able to process your application. The primary legal basis for this is § 26 para. 1 BDSG.
- It may become necessary to collect and process personal data in the course of joint project work. Your personal data is usually collected directly from you after you have given your explicit consent. The participation in such projects is voluntary.
2.3 Data that we automatically receive through your use of our online services
Some data already accumulates when you visit our homepage.
2.3.1 Protocol data
The automatically accruing data includes the protocol data of the web server. We activate this logging only in exceptional cases to investigate support cases and to ensure stability and security (Art. 6 para. 1 lit. f) DS-GVO). Each data record consists of:
- Date and time of the request
- Client and server IP address, port and protocol status the name of the called file or page and the length of the request
- Browser type and referrer (last page called up by the client)
- These data are evaluated anonymously for technical purposes only. Statistical evaluations are not carried out.
3 Who gets your data?
Within our company, only persons and departments involved in the process (e.g. specialist departments, group companies) are given access to your personal data.
External recipients: We only pass on your personal data to external recipients outside exoIQ if this is necessary to process the process, if another legal permission exists or if we have your consent.
External recipients can be:
a) Public authorities:
As far as we have to transmit personal data to authorities and state institutions (e.g. courts, financial authorities) for compelling legal reasons, this transmission is based on Art. 6 para. 1 c) DSGVO.
b) Other external recipients:
In addition, we may transfer your personal data to other recipients outside the company / group of companies, insofar as this is necessary to fulfil a contractual or other legal obligation (e.g. bank).
4 Which categories of data do we use?
Depending on your relationship with us (website visitors, applicants, business partners, etc.) we use the following categories of data about you.
4.1 For the initiation, implementation and termination of joint projects or contractual relationships, the following categories are particularly important
- Personal master data (e.g. first and last name, address, gender, position in the company, affiliation to company, photo)
- Communication data (e.g. e-mail, (mobile) phone)
4.2 In the application process
The categories of personal data processed include in particular your
- Personal master data (e.g. first and last name, address, gender, date of birth, profile photo)
- Documents (e.g. diplomas, certificates, curriculum vitae)
- Communication data (e.g. e-mail, (mobile) phone)
- Travel expense report (e.g. bank details)
- This may include special categories of personal data such as health data. These are processed in accordance with Art. 9 II letter b) and possibly h) DPA.
4.3 In joint project work
the categories of personal data processed include in particular your
- Personal master data (e.g. first and last name, gender, body measurements)
- Video and image material for carrying out movement analyse
5 How long is your data stored?
- For the initiation, implementation and termination of joint projects or contractual relationships
We will delete your data 6 months after the end of the initiative unless you have explicitly agreed to future use.
- In the application process
We will delete your personal data after 6 months, calculated from the date of filling the position for which you have applied or if you have objected to the processing for the future.
6 Which data protection rights can you assert as a data subject?
6.1 Right to information
You can request information about the data stored about your person from the respective person responsible for data processing.
6.2 Right of correction and deletion
You can demand that we correct incorrect data and delete your personal data, provided that the legal requirements are met.
6.3 Restriction of processing
You can demand that we restrict the processing of your data, provided that the legal requirements are met.
You may request us to release the personal data you have provided in a structured, common and machine-readable format, provided that the legal requirements are met.
7 Do you have a right of objection?
You have the right to object to data processing by us at any time. We will then stop processing your personal data, provided that there are no compelling reasons for further processing worthy of protection – in accordance with the legal requirements – which outweigh your rights. The implementation period of the objection is a maximum of 30 days.
8 Where can you complain?
You have the opportunity to submit a complaint to the above-mentioned data protection officer or to the competent data protection supervisory authority.
9 Changes to this data protection declaration