Data Privacy Statement
 

Thank you for your interest in our company and for visiting our website. In the following privacy statement, real-cis GmbH (hereinafter referred to as “we”, “us” or “real-cis GmbH”) would like to inform you about the type, scope and purpose of the personal data collected, used, and processed, in order to comply with the obligation of transparency, in particular by providing information about the rights of data subjects.

Personal data is information that relates to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified directly or indirectly (e.g., by means of associating him/her with an online identifier). This includes, without being limited to, information such as the name, address, telephone number and e-mail address or other physical characteristics by which a natural person can be identified. For the purposes of this privacy statement, we will refer to you as “you”, “user”, or “data subject”.

This privacy statement applies to the website real-cis GmbH operated by us, to the social media channels we maintain, as well as to all items under section 2.2.

1. Contact details of the Controller and the Data Protection Officer

„Controller” refers to the natural or legal person, public authority, agency, or other body which, on his/her own or jointly with others, determines the purposes and types of personal data processing.

Controller for data processing:

real-cis GmbH
Rheinstraße 5
63225 Langen

Tel.: +49 152 5318 2209
Email: info@real-cis.com
Website: www.real-cis.com

Data Protection Responsible:

Dr. Hubert Jäger
tel.: +49 152 5318 2209
Email: privacy@real-cis.com

2. General information on data processing

2.1. Information on data processing in the context of visiting the website

When the website (real-cis.com) is called up, real-cis GmbH processes various personal data, depending on the type of processing. The different types of data processing are explained in the following section.

2.1.1. Operation of the website

This website is hosted by IONOS SE on behalf of real-cis GmbH. No data is being transferred to a third country. For the secure operation of this website, data is automatically recorded in so-called log files each time the website is called up. The data is automatically transferred to the server by the browser you are using. The following data is transmitted:

  • Browser type/ and version
  • Operating system used
  • Referrer URL (the website previously visited)
  • IP address of the accessing computer
  • Time and date of the server request

The legal basis for this type of processing is Art. 6 (1) sentence 1 lit. f) GDPR (legitimate interest). The provision and operation of the website as well as browser optimization and maintenance of the security of this website represent the legitimate interest of real-cis GmbH. An evaluation of the log files takes place exclusively for the purpose of the security of this website as well as for statistical evaluations. This data is not merged with other data and data sources. To ensure security, IONOS uses intrusion detection. Article 6 (1) sentence 1 lit. f) GDPR (legitimate interest) constitutes the legal basis for the processing of system logs for intrusion detection.

Intrusion detection involves active monitoring of computer systems and/or networks with the aim of detecting attacks and misuse. Intrusion detection works by filtering out those incidents that indicate potential attacks, attempted misuse or security breaches from all incidents occurring in the monitored area, in order to subsequently investigate them in greater depth. This will allow rapid detection and reporting of harmful incidents. Corresponding log files are created for intrusion detection. If an anomaly is identified by means of intrusion detection, the IP address concerned is traced accordingly.

Apart from IONOS SE and real-cis GmbH, no other companies receive the data described above. This data is stored for a period of 90 days. An exception to this is the identification of anomalies by intrusion detection. If, as a result of such incidents (e. g. attacks, attempts of misuse or security breaches), data must be retained to serve as evidence, this data is exempt from deletion until the respective incident has been finally clarified. After expiration of this storage period or final clarification of the incident, all corresponding data is deleted, or the IP address is anonymized.

2.1.2. Contact via the website

You can contact us via the e-mail addresses and telephone numbers published on the website. In this case, the data contained in your message (e-mail) will be processed depending on the purpose of the message. The data is processed exclusively for the respective response to your inquiry and any related communication. Please note that, depending on your provider, e-mails are usually transmitted in unencrypted form. We can therefore not assume any responsibility for the transmission path. If you contact us by telephone, we will process your telephone number as well as all data voluntarily communicated by you during the conversation.

The legal basis for contacting us via our website depends on the content of your inquiry. In principle, the legal basis for contacts via the website is Art. 6 (1) p. 1 lit. f) GDPR (legitimate interest). The legitimate interest here is the provision of the contact functionality as well as the response to your requests transmitted via this tool. The IP address and the timestamp, which are automatically transmitted with your message, serve to prevent and trace misuse of our contact form. All data voluntarily transmitted to us by you via the free text field is processed in accordance with Art. 6 para. 1 p. 1 lit. a) GDPR (consent). As a rule, the data transmitted by you will be deleted after final processing of your request and fulfilling of the purpose.

For information on the process of transmitting data as part of a job application, please refer to section 2.2.2.

2.1.3. Cookies​

Cookies are small text files that are stored on your computer and saved by your browser. A cookie contains a characteristic string of characters that allows your browser to be uniquely identified when you return to the website. Our website uses no cookies. 

2.2. Information on data processing independent of website visits

For instances other than web page views, real-cis GmbH processes personal data only

  • for arranging events (e.g. workshops)
  • for meeting data collection obligations of the Corona Contact and Operating Restriction Ordinance of the Federal State of Hesse
  • for initiating employment relationships
  • for other purposes explicitly stated on declarations of consent.

In addition, this privacy policy also applies to real-cis GmbH’s presence on social media (LinkedIn).

2.2.2. Initiation of employment relationships

In the context of initiating employment relationships, real-cis GmbH generally processes all personal data that are voluntarily communicated to us by you in electronic form or by post during the application process. These data include, for example, personal data and qualification documents. Depending on the procedure used, the data may be transmitted by the data subject in unencrypted form.

This processing is done for the purpose of performing the application process, including communication via the various channels. The legal basis for this is Art. 6 para. 1 p. 1 lit. a) and b) GDPR (consent and implementation of pre-contractual measures), Art. 88 para. 1 GDPR (data processing in the employment context) and Section 26 para. 1 BDSG (data processing for purposes of the employment relationship). Your data will be deleted after completion of the application process and after expiry of the statutory retention period, unless an employment relationship is established.

2.2.3. External presentation as well as advertising purposes in social media

real-cis GmbH entertains the following presences in social media for the purpose of external presentation and advertising:

  • LinkedIn (LinkedIn Ireland Unlimited Company, Gardner House, 2 Wilton Pl, Dublin 2, Ireland)

When using social media, in addition to publishing product- and subject-specific topics, real-cis GmbH also publishes posts about employees with reference to the business (e.g., participation in business events). Employees are usually referenced via a link to the respective profile of the employee. The following types of data are processed in this context:

  • Contact data (e.g. e-mail address)
  • Content data (e.g. data in a free text field)

Such presences are entertained to communicate with the users of the respective social platform, and to communicate about the services of real-cis GmbH. The legal basis for this processing is Art. 6 para. 1 p. 1 lit. f) GDPR (legitimate interest). Under certain circumstances, you may have given consent to one of the platform operators listed above to process your personal data pursuant to Art. 6 para. 1 p. 1 lit. a) GDPR.

No usage data (e.g. access to websites and content) or metadata (e.g. IP address) are processed by real-cis GmbH. These data are only processed by the respective provider of the social network. We have no influence on the way your personal data are processed within the scope of these websites; in this respect we are not the responsible party within the meaning of Art. 4 No. 7 GDPR. The respective data protection declarations of the operators of the above-mentioned platforms shall apply.

3. Rights of the data subjects

All of the following rights of data subjects can be exercised informally at any time, e.g., by sending a request by e-mail to privacy@real-cis.com. By addressing the request by e-mail or by contacting an employee, the request will be processed and carried out without delay. The rights mentioned below apply to all processing activities of real-cis GmbH.

The data subject concerned has the right to revoke his or her previously given consent pursuant to Art. 6 (1) p. 1 lit. a) GDPR for the processing of his or her personal data at any time in the future. The legality of processing your personal data before the consent revocation remains unaffected.

3.1. Right of access by the data subject according to. Art. 15 GDPR

Data subjects have the right to obtain confirmation as to whether personal data concerning them are being processed.

In addition, data subjects have the right to request, free of charge, information about the personal data concerning them and to obtain a copy thereof. In addition to the copy, the following information will be provided:

  • Purposes of processing
  • Categories of personal data
  • Recipients or categories of recipients in third countries or international organizations
  • If possible, the planned duration of the storage of the personal data and, if this is not possible, the criteria for determining the duration
  • The existence of other data subject rights, the existence of a right of appeal to a supervisory authority
  • The existence of automated decision-making, including profiling.
  • If the personal data has not been collected from the data subject, any available information about the origin of the data

In addition, if the data is transferred to a third country or an international organization, appropriate safeguards, such as the use of EU standard contractual clauses, will be communicated.

3.2. Right to rectification according to Art. 16 GDPR

Data subjects have the right to request rectification of inaccurate personal data and to request completion of incomplete data, taking into account the purposes of the processing.

3.3. Right to erasure or right to be forgotten according to Art. 17 GDPR

Data subjects have the right to request erasure of personal data concerning them, which shall be erased immediately upon request, provided that one of the following reasons applies and the processing is not necessary:

  • The personal data was collected or otherwise processed for purposes for which it is no longer necessary.
  • The data subject revokes his or her consent to the processing and there is no other legal basis for the processing.
  • The data subject objects to the processing and there are no overriding legitimate grounds for processing, or the data subject objects to direct marketing.
  • The personal data have been processed unlawfully.
  • The erasure of the data is necessary for compliance with a legal obligation.
  • The personal data was collected in relation to information society services offered in accordance with Art. 8 (1) GDPR.

If real-cis GmbH has made personal data of the data subject public and is obliged to erase it pursuant to Article 17 (1) of the GDPR, real-cis GmbH shall take reasonable steps, taking into account the available technology and the cost of implementation, to inform other data controllers who process the published personal data, that the data subject has requested from those other data controllers to erase all links to or copies of the personal data, unless the processing is necessary.

3.4. Right to restriction of processing according to Art. 18 GDPR

Data subjects have the right to restrict processing if one of the following conditions is met:

  • The accuracy of the personal data is contested by the data subject (for a period of time that permits verification by the controller).
  • The processing is unlawful, but the data subject objects to erasure and requests restriction of use.
  • The controller no longer needs the data for the purposes of the processing operations, but the data subject needs them to assert or exercise or defend legal claims.
  • The data subject has objected to the processing, and it is not yet clear whether the legitimate grounds of the controller or the data subject’s interests worthy of protection prevail.

3.5. Right to data portability according to Art. 20 GDPR

Data subjects have the right to data portability. This right entitles data subjects to receive their respective personal data in a structured, common, and machine-readable format. The data subject thus has the right to transfer this data to another controller or to request the transfer from the old controller to the new controller.

3.6. Right of objection according to Art. 21 GDPR

The data subject may object to the data processing based on Art. 6 (1) p. 1 lit. f) GDPR (legitimate interest). As a result, further data processing will be prohibited unless the real-cis GmbH can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the purpose of asserting, exercising, or defending legal claims. If the real-cis GmbH processes personal data for direct marketing purposes, the user may object to such processing at any time.

For the notification of an objection, we ask the data subject to send an e-mail to the following address: privacy@real-cis.com or to contact us by post. The postal address can be found in the contact details of the person responsible and the data protection officer.

3.7. Automated decisions in individual cases including profiling according to Art. 22 GDPR

As a responsible company, we do not use automatic decision-making or profiling.

3.8. Right to complain to the supervisory authority pursuant to Art. 77 GDPR

If you have the impression that the processing of your data violates data protection law or that your data protection rights have been violated in any way, you can complain to the Hessian Data Protection Commissioner: https://datenschutz.hessen.de/service/beschwerde

4. Duration of storage

The duration of the storage of personal data depends on the corresponding statutory retention period and the purpose of the processing. As soon as the legal retention period expires or the purpose of the processing ceases to exist, the personal data will be deleted unless it is required for the performance or initiation of a contract. Justified deviations may arise in the context of individual processing operations, to which we will refer separately.

Due to the ongoing development of our website as well as our other offers, or due to changed legal or regulatory requirements, it may become necessary to change this privacy statement.

 

Editing status: 21.12.2021