The controller for this website is: Convotis GmbH, Neuer Zollhof 3, 40221 Düsseldorf
Host Provider for this website: CONVOTIS Münster GmbH | Feldstiege 78 | 48161 Münster.
2. Date Protection Officer
We have appointed a data protection officer for our company. Should you have any requests or questions in relation to the processing of your personal data by us, kindly address them to: Convotis GmbH, attn. Data protection officer, Feldstiege 78, 48161 Münster, or by Phone: +49 (2533) 28 118 08 100, or by E-mail: email@example.com or:
Convotis Münster GmbH
Feldstiege 78, D-48161 Münster, or by phone: +49 (2533) 28 118 08 100
Convotis Services GmbH
Guglgasse 15/4A/4.OG, A-1110 Wien, or by phone: +43 (1) 7985012
3. Users and Country Specifics
4.1 We use two types of cookies on our website:
4.1.1 Necessary cookies: Without necessary cookies the proper functioning of our website would not be possible or only to a limited extent. The use of necessary cookies on our website is possible without your consent. However, you can deactivate cookies at any time by modifying your browser settings. Legal basis: Section 165 Austrian Telecommunications Act 2021.
4.1.2 Optional cookies: These types of cookies may be used to improve our website, optimize your user experience, analyze user behavior or customize marketing activities. Optional cookies may also be placed by external advertising companies (“third party cookies”). Optional cookies will only be used upon your consent which you may provide by clicking “OK” on our website’s cookie banner. This consent can be withdrawn at any time with effect for the future.
4.2 Necessary cookies used on our website including duration of use and their purpose:
- cookielawinfo-checkbox-necessary (1 year): Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the “Necessary” category .
- cookielawinfo-checkbox-functional (1 year): The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category “Functional”.
- cookielawinfo-checkbox-performance (1 year): Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category “Performance”.
- cookielawinfo-checkbox-analytics (1 year): Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the “Analytics” category .
- cookielawinfo-checkbox-advertisement (1 year): Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the “Advertisement” category .
- cookielawinfo-checkbox-others (1 year): Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category “Others”.
4.2.1 Necessary cookies: Without necessary cookies the proper functioning of our website would not be possible or only to a limited extent. The use of necessary cookies on our website is possible without your consent. However, you can deactivate cookies at any time by modifying your browser settings. Legal basis: Section 25 (2) no. 2 Telecommunications-Telemedia Data Protection Act (“TTDSG”), Art 6 (1) f GDPR.
4.3 Optional cookies used on our website including duration of use and their purpose:
- _ga (2 years): The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site’s analytics report. The cookie stores information and assigns a randomly generated number to recognize unique visitors.
- _gid (1 day): Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website’s performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit.
- _gat_gtag_UA_50940963_1 (1 minute): Set by Google to distinguish users.
4.4.1 By clicking on the “OK”-button in the website’s cookie banner you agree to the use of the above listed optional cookies on our website. Your consent can be withdrawn (for all or individual cookies) at any time with effect for the future.
4.4.3 You should be aware that any preferences will be lost, if you delete all cookies and many websites will not work properly or you will lose some functionality. We do not recommend turning cookies off when using our website for these reasons.
4.5 Server log files
4.5.1 We automatically collect and store information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and browser version
- operating system used
- referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
4.5.2 This data is not merged with other data sources.
The collection of this data is based on our legitimate interest (Art 6 (1) f GDPR) in the technically error-free presentation and optimisation of its website. The processing of these log files is necessary for us to maintain the functionality, stability and security of our website.
5. Contact form and inquiry by E-Mail, Telephone or Fax
5.1.1 If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. If you contact us by e-mail, telephone or fax, your enquiry including all personal data arising from it (name, enquiry) will be stored and processed by us for the purpose of processing your request.
5.1.2 The processing of this data is based on Art 6 (1) b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art 6 (1) f GDPR) or on your consent (Art 6 (1) a GDPR) if this has been requested.
6. Social Media
6.1 Social media plugins with Shariff
6.1.1 Plugins from social media are used on this website (e.g. Facebook, Twitter, Instagram, Pinterest, XING, LinkedIn, Tumblr).
6.1.2 You can usually recognize the plugins by the respective social media logos. To ensure data protection on this website, we only use these plugins together with the so-called “Shariff” solution. This application prevents the plugins integrated on this website from transmitting data to the respective provider when you first enter the page.
6.1.3 Only when you activate the respective plugin by clicking on the associated button, a direct connection to the provider’s server is established (consent). As soon as you activate the plugin, the respective provider receives the information that you have visited this website with your IP address. If you are logged into your respective social media account (e.g. Facebook) at the same time, the respective provider can assign the visit of this website to your user account.
6.1.4 Activating the plugin constitutes consent within the meaning of Art 6 (1) a GDPR and, if we request your explicit consent to a data transfer to a third country, Art 49 (1) a GDPR. You can revoke this consent at any time with effect for the future.
7. Analyse Tools and Advertising
7.1 Google Tag Manager
7.1.1 We use the Google Tag Manager. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
7.1.2 The Google Tag Manager is a tool with the help of which we can integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it. However, the Google Tag Manager collects your IP address, which may also be transferred to Google’s parent company in the United States.
7.1.3 The use of the Google Tag Manager is based on Art 6 (1) a GDPR and, if we request your explicit consent to a data transfer to a third country, Art 49 (1) a GDPR; the consent can be withdrawn at any time with effect for the future.
7.2 Google Analytics
7.2.1 This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
7.2.2 Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, duration of visit, operating systems used and origin of the user. This data may be combined by Google into a profile that is assigned to the respective user or their end device.
7.2.3 Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modelling approaches to complement the collected data sets and uses machine learning technologies in the data analysis.
7.2.4 Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website may be transferred to a Google server in the USA and stored there.
7.2.5 The use of this analysis tool is based on Art 6 (1) a GDPR and , if we request your explicit consent to a data transfer to a third country Art 49 (1) a GDPR; the consent can be withdrawn at any time with effect for the future.
7.2.6 Regarding the data transfer to the USA the standard contractual clauses of the EU Commission are also in place. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
7.2.7 You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
7.2.9 Storage period
7.2.10 Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymised or deleted after 2 months. For details, please see the following link: https://support.google.com/analytics/answer/7667196?hl=de
8. Plugins and Tools
8.1 Google Web Fonts (local hosting)
8.1.1 This website uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally in Münster, Germany. A connection to Google servers does not take place.
8.2 Google Maps
8.2.1 This website uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
8.2.2 To use the functions of Google Maps, it is necessary to process your IP address. This information may be transferred to a Google server in the USA and stored there. The provider of this website has no influence on this further data processing. If Google Maps is activated, Google may use Google Web Fonts for the purpose of uniform display of fonts. When calling up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
8.2.3 The use of Google Maps is based on your consent (Art 6 (1) a GDPR); and any data transfer to the USA is based on your explicit consent when activating the plugin (Art 49 (1) a GDPR); the consent can be withdrawn at any time with effect for the future.
8.2.4 Regarding data transfer to the USA the standard contractual clauses of the EU Commission are in place. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
8.3 Google reCAPTCHA
8.3.1 We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
8.3.2 The purpose of reCAPTCHA is to check whether the data input on this website (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
8.3.3 The reCAPTCHA analyses run completely in the background. Website visitors are not notified that an analysis is taking place.
8.3.4 The storage and analysis of the data is based your consent (Art 6 (1) a GDPR); the consent can be withdrawn at any time with effect for the future.
9.1 If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data will not be collected or only on a voluntary basis. For the handling of the newsletter we use newsletter service providers, which are described below.
9.2.1 This website uses Hubspot to send newsletters. HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin, Germany (hereinafter: “Hubspot”). Hubspot is a service with which the newsletter dispatch can be organized and analyzed. The data you enter for the purpose of receiving newsletters (e.g. email address) is stored on Hubspot’s servers in Germany with Backup in Ireland.
9.2.3 The data processing is based on your consent (Art 6 (1) a GDPR). You can withdraw this consent at any time with effect for the future by unsubscribing from the newsletter via the link we provide in every newsletter message. The legality of the data processing operations already carried out remains unaffected by the withdrawal of your consent.
9.2.4 The data you provide for the purpose of receiving the newsletter will be stored until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist, if necessary, in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art 6 (1) f GDPR). The storage in the blacklist is not limited in time.
10. Audio and Video Converencing
10.1.1 Among other tools, we use online conferencing tools to communicate with our clients. The individual tools we use are listed below. If you communicate with us via video or audio conference via the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.
10.1.2 The conferencing tools collect the data that you provide/enter in order to use the tools (e-mail address and/or your telephone number). Furthermore, the conferencing tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “contextual information” related to the communication process (metadata).
10.1.3 Furthermore, the provider of the tool processes all technical data that are necessary for the handling of the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker and the type of connection.
10.1.4 If content is exchanged, uploaded or otherwise made available within the tool, this is also stored on the servers of the tool providers. Such content includes, but is not limited to, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared while using the service.
10.1.5 Please note that we do not have full influence on the data processing procedures of the tools used. Our options are largely determined by the corporate policy of the respective provider. For further information on data processing by the conference tools, please refer to the data protection statements of the respective tools used, which we have listed below.
10.1.6 Purpose and legal basis
10.1.7 The use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest under Art 6 (1) f GDPR). Insofar as consent (Art 6 (1) a GDPR) has been requested, the tools in question are used on the basis of this consent; consent can be withdrawn at any time with effect for the future.
10.1.8 We use the following conferencing tools:
11. Handling of Applicant Data
11.1 We offer you the opportunity to apply to us (e.g. by e-mail, post or via the online application form). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process.
11.2 Scope and purpose of data collection
11.2.1 If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes in the context of job interviews, etc.) to the extent that this is necessary to decide on the establishment of an employment relationship. The legal basis for this is Section 26 (1) Federal Data Protection Act (“BDSG”) and – if you have given your consent – Art 6 (1) a GDPR. The consent can be withdrawn at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.
11.2.2 If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of Section 26 (1) BDSG for the purpose of performance the employment relationship.
11.3 Retention period of the data
11.3.1 If we are unable to make you a job offer, if you reject a job offer or withdraw your application, we retain the data you have provided on the basis of our legitimate interests (Art 6 (1) f GDPR) for up to 7 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. This storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 7-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for continued storage no longer applies.
11.3.2 A longer storage can also take place if you have given a corresponding consent (Art 6 (1) a GDPR) or if legal storage obligations oppose the deletion.
11.4 Inclusion in the applicant pool
11.4.1 If we do not make you a job offer, it may be possible to include you in our applicant pool. In the event of inclusion, all documents and details from the application will be transferred to the applicant pool in order to contact you in the event of suitable vacancies.
11.4.2 Inclusion in the applicant pool takes place exclusively on the basis of your express consent (Art 6 (1) a GDPR). The provision of consent is voluntary and is not related to the current application process. You can withdraw your consent at any time with effect for the future. In this case, the data will be irrevocably deleted from the applicant pool, unless there are legal reasons for retention. The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given.
12. Obligation to provide Data
12.1 We need some of the above mentioned personal data for the performance of our services or the contract with you and/or in order comply with legal obligations we are subject to. If you refuse to provide personal data which are required for the performance of the contract or which we are obliged to process due to legal obligations, it may not be possible for us to carry out these services and/or, more specifically, the purposes listed above and/or it would significantly slow down the relevant purpose.
13. To whom we may disclose your personal Data
13.1 For the above mentioned purposes, we may share your personal data with the following recipients:
group companies, where necessary in order to perform our services (e.g. where you request certain services via our website); a list of group companies may be found here:
CONVOTIS Münster GmbH I CONVOTIS Lübeck GmbH I CONVOTIS Hamburg GmbH I CONVOTIS metadok GmbH I CONVOTIS synargos GmbH I CONVOTIS scanprofi GmbH I CONVOTIS atypisch GmbH I METRO CLOUD Provider GmbH I Geiger – BDT GmbH I CONVOTIS Holding Austria GmbH I CONVOTIS Services GmbH I CONVOTIS Applications GmbH I CONVOTIS Slovakia s.r.o. I CONVOTIS Romania SRL
- IT service providers who provide hosting, maintenance and security services for our website
- advertising und web-analysis partners (e.g. Google LLC) who provide certain services to us in connection to our website
- Where disclosure is required (i) by law or regulation or (ii) to establish, exercise or defend legal claims, we may also disclose personal data to a competent authority, such as supervisory, regulatory or criminal authorities, courts of law or other third parties who advise us in this context (e.g. lawyers or forensics experts).
13.2 Some of these recipients may be located in countries outside the EU/EEA for which an adequate level of data protection has not yet been established by the EU Commission. In particular, this includes our group companies. It should be noted that the level of data protection in such countries may not be the same as within the EU/EEA. Also, subject to local laws and regulations data may be accessible to local authorities or courts.
13.3 However, where personal data is transferred to such third countries, we implement appropriate safeguards to ensure that your rights are protected in accordance with the GDPR. This includes the conclusion of the EU Commission’s standard contractual clauses for the transfer of personal data (Art 46 (2) c GDPR) or, in the absence of such safeguards, your explicit consent according to Art 49 (1) a GDPR. Further details on the implemented safeguards as well as copies of the respective agreements are available on request at firstname.lastname@example.org.
13.4 Among other things, we use tools from companies based in the USA or other third countries that do not ensure an adequate level of data protection. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as the data subject being informed thereof or being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes without independent legal supervision. We have no influence on these processing activities.
14. How long we keep your personal Data
14.1 Log files (see 4.5 above) are generally kept for a period of three months. Beyond this time period log files will only be stored for the purpose of investigating irregularities or security incidents in our system. For the storage duration of cookies see 3 above.
14.2 We generally retain your personal data for as long as this is necessary for the fulfilment of the purpose for which they were obtained. Thus, in any case we process your personal data for the duration of our contractual or service relationship with you. Beyond this time period we keep your personal data to comply with statutory retention obligations (e.g. to fulfill the 7-year retention obligation under applicable tax and company law). Where necessary we may also keep your data for as long as potential legal claims against us are not yet time-barred; for certain claims the statutory limitation period may be up to 30 years.
14.3 As soon as there are no legitimate grounds for the further storage of personal data available, they will either be deleted or anonymized.
15. Your rights as a data subject
15.1 As a data subject you have the following rights under the statutory conditions:
- to check whether and what kind of personal data we hold about you and to request copies of such data (right of access)
- to request correction, supplementation or deletion of your personal data that is inaccurate or processed in non-compliance with applicable requirements (right to rectification and erasure)
- to request us to restrict the processing of your personal data (right to restriction)
- in certain circumstances, to object for legitimate reasons to the processing of your personal data or to revoke consent previously granted for the processing (right to object or withdraw consent)
- to receive the personal data you provided to us in a structured, commonly used and machine-readable format and to transmit those data to another controller (right to data portability)
15.2 We do not process your personal data for the purpose of taking decisions based solely on automated processing, including profiling, which produce legal effects concerning you (Art 22 GDPR).
15.3 To exercise any of the above rights kindly send an email to email@example.com Further, you have the right to lodge a complaint with a supervisory authority, if you believe your data protection rights have been violated.
15.4 The supervisory authority for Germany is Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestr. 2-4, 40213 Düsseldorf, Deutschland, E-Mail: “firstname.lastname@example.org”
16. Objection to advertising E-Mails
16.1 The use of contact data published within the framework of the imprint obligation for the purpose of sending advertising and information material not expressly requested is hereby prohibited. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.
17. Updates to this notice
17.1 We may update this Notice to reflect legal, technical or business changes. When we update this Notice, we will take reasonable steps to inform you about the changes made. You will find the date of the “last update” at the beginning of this Notice.
18.1 The website contains links to third-party websites. We have no control over the content or privacy practices of these other websites. Please read the respective data protection provisions of other websites that you visit.
Amendments for Slovakian Law
4.2.1 Necessary cookies: Without necessary cookies the proper functioning of our website would not be possible or only to a limited extent. The use of necessary cookies on our website is possible without your consent. However, you can deactivate cookies at any time by modifying your browser settings. Legal basis: Section 109 (8) Telecommunications Act 2021.
15.4 The supervisory authority for Slovakia is Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27, Slovak Republic, E-mail: “email@example.com”
Amendments for German Law
11.2.1 If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes in the context of job interviews, etc.) to the extent that this is necessary to decide on the establishment of an employment relationship. The legal basis for this is Art 6 (1) b GDPR (general contract initiation) and – if you have given your consent – Art 6 (1) a GDPR. The consent can be withdrawn at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.
11.2.2 If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of Art 6 (1) b GDPR for the purpose of performance the employment relationship.
15.4 The supervisory authority for Austria is Österreichische Datenschutzbehörde, Barichgasse 40-42, 1030 Vienna, Austria, E-Mail: firstname.lastname@example.org.
Amendments for Romanian Law
4.2.1 Necessary cookies: Without necessary cookies the proper functioning of our website would not be possible or only to a limited extent. The use of necessary cookies on our website is possible without your consent. However, you can deactivate cookies at any time by modifying your browser settings. Legal basis: Article 4 (5) of Law No.506/2004 on the processing of personal data and the protection of privacy in the telecommunication sector.
15.4 The supervisory authority for Romania is the National Supervisory Authority for Personal Data Processing (in Romanian, Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal/ANSPDCP), Boulevard General Gheorghe Magheru No. 28-30, Bucharest, Romania, E-mail: “email@example.com”