Privacy Policy of the ALTEN Technology GmbH

The specifications of the EU General Data Protection Regulation (hereafter GDPR) apply across the European Economic Area. This Privacy Policy will inform you about how our company processes personal data in compliance with this Regulation (see Art. 13 and 14 GDPR). Should you have any questions or comments regarding this Privacy Policy, please do not hesitate to contact us at the email address provided in sections 2 and 3.

 

Table of Contents:

I. Overview

  1. Applicability
  2. Controller
  3. Data Protection Officer

II. Data Processing Specifics

  1. General Data Processing Information
  2. Accessing Our Website/Application
  3. Applications
  4. Contact
  5. Processing Data from Applicants, Candidates, Customers and Suppliers
  6. Tracking
  7. Social Media

III. Data Subject Rights

  1. Right to Object
  2. Right to Access
  3. Right to Rectification
  4. Right to Erasure (“Right to be Forgotten”)
  5. Right to Restriction of Processing
  6. Right to Data Portability
  7. Right to Withdraw Consent
  8. Right to Lodge a Complaint

IV. Glossary

I. Overiew

This section of our Privacy Policy provides information into how the policy applies, the data processing controller, the controller’s data protection officer and data security.

1. Applicability

Data processing by ALTEN Technology GmbH can be divided primarily into 2 categories:

  • Any data necessary for the performance of a contract with ALTEN Technology GmbH will be processed for this purpose. If external service providers are involved in the performance of the contract, your data will be transferred to these service providers only in as far as is necessary.
  • When opening websites/applications run by ALTEN Technology GmbH, a range of information will be exchanged between your device and our server. This may include personal data. The information collected this way will, among other things, be used to optimize our website or to display advertisements on your device’s browser.

This Privacy Policy applies to the following services and products we offer:

  • Those offered online at www.alten-technology.com
  • Whenever the services and products we offer (e.g., websites, subdomains, mobile applications, web services or embedded applications on third-party pages) refer to this Privacy Policy, irrespective of how they are accessed or used.

All of these products and services are also collectively referred to as “services.”

 

2. Controller

The data processing controller—i.e., the natural or legal person who determines the purposes and means of processing personal data—for the services is:

ALTEN Technology GmbH

Fangdieckstraße 66

22547 Hamburg

Germany

Tel.: +49 40 853990-0

Email: info@alten-technology.com

 

3. Data Protection Officer

You may contact our data protection officer using the following details:

Dr. Bettina Kähler, PrivCom Datenschutz GmbH

Rothenbaumchaussee 165 | 20149 Hamburg

Telephone: +49.40.48.40.90.10

E-Mail: info@privcom.de

Web: www.privcom.de

 

II. Data Processing Specifics

This section of the Privacy Policy informs you about how personal data is processed as part of our services. For readability, this information is organized according to the different functionalities involved in our services. During normal use of our services, a number of functionalities may be engaged at once and, therefore, different types of processing may be carried out consecutively or simultaneously.

 

1. General Data Processing Information

Unless stated otherwise, the following applies to any processing described hereafter:

a.       No Disclosure Requirements

There is no contractual or legal obligation to disclose personal data. You are not required to provide such data.

b.      Consequences of Non-Disclosure

Non-disclosure of necessary data (data whose entry is marked as required) may prevent the respective service from being performed. Besides this, non-disclosure may prevent our services from being performed in the same way and from achieving the same quality.

c.       Consent

In a number of cases, you have the option to consent to us performing additional processing as part of the processing described hereafter (if applicable, this may apply to a part of the data). In such cases, as part of the submission of your declaration of consent, we will inform you separately about any processes for giving your consent, the scope that consent and the purposes we pursue through this processing.

d.      Personal Data Transfers to Third Countries

We will only transfer data to third countries, i.e., countries outside of the European Union, in compliance will legal permissibility requirements.

These permissibility requirements are regulated by Art. 44 – 49 GDPR.

e.       External Service Provider Hosting

We may broadly process data with the inclusion of so-called hosting service providers who provide storage space and processing capacities to us at their data centers and process personal data on our behalf and according to our instructions. These service providers either process data exclusively in the EU or are guaranteed by us to provide an adequate level of data protection through EU standard contractual clauses.

f.       Transfers to Public Authorities

We will transfer personal data to public authorities (including prosecution authorities) if necessary for compliance with any legal obligations to which we are subject (legal basis: Art. 6(1) Letter c GDPR) or if necessary for the establishment, exercise or defense of a legal claim (legal basis: Art. 6(1) Letter f GDPR).

g.      Storage Duration

We will save your data for no longer than necessary for the respective processing purpose. When no longer necessary for compliance with contractual or legal obligations, your data will be erased, unless it is required that we continue to store the data temporarily. Reasons for this may include:

  • Storage obligations under commercial and tax law
  • Preservation of evidence for legal disputes under statutory limitation periods

Likewise, we may continue to store your data with your express consent.

h.     Categories of Recipients

In addition to the categories of recipients listed expressly below, personal data will also be transferred to the following categories of recipients: Shipping companies and telephone and fax service providers.

i.      Data Categories

  • Account data: Login/user ID and password
  • Personal master data: Title/gender, first name, last name, date of birth
  • Address data: Street, house number, additional address information as appropriate, ZIP, city, country
  • Contact data: Telephone number(s), fax number(s), email address(es)
  • Registration data: Information about the service through which your registered; time of and technical information regarding registration, confirmation and de-registration; data provided during registration
  • Order data: Ordered products, prices, payment and supply information
  • Payment data: Account data, credit card data, data concerning other payment service providers, such as PayPal
  • Access data: Time and date of visit to our service; the page from which the accessing system navigated to our page; pages opened during visit; session ID data; additionally, the following information about the accessing computer system: Internet protocol (IP) address, browser type and version, device type, operating system and related technical information.
  • Application data: Resume, references, supporting documents, work samples, certificates, images

 

2. Accessing Our Website/Application

This section explains how we process your personal data when you access our services. In particular, we would like to draw your attention to the fact that transfers of access data to external content providers (see b.) is unavoidable due to the technical functionality of information transfers on the Internet.

a. Processing

Data Category: Access data

Purpose: Establish connections, present service contents, detect attacks on our page through unusual activities, troubleshooting

Legal Basis: Art. 6(1) f GDPR

If Necessary, Legitimate Interest: Proper function of services, security of data and business process, prevention of misuse, avoidance of damage caused by interference with information systems

Storage Duration: 7 days

b. 1. Recipients of Personal Data
Categories of Recipients: External content providers who provide contents (e.g., images, videos, embedded social network posts, ad banners, fonts, update information) necessary for displaying the service

Affected Data: Access data

Legal Basis for Transfer:  Processing (Art. 28 GDPR)

If Necessary, Legitimate Interest: Proper function of services, (accelerated) display of contents

 

b.2. Recipients of Personal Data

Categories of Recipients: IT service providers

Affected Data: Access data 

Legal Basis for Transfer: Processing (Art. 28 GDPR)

If Necessary, Legitimate Interest: Prevention of attacks through the exploitation of gaps in security / security vulnerabilities

 

Our hosting services and those of the service providers we use for processing are comprised of infrastructure, data processing power, databases and storage space, email-sending mechanisms, and maintenance and security measures, and are employed for the purpose of ensuring proper performance of the products and services we offer.

In addition to the data types given above, we also process content data and usage data, as well as meta and communication data from customers, applicants, candidates, suppliers and visitors to our online offer on the basis of our legitimate interest in reliably providing this online offer in accordance with Art. 6(1) Letter f GDPR, pursuant to Art. 28 GDPR (processing contract conclusion).

Based on the legitimate interest given above, we collect data regarding every time an access request is made to the server that hosts this service (so-called server log files). These access data include the name of the opened website, file, time and date of access, transferred volume of data, successful retrieval report, browser type and version, the user’s operating system, referrer URL (last visited page), IP address and the provider making the request.

For security purposes (e.g., to investigate misuse or fraud), the stated information will be stored for up to 7 days and then erased. Data which must be stored longer by law (e.g., for evidence purposes) will be exempt from erasure until a final date has been set as part of the respective process.

a.  External Content Providers Who Transfer Data to Third Countries

Service: Google Fonts

Function: Embedded for externally-loaded fonts

Data Transfers to Third Countries?: Yes

If Necessary, Adequacy Decision (Art. 45 GDPR):

If Necessary, Appropriate Safeguards (Art. 46 GDPR): EU-U.S. Privacy Shield https://www.privacyshield.gov/list

These Internet pages use external texts and fonts. These web fonts are activated via a server access request. This server may be located outside of the EU. As part of this process, the server receives information regarding which of our Internet pages you visited. The IP address of the visitor to these Internet pages (the IP address of the browser on the visitor’s device) will also be saved on the server.

3. Applications

During the application process, we will process your personal data as follows:

a. 1.  Processing

Data Category: Address data, contact data

Purpose: Legal BasisIf Applicable, Legitimate InterestStorage DurationAddress data, contact data identification, contact, communicating contract initiation

Legal Basis: Art. 6(1) b GDPR

If Applicable, Legitimate Interest: 

Storage Duration: 6 months

 

a. 2.  Processing
Data Category: Personal master data

Purpose: Identification, contact, age verification

Legal Basis: Art. 6(1) b GDPR

If Applicable, Legitimate Interest: 

Storage Duration: 6 months

 

a. 3.  Processing

Data Category: Application data

Purpose: Applicant selection

Legal Basis: Art. 6(1) b GDPR

If Applicable, Legitimate Interest: 

Storage Duration: 6 months

 

b. Personal Data Recipients 
Categories of Recipients: None

Affected Data: 

Legal Basis for Transfer: 

If Applicable, Legitimate Interest: 

 

4. Contact

There are several different ways that you may contact us. By email, by telephone or by mail. If you contact us, we will only use the personal data that you disclosed voluntarily to contact you and process and your inquiry.

a. Processing

Data Category: Personal master data, contact data, contents of inquiries/complaints

Purpose: Processing customer inquiries and user complaints

Legal Basis: Art. 6(1) Letters a, b, c & f GDPR

If Applicable, Legitimate Interest: Customer loyalty, improvements to service

Storage Duration: Processing of inquiry

 

b. Personal Data Recipients

Categories of Recipients: none

Affected Data:

Legal Basis for Transfer:

If Applicable, Legitimate Interest: 

 

5. Processing Data from Applicants, Candidates, Customers and Suppliers

Candidate data may come from external portals and public employment portals. Such data will be used to select candidates for customer projects. The legal basis for this falls within the permissibility regulation that allows for data processing in the context of employment. Recipients of such data are in-house employees and customers of the controller. Such data will not be transferred to third countries or international organizations. The erasure period is 6 months following the initial collection of the data. With the candidate’s consent, such data will be stored for an additional 24 months.

Such data comes is taken from offers made by suppliers via email or through a cooperation network. Such data is processed for the purpose of supplier management and initiating business relations. The legal basis for this falls within contract performance and contract initiation in accordance with Art. 6(1) Letter b GDPR. The recipients of such data are employees and customers of the controller. We will process such data for as long as necessary for the fulfillment of contractual purposes and legal obligations, as well as for the initiation of a contract.

Data concerning a customer contact person is taken from personal statements and contacts. Such data will be used for the purpose of initiating business relations and for customer support. The legal basis for this falls within contract performance and contract initiation in accordance with Art. 6(1) Letter b GDPR. Such data will only be used internally and will not be transferred to third countries or to international organizations. We will process such data for as long as necessary for the fulfillment of contractual purposes and legal obligations, as well as for the initiation of a contract.

 

6. Tracking

The following section explains how we process your personal data using tracking technologies in order to analyze and optimize our services, as well as for marketing purposes.

This description of our tracking procedures also includes information about how you can prevent data processing or exercise your right to object. Please note that a so-called “opt-out,” i.e., refusal of processing, is normally saved through cookies. If you use our services on another device or browser or if you subsequently erase the cookies saved by your browser, you will then have to register your refusal again.

The tracking procedures described here only process personal data in pseudonymous form. Such data will not be used to identify a specific identifiable natural person, i.e., the data will not be merged with information about the person referred to using the pseudonym.

Using tracking processes to analyze and optimize our services and your use of our services, to measure the success of advertising campaigns, and to optimize placement of advertisements

Processing Purpose

Analyzing user behavior through tracking helps us optimize and adjust the effectiveness of our services in line with our users’ needs, as well as to correct errors. Based on uniform standard procedures, it also allows us to determine statistical parameters about our services (reach, intensity of use, user surfing behavior) and obtain values that can be used to make comparisons across the market.

Using tracking to measure the success of marketing campaigns allows us to optimize our advertising placements moving forward and help marketers and advertisers optimize their own campaigns. Tracking also enables us to show advertisements that are tailored to users’ interests to thereby increase the success and revenue generated by such advertisements.

Legal Basis of Processing

Legitimate interest under Art. 6(1) Letter f GDPR

Specifics on Tracking Processes Used

Service: Google Analytics

Function: Web analysis

Processing Prevention Option (Opt-Out):  tools.google.com/dlpage/gaoptout?hl=en)

Data Transmissions to Third Countries?: No 

If Necessary, Adequacy Decision (Art. 45 GDPR):

If Necessary, Appropriate Safeguards (Art. 46 GDPR): 

 

For the purpose of need-based design and continuous optimization of our pages in accordance with Art. 6(1) Letter f GDPR, we use Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “Cookies”, which are text files saved on your computer and which your use of our website to be analyzed. Pseudonymized usage profiles are created and cookies are used as part of this process. Information generated by the cookie on your use of this website could include your:

  • Browser type/version
  • Operating system
  • Referrer URL (last visited page)
  • Host name of accessing computer (IP address),
  • Date of server request

On behalf of the website operator, Google will use this information to assess your usage of the website, compile reports about website activities, and provide other services related to the website and Internet usage to the website operator. The IP address transferred by Google Analytics through your browser will not be merged with other data held by Google. You can prevent cookies from being saved by adjusting your browser settings; however, please note that this may prevent you from using every function of this website to the fullest extent. Further, you can also prevent the collection of cookie-generated data regarding your use of the website (including your IP address) and prevent processing of this data by Google by downloading and installing a browser plugin through the following link: http://tools.google.com/dlpage/gaoptout?hl=en

 

7. Social media

We use social media to communicate with active candidates/potential talent, applicants, customers and suppliers. Please note that user data may also be processed and saved outside of the EU and that this may result in risks to users. Privacy Shield-certified providers from the US are required to comply with EU data protection regulations.

Details of processing activities and objection options can be found on the Internet pages of the respective provider. The easiest and most effective way to request access to information or to assert your rights as a user is directly through the respective provider. Please do not hesitate to contact us should you require assistance with this.

 

III. Data Subject Rights

 

1. Right to object

If we process personal data concerning you for direct marketing purposes, you have the right to object at any time to the processing of such data for such marketing.

You also have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data based on Art. 6(1) Letter e or f GDPR.

You may exercise this right to object free of charge.

You may contact us using the contact details provided in Section I.2.

 2. Right to Access

You have the right to obtain confirmation as to whether or not personal data concerning you is processed by us, information regarding the personal data being processed, as well as additional information under Art. 15 GDPR.

3. Right to Rectification

You have the right to require us to rectify inaccurate personal data concerning you without undue delay (Art. 16 GDPR). Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

 4. Right to Erasure (“Right to be Forgotten”)

You have the right to require that we erase personal data concerning you without undue delay, provided that one of the grounds under Art. 17(1) GDPR applies and provided that processing is not necessary for one of the purposes regulated under Art. 17(3) GDPR.

 5. Right to Restriction of Processing

You have the right to require that we restrict the processing of personal data concerning you, provided that one of the requirements set out in Art. 18(1) Letters a – d GDPR applies.

6. Right to Data Portability

You have the right to receive the personal data concerning you that you provided to us in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit this data to another controller without hindrance from us or to have personal data transferred directly from us to another controller if technically feasible. This applies whenever the legal basis for processing data is consent or a contract and when data is processed by automated means. Therefore, this does not apply to data retained merely in paper form.

7. Right to Withdraw Consent

If processing is performed on the basis of your consent, you have the right to withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on the consent before its withdrawal.

 8. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority.

 

IV. Glossary

Browser: A computer program used to access websites (e.g., Chrome, Firefox, Safari)

Cookies: The term “cookie” comes from English and can be translated into German literally. In relation to the World Wide Web, cookies mean small text files that are saved locally on the user’s computer when visiting a website. These files save data on the user’s behavior. Opening a browser and visiting a website that has been visited before will activate the cookie. The cookie will transmit information to the web server on the user’s surfing behavior using the data it saves.

This means that when we talk about cookies in this context, we do not mean cookies in the edible sense, but information saved locally in a small text file on a user’s computer when visiting a corresponding website. This information may include the user’s page settings or information that the website collects independently about the user. These locally saved text files may subsequently be read by the web server that installed them. Most browsers accept cookies automatically. You can manage cookies through your browser settings (usually under “Options” or “Settings”). This allows you to disable, limit or require your consent when saving cookies. You may also delete cookies at any time.

Personal data: Any information relating to an identified or identifiable natural person. Here, an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Pixel: Pixels are also referred to as tracking pixels, web beacons or web bugs. These are small non-visible graphics in HTML emails or on websites. When a document is opened, this small image is loaded by a server on the Internet where the download will be registered. This allows the server operators to see whether and when an email is opened or a website is visited. This is usually achieved by activating a small program (JavaScript). This enables certain types of information on your computer system to be recognized and transmitted, e.g., the contents of cookies, the time and date of accessing a page or a description on the page featuring the tracking pixel.

Processing: Any operation or set of operations which is performed using personal data or sets of personal data, whether by automated means or otherwise. These include data collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Profiling: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic circumstances, health, personal preferences, interests, reliability, behavior, location or movements.

Services: The products and services we offer subject to this Privacy Policy (see Applicability).

Third country: A country that is not bound by the legal requirements of the EU General Data Protection Regulation (a state outside of the EEA).

Tracking: Data collection and assessment of visitor behavior on our services.

 

Tracking technologies: Tracking may be performed through the log files saved on our web servers or through data collected from your device via pixels, cookies or similar tracking technologies.

Contact us

*Required fields