§ 1 Information on the collection of personal data and provider labelling
(1) In the following, we provide information about the collection of personal data when using this website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour.
(2) The controller pursuant to Art. 4 No. 7 of the EU General Data Protection Regulation (GDPR) is MoovIT GmbH, Schanzenstr. 29, 51063 Cologne, [email protected] (see our legal notice). Our data protection officer is Dr iur. Andreas Pinheiro LL.M., [email protected].
(3) If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail below about the respective processes. We will also state the specified criteria for the storage period.
§ 2 Rights, in particular to information and cancellation
(1) You have the following rights vis-à-vis us regarding your personal data:
– Right to information,
– Right to rectification or erasure,
– Right to restriction of processing,
– Right to object to the processing,
– Right to data portability.
(2) If you have given your consent to the use of data, you can revoke this at any time. If the lawfulness of the processing is based on consent, this remains valid until the revocation is exercised.
(3) Please send all requests for information, requests for information or objections to data processing by e-mail to [email protected] or to the address stated under § 1 para. 2.
(4) You can ask us to delete your data at any time. There may be statutory retention periods that allow us to keep your data until the deadline expires.
(5) If your data is incorrect, you have the right to ask us to correct it. We will comply with this request without delay.
(6) You have the right to receive the personal data you have provided to us in a readable format, where technically feasible, to make it available to another company (right to data portability).
(7) You have the right to lodge a complaint with the supervisory authority responsible for you. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
§ 3 Data security
(1) We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data from risks during data transmission and from third parties gaining knowledge of it. These are adapted in line with the current state of the art.
§ 4 Collection of personal data for informational use and contacting
(1) If you only use the website for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):
-IP address
-Date and time of the enquiry
-Time zone difference to Greenwich Mean Time (GMT)
-Content of the request (specific website)
-Access status/HTTP status code
-Amount of data transferred in each case
-Website from which the request comes
-Browser
-operating system and its interface
-Language and version of the browser software
(2) When you contact us by e-mail, we will store your e-mail address, your name and, if you specify this, your telephone number. The purpose of this storage is solely to contact you in order to answer your questions.
(3) The legal basis for the collection of data when contacting us is the consent you have given by sending the e-mail (Art. 6 para. 1 sentence 1 lit. a GDPR).
(4) We also do not use your data for our own or third-party advertising purposes.
(5) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive, assigned to the browser you are using, and through which certain information flows to the organisation that sets the cookie (in this case, us). Cookies cannot execute programmes or transfer viruses to your computer. They are used to make the website more user-friendly and effective overall.
§ 5 Cookies
(1) We use cookies on our website. These cookies are necessary to enable you to move around the website and use its features, including accessing secure areas of the website. Cookies allow us to track who has visited the website and to deduce how often certain web pages are visited and which parts of the site are particularly popular. Session cookies store information about your activities on our website.
(2) This website uses the following types of cookies, the scope and function of which are explained below:
- Transient cookies (temporary use)
- Persistent cookies (time-limited use)
- Third party cookies
(3) Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognised when you return to the website. The session cookies are deleted when you log out or close the browser.
(4) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in your browser’s security settings.
(5) You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all the functions of this website.
(6) We use cookies to identify you for subsequent visits if you have an account with us. Otherwise you would have to log in again for each visit.
(7) The cookies used are described by us in the cookie banner.
| Name |
Persistence |
Description of the |
| PHPSESSID |
Session |
Identification of the user in the session |
|
|
|
|
|
|
§ 6 Data transfer for website maintenance
(1) We will not pass on your personal data to third parties unless we inform you that we will do so.
(2) Our IT service providers have access to our stored data in order to rectify errors and to enable us to implement the required technical and organisational measures. In doing so, we rely on our legitimate interest in securing our IT in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR or on the fulfilment of legal obligations in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR.
(3) The IT service provider(s) have been carefully selected by us and commissioned in writing. They are bound by our instructions and are regularly monitored by us. The service providers will not pass this data on to third parties.
(4) Your data will not be passed on outside the EU/EEA.
§ 7 Use of our portal
(1) If you wish to use our portal, you must register by entering your e-mail address, your name and a password of your choice. We use the so-called double opt-in procedure for registration, i.e. your registration is not complete until you have confirmed your registration by clicking on the link contained in a confirmation e-mail sent to you for this purpose. If you do not confirm your registration within 24 hours, your registration will be automatically deleted from our database. You are obliged to provide the above-mentioned data; all other information (e.g. details of your organisation) can be provided voluntarily when registering.
(2) When you use our portal, we store your data required for the fulfilment of the contract, including details of the payment method, until you finally delete your access. Furthermore, we store the voluntary data you provide for the duration of your use of the portal, unless you delete it beforehand. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR.
(3) If you use the portal, your data may become accessible to other portal participants in accordance with the contractual service. Members who are not logged in will not receive any information about you.
(4) To prevent unauthorised access by third parties to your personal data, in particular financial data, the connection is encrypted using TLS technology.
§ 8 Social Media
(1) Our website contains links to various social media. However, these are merely links to external websites of third-party social media providers and not plugins. Consequently, no links are created or personal data transmitted to the third-party providers when you visit our website. By clicking on the respective button labelled with the provider’s symbol, you will be redirected to the website of this provider. You will then leave our website. If you have any questions about the collection of data by third-party providers, please read the data protection declarations provided by the third-party providers. We refer to the following social media:
(2) Facebook
Our website uses the “f” button to link to the social network facebook.com, which is operated by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland,
for users outside the USA and Canada. You can find information on data protection here: https://de-de.facebook.com/about/privacy/
The Facebook service processes your data outside the European Union and the European Economic Area to its parent company Meta Platforms, Inc. The transfer of personal data to a so-called third country requires that the provisions of Sections 44 et seq. GDPR are complied with in order to guarantee the level of protection guaranteed in the EU.
The transfer of personal data to the USA takes place on the basis of an adequacy decision of the EU Commission (Adequacy decision for the EU-US Data Privacy Framework of 10 July 2023) pursuant to Art. 45 para. 1 GDPR, the so-called EU-US Data Privacy Framework (DPF). Meta Platforms, Inc. can only base the processing of personal data on Art. 45 para. 1 GDPR if it is registered in the list of participating organisations in accordance with Article 1 DPF (list available at: https://www.dataprivacyframework.gov/). Meta Platforms, Inc. is registered in the list of participating organisations. This data processing can therefore be based on Art. 45.
(3) X (formerly Twitter)
Clicking on the button with the “X” symbol will take you to the microblogging service of X Corp, Address Suite 900, 1355 Market Street, San Francisco, California, 94103, USA. X ensures a comparable level of data protection when transferring data to the parent company in the USA by concluding so-called standard data protection clauses (SDC) in accordance with Art. 46 para. 2 GDPR. Further information can be found at: https://gdpr.twitter.com/en/controller-to-controller-transfers.html, information on data protection can be found here: https://twitter.com/de/privacy
(4) Instagram
Instagram is a service of Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA.
Further information can be found in Instagram’s privacy policy: http://instagram.com/about/legal/privacy/.
The Instagram
service processes your data outside the European Union and the European Economic Area to its parent company Meta Platforms, Inc. The transfer of personal data to a so-called third country requires that the provisions of Sections 44 et seq. GDPR are complied with in order to guarantee the level of protection guaranteed in the EU.
The transfer of personal data to the USA takes place on the basis of an adequacy decision of the EU Commission (Adequacy decision for the EU-US Data Privacy Framework of 10 July 2023) pursuant to Art. 45 para. 1 GDPR, the so-called EU-US Data Privacy Framework (DPF). Meta Platforms, Inc. can only base the processing of personal data on Art. 45 para. 1 GDPR if it is registered in the list of participating organisations in accordance with Article 1 DPF (list available at: https://www.dataprivacyframework.gov/). Meta Platforms, Inc. is registered in the list of participating organisations. This data processing can therefore be based on Art. 45.
§ 9 Use of jQuery
(1) Our website uses the Java script extension jQuery, which is downloaded from the website code.jquery.com. In this regard, programme libraries from StackPath servers are called up. The provider is The OpenJS Foundation, 1 Letterman Drive, Building D, Suite D4700, San Francisco, CA 94129, USA.
(2) When you access a website, your browser loads the required programme libraries into your browser cache. For this purpose, the browser you are using must establish a connection to the jQuery servers located in the USA. The use of jQuery is in the interest of an optimised and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR.
(3) jQuery ensures a comparable level of data protection when transferring data to the USA by concluding so-called standard data protection clauses (SDC) in accordance with Art. 46 para. 2 lit. c GDPR.
(4) Further information on jQuery can be found at www.jquery.com.
§ 10 Google reCAPTCHA
(1) We use the Google reCAPTCHA service on our website. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This service is used to distinguish natural persons from so-called BOTS (machine and automated processing) when logging in. The IP address may be passed on to Google. This results in the transmission of personal data to Google.
(2) The legal basis for the transfer of personal data to Google is our legitimate interest in the technical protection of our website, i.e. Art. 6 para. 1 sentence 1 lit. f GDPR.
(3) The reCaptcha service processes your data outside the European Union and the European Economic Area to its parent company Google LLC. The transfer of personal data to a so-called third country requires that the provisions of Sections 44 et seq. GDPR are complied with in order to guarantee the level of protection guaranteed in the EU.
The transfer of personal data to the USA takes place on the basis of an adequacy decision of the EU Commission (Adequacy decision for the EU-US Data Privacy Framework of 10 July 2023) pursuant to Art. 45 para. 1 GDPR, the so-called EU-US Data Privacy Framework (DPF). Google LLC can only base the processing of personal data on Art. 45 para. 1 GDPR if it is registered in the list of participating organisations in accordance with Article 1 DPF (list available at: https://www.dataprivacyframework.gov/). Google LLC is registered in the list of participating organisations. This data processing can therefore be based on Art. 45.
(4) Further information is available at: https://privacy.google.com/businesses/compliance/#!#gdpr
(5) Further information about Google reCAPTCHA and Google’s privacy policy can be found at https://policies.google.com/privacy?hl=de
§ 11 Data collection for the purpose of the application
(1) We do not currently have any vacancies on our website. However, if you send us an unsolicited application for a position, we will save your application documents received by post or e-mail until the application process has been completed.
(2) If we do not decide in your favour, we will destroy your application documents four months after the end of the application process. We rely here on our legitimate interest in an efficient legal defence pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR in conjunction with Section 21 para. 5 AGG. The preclusion period for such actions is 2 months.
(3) The processing of your applicant data is based on Section 26 (1) BDSG, as it is necessary to establish an employment relationship.
