In the following we inform you, the user, about the processing of your personal data (in particular collection and storage) when using the website www.companylinks.com and subordinated websites of this website, as well as when using the further processing operations mentioned below.
1. Processing of your personal data when using our website www.companylinks.com
When visiting the website www.companylinks.com personal data are processed in compliance with the applicable data protection regulations of the Federal Republic of Germany, in particular the General Data Protection Regulation (GDPR), the Federal Data Protection Act (“Bundesdatenschutzgesetz” BDSG) and the Telemedia Act (“Telemediengesetz” TMG).
The data collected, such as session data and interactions of a user, are usually transmitted to a Google server in the US and stored there. The processing of the data collected by Google Analytics is usually anonymous and can therefore, except in the case of a lack of anonymisation, no longer be assigned to a specific person by Google. The IP anonymisation activated on this website will shorten the IP address transmitted by your browser before sending it to Google. For the cases in which personal data is transferred to the US without IP anonymisation, there has been a transfer of data to a so-called “unsafe” third country since 16th of July 2020 (see also next chapter). Information about data protection regarding Google Analytics can also be obtained directly from Google.
Transfer of data to the US as an unsafe third country
Until the 16th of July 2020, the transfer of personal data to the US, to which the GDPR does not apply, was based on an agreement between the EU and the US, the so-called EU-US Data Protection Shield.
However, the Court of Justice of the European Union (CJEU) invalidated the decision on the adequacy of the protection provided by the EU-US Data Protection Shield with its judgment from July 16th 2020.
This makes the US a so-called “unsafe third country” in terms of data protection. According to the judgement of CJEU the US do not ensure an adequate level of data protection any longer. In the absence of an adequacy decision, a transfer or a set of transfers of personal data to the US shall take place only if you – the data subject – have consented to such data transfer (see Article 49 para. 1 lit. a GDPR).
Specifically, your consent is made when calling up the website, by using the “Cookie banner” displayed on the website, by confirming the button “Accept all” or by selecting “Statistics” in the individual privacy settings.
The transfer of your personal data to the US essentially entails the risk that according to law and practices in the US, US public authorities will be able to access easily any data transferred to the US.
In addition to “essential cookies” we sometimes also use so-called “additional cookies” (see also the chapter “Google Analytics” above). Cookies are small text files that are stored on your technical device and transmit corresponding information to us. Insofar as this information is necessary to be able to provide you with our services, it does not require your consent (storage of so-called “essential cookies”). If these are “additional cookies”, when calling up the website, by using the “Cookie banner” displayed on the website, you, the user, give your consent to the use of the data collected via the respective cookies. As long as “additional cookies” approved by you are not deleted from the memory of your technical device, the selection of “additional cookies” on the “Cookie banner” for our website will not be displayed again.
2. Information and contact on www.companylinks.com
If you contact us via the contact form for example, the requested data or the data provided by you will be used exclusively to answer your inquiry. These data will not be disclosed to third parties.
Any further use of personal data transmitted to the operator of this website shall only take place if the further processing of these personal data is consistent with purpose of the original data collection, such as to initiate a contractual relationship (see also Article 6 para. 1 lit. b and Article 6 para. 4 of the GDPR).
3. Collection of personal data for contract execution
We process all relevant personal data that are necessary for the initiation, performance or termination of contractual relationships pursuant to Article 6 para. 1 lit. b of the GDPR.
4. General information and contact in case of non-existing business relationship
Even if you are in no business relationship with us, the personal information we collect shall be used for information purposes and/or contact based on a legitimate interest. In this way we would like, for example, to provide you with important information about our company (see Article 6 para. 1 lit. f of the GDPR). However, you always have the possibility of objecting to this use (see Article 21 of the GDPR).
5. Collection of personal data for a newsletter
If you wish to receive a newsletter from us, we shall obtain your consent to the processing of your personal data (see Article 6 para. 1 lit. a of the GDPR). You have the possibility of withdrawing your consent at any time (“Opt-Out”).
6. Collection of personal data with applications
If you send us your application for an advertised position, then your application documents shall be processed on the basis of Article 88 of the GDPR in connection with § 26 para. 1 S. 1 of the Federal Data Protection Act (BDSG). If you send us a photo with your application, you do so voluntarily and thus give your consent to the collection and storage of your application photos (see Article 6 para. 1 lit. a of the GDPR).
We are greatly interested in completing and concluding a proper application process. This also includes the invalidation of possible allegations of discrimination in connection with the completion of the application process, which is why the deletion of your application documents is carried out 6 months after rejection. A longer storage of your application documents shall take place only with your express consent.
For unsolicited applications, deletion shall take place within a maximum of 12 months after receipt of your application documents.
7. Transfer of personal data for order processing
Insofar as we entrust a processor with the processing of personal data, we shall use specialised service providers. Our service providers are carefully selected and regularly monitored by us. They process personal data only on our behalf and on the basis of corresponding contracts for order processing (see Article 28 of the GDPR).
8. Transfer of personal data to third countries
If, in exceptional cases, we transfer personal data to countries outside the EU that do not offer an equivalent level of data protection, we rely on an adequacy decision of the EU Commission (Article 45 of the GDPR) or on appropriate safeguards (Article 46 of the GDPR) or pursuant to Article 49 of the GDPR on the derogations for specific situations for a transfer to third countries.
9. Data security and data integrity
In order to protect your personal data, we take reasonable technical and/or organisational measures to prevent the unintentional or unlawful destruction, loss, alteration or disclosure of your personal data. The personal data we process are relevant for the intended uses and we take reasonable steps to maintain the personal data complete and “up to date” for their intended use.
To support us, we kindly ask you to notify us of any changes to your data in order to ensure the accuracy and completeness of your data.
We point out that data transmission on the Internet (e.g. in communication by email) can have security gaps, so that a complete protection of the data from access by third parties is not always possible.
10. Storage of personal data
11. Purpose of processing and recipient of personal data
Personal data shall neither be published nor passed on to third parties by us without authorisation. The disclosure of personal data to governmental entities shall only be within the bounds of mandatory legislation or if the disclosure is necessary and legitimate for legal or criminal prosecution in the case of attacks on the infrastructure of our company.
12. Rights of data subjects
13. Contact information