Privacy policy

General information

The following notices provide a simple overview of how we process your personal data when you visit our website. Personal data is any data that can be used to identify you personally. For detailed information on the subject of data protection, please refer to the data protection notes listed in the following text.

Of course, the protection of your personal data, as well as fair and transparent data processing, are important to us. In the following, we provide you with the information according to Art. 13 and 14 GDPR that you need to review and exercise your rights regarding data protection. We are to be designated as the responsible party within the meaning of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) as well as other data protection regulations for our website and the associated data processing. Comprehensive information about our organization can be found in the imprint.

The following privacy policy is divided into the following four sections:

  1. Information about the responsible person
  2. Data processing on our website
  3. Data processing within the scope of our business performance
  4. Data subject rights

 

1.Details of the person responsible

 

Person responsible for data collection:

Sicoya GmbH

Carl-Scheele-Strasse 16

12489 Berlin

Phone: +49 30 6392-6970

E-mail: info@sicoya.de

Data Protection Officer

GFAD Data Protection GmbH

Data Protection Officer

Huttenstrasse 34/35

10553 Berlin

Phone: +49 (0)30 269 111-1

E-mail: datenschutz@gfad.de

2. Data processing on our website

 

Data security on our website

To ensure the security of our website, we use a valid state-of-the-art SSL certificate. A website encrypted with SSL transmits personal data to the server in an encrypted form so that it is impossible for third parties to intercept or read it. A certificate verifies our identity. Depending on your browser, you can see by the lock symbol that there is a secure connection. By clicking on the lock, you can read our online proof of identity. By encrypting the transmission, you can assume that your entered data can only be read by us. You can tell by the address bar that you are connected to our server and that it is not a third-party site.

Protection of minors

Our offer is basically directed at adults. Persons under the age of 18 may not transmit any personal data to us without the consent of their parents or legal guardians.

Hosting

The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating this online offer.

In doing so, we, or our hosting service provider on our behalf, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors of this online offer based on our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 para. 1 lit. f GDPR. The data processing of our hosting service provider is carried out within the framework of a contract processing agreement in accordance with Art. 28 GDPR.

 

Provision of the website and log files

The entry of personal data is not necessary for the purely informational use, i.e. if you do not otherwise transmit information to us, of our website.

Nevertheless, every time our website is called up, personal data that your browser transmits to our server is automatically collected in addition to information from the system of the calling computer or end device of the user. The following data, which is technically necessary for us to display our website to you, is collected by us in this context:

  • Information about the browser type and version used.
  • The user’s Internet service provider
  • The IP address of the user
  • The operating system of the user’s terminal device
  • Date and time of access
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • The previous website from which the user accessed our website
  • Operating system and its interface
  • Language and version of the browser software

The legal basis for the temporary storage of this data in so-called log files are our legitimate interests as the responsible website operator according to Art. 6 para. 1 lit. f. GDPR, to ensure the technical presentation and stability and security of the website.

The temporary storage of the user’s IP address by our system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must necessarily remain stored for the duration of the session. The storage of the above-mentioned data in the log files is done to ensure the functionality of our website. In addition, we use this data to optimize the website and to ensure the security of our information technology systems (e.g. attack detection). An evaluation of the data for marketing purposes does not take place in this context. The above-mentioned data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after 14 days at the latest. Storage beyond this is possible if there are indications of an illegal attack on our systems.

Cookies

When you use our website, cookies are stored on your computer. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the body that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the Internet offer as a whole more user-friendly and effective. We also use cookies to identify you for subsequent visits. The legal basis for the use of cookies is our legitimate interest pursuant to Art. 6 para. 1 lit. f. GDPR, to make our website user-friendly.

This website uses the following types of cookies, the scope and functionality of which are explained below:

Transient cookies

These cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

Persistent cookies

These cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

 

Third-party cookies

For the further development and improvement of our online offer, we use tools from third-party providers that also use cookies on the legal basis of our legitimate interests pursuant to Art. 6 (1) lit. f GDPR and a granted consent pursuant to Art. 6 (1) lit. a GDPR. A processing of your personal data takes place within the framework of an order processing contract according to Art. 28 GDPR. Further information on the third-party tools we use on our website can be found listed separately below as part of our data protection notice.

Prevention of cookies

You can configure your browser setting according to your preferences and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may then not be able to use all functions of this website.

Borlabs Cookie

This website uses Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store your cookie consents. The legal basis for this is the fulfilment of legal requirements pursuant to Art. 6 (1) lit. c GDPR and to obtain effective consents based on our legitimate interests pursuant to Art. 6 (1) lit. f GDPR.

The cookie borlabs-cookie stores the consents that you gave when entering the website. If you wish to revoke these consents, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked again for your cookie consent.

Third-party services

Google Maps

To make it easier for you to find the location of our organization, we have integrated map material from the Google Maps service of Google Ireland Limited into our website via an API for the visual display of geographical information in interactive maps on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. In order to display the content in your browser, Google must receive your IP address, otherwise Google would not be able to show you this embedded content. Google obtains this via an interface (API) and / or via cookies that are set by Google. However, the content of Google maps will only be displayed to you if the service is activated by you as a user in the cookie settings by clicking or the button “Show map” is clicked by the user after you have given us consent in accordance with Art. 6 para. 1 lit. a GDPR. Through appropriate cookie settings, a given consent can be revoked at any time with effect for the future. Therefore, we inform you transparently which data processing takes place when using Google maps.

In addition, the following additional data is transferred to Google Ireland Limited through the use of Google maps, according to our knowledge:

  • Date and time of the visit to the website in question,
  • Internet address or URL of the website accessed, IP address

For the display of the map material, the fonts (web fonts) are loaded from the Google server.

For Google services within the EEA and Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland has been the responsible “data controller” since 22.01.2019. Thus, the data for the provision of the service is processed on servers within the EEA. In the provision of the service, Google Ireland Limited is its own controller within the meaning of Art. 4 No. 7 GDPR. For this purpose, a contractual agreement has been concluded with Google, which can be viewed at https://privacy.google.com/intl/de/businesses/mapscontrollerterms/ .

Nevertheless, it may be necessary for the provision of the service that data is transmitted to the parent company Google LLC.

The transmission of data to Google LLC. Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA” takes place on the basis of the EU standard contractual clauses concluded with Google LLC as part of the Google maps API platform. The EU standard contractual clauses provide a guarantee in accordance with Art. 46 GDPR for an adequate EU level of data protection. As an additional protection measure, the Google maps service will only be activated if you as a user have consented to the service pursuant to Art. 6 (1) lit. a GDPR and the transfer of data to Google LLC in the USA pursuant to Art. 49 (1) lit. a GDPR by means of corresponding cookie settings or by clicking on the “show map” button. We would like to point out that the USA is currently assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities, for control and for monitoring purposes, possibly also without any legal remedy. If you accept “Functional cookies only”, the transmission described above will not take place.

In addition, if you do not want Google to collect, process or use data about you via our website, you have the option to disable JavaScript in your browser settings. In this case, however, you will not be able to use the map display.

The purpose and scope of the data collection and the further processing and use of the data by Google, as well as your rights in this regard and setting options for protecting your privacy, can be found in Google’s privacy policy (https://policies.google.com/privacy?hl=de ).

Google Web Fonts

For the display of Google maps on our website, so-called web fonts are used for the uniform display of fonts, which are provided by Google LLC. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. For this purpose, the browser you use must connect to Google’s servers. This enables Google to know that our website has been accessed via your IP address. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. If your browser uses web fonts not supported, a default font is used by your computer. For more information about Google Web Fonts, see https://developers.google.com/fonts/faq and Google’s privacy policy: https://www.google.com/policies/privacy/ .

For the transmission of data to Google LLC. Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA” there is an adequate EU level of data protection due to the EU standard contractual clauses concluded with Google. For Google services within the EEA and Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland has been the responsible “Data Controller” since 22.01.2019.

Google Analytics

This website uses functions of the web analytics service Google Analytics on the basis of consent granted pursuant to Art. 6 (1) lit. a GDPR for statistical analysis of user behaviour for optimization and marketing purposes. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For Google services within the EEA and Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland is the responsible “data controller” since 22.01.2019. Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. This data is stored for 24 months before it is automatically deleted. The purpose of the Google Analytics component is to analyze the flow of visitors to our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile online reports for us showing the activities on our website, and to provide other services related to the use of our website. For Google services within the EEA and Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland has been the responsible data controller since 22.01.2019.

Data protection and data security in Google Analytics

For the transmission of data to the parent company “Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA”, there is an adequate EU data protection level pursuant to Art. 44 et seq. GDPR.

In addition, Google Analytics and Google Analytics 360 have been certified according to the independent security standard ISO 27001. ISO 27001 is one of the most widely recognized standards in the world. The certification relates to the systems provided via Google Analytics and Google Analytics 360.

IP anonymization

We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website statistically, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google. The controller uses the addition “_gat._anonymizeIp” for web analysis via Google Analytics. By means of this addition, the IP address of the Internet connection of the data subject is shortened and anonymized by Google if access to our Internet pages is from a member state of the European Union or from another state party to the Agreement on the European Economic Area.

 

Browser Add-on

You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser add-on available at the following link to disable Google Analytics: https://tools.google.com/dlpage/gaoptout .

Objection to data collection

If you do not want your website activity to be available to Google Analytics, you can install the browser add-on to disable Google Analytics via the following link https://tools.google.com/dlpage/gaoptout . An opt-out cookie will be set that will prevent the collection of your data during future visits to this website by the Java Script executed on websites (gtag.js, ga.js, analytics.js and dc.js) from sharing activity data with Google Analytics. You may also refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website.

More information on the handling of user data at Google Analytics can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245

 

Social Media Buttons

On our website, we offer the possibility to share external links content on social networks via social media buttons, which are implemented as Shariff buttons. If you use these, you will be redirected to the providers’ pages and corresponding user information will be passed on. This is done on the legal basis of our legitimate interests according to Art. 6 para. 1 lit. f GDPR in the context of public relations to share content with other users.

If you are logged into one of these social networks with your account while using our site and would like to share our content, then this information will be linked to your respective account. We as the operator have no influence on the data that is transmitted to corresponding servers by plug-ins. As a rule, the IP address is transmitted.

For more information on the handling of your data, please refer to the privacy policy of the respective provider:

Facebook: https://de-de.facebook.com/full_data_use_policy

XING: https://privacy.xing.com/de/datenschutzerklaerung

LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=de_DE

 

Contact by e-mail

We can be contacted via the e-mail addresses provided. In this case, the personal data of the sender, i.e. the user, transmitted with the inquiry will be stored. In this context, we would like to point out that the transmission as an unencrypted e-mail has certain security risks, as the possibility of reading or unauthorized access cannot be excluded. The processing of this data, which is transmitted in the course of sending a request, is carried out on the legal basis of Art. 6 para. 1 lit. f. GDPR of our legitimate interests to answer your request satisfactorily. If the request is aimed at the fulfilment of an existing contract or the conclusion of a new contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b. GDPR for the initiation/fulfilment of a contract. The processing of this personal data serves us solely to process the contact.  Your data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data sent by e-mail, this is the case when the respective request is answered and the conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified and no contract has been concluded. Inquiries about the contractual relationship are stored for the duration of the existing contractual relationship membership.

All personal data stored in the course of contacting us will be deleted in this case, provided that there are no legal retention periods to the contrary.

 

Career

You have the option of applying for advertised positions via our online job application. For this purpose, you provide us with personal data, which we process exclusively for the application process. The categories of personal data processed include, in particular, your master data (such as first name, last name, name affixes), contact data (such as private address, (mobile) phone number, e-mail address), as well as all data resulting from your application documents (including health data, if applicable).

As a rule, your personal data is collected directly from you as part of the application process. In addition, we may have received data from third parties (e.g. job placement agencies). In addition, we process personal data that we have permissibly obtained from publicly accessible sources (e.g. professional networks). In the event of inconsistencies in your application documents regarding previous employment relationships or other legitimate interests, we may also process data obtained from previous employers.

We process your personal data in compliance with the provisions of the GDPR, the German Federal Data Protection Act (BDSG-neu) and all other relevant laws (e.g. ArbZG, etc.). The data processing serves exclusively the decision on the establishment of an employment relationship. The primary legal basis for this is Art. 6 para. 1 b) GDPR in conjunction with. § Section 26 (1) BDSG. In addition, your separate consents pursuant to Art. 6 Para. 1 a) and Art. 7 GDPR in conjunction with § 26 Para. § Section 26 (2) BDSG-neu may be used as a data protection permission provision. Insofar as your application documents contain photographs, we regard this as implied consent to the processing of the photograph. In accordance with Art. 7 (3) sentence 1 GDPR, you are entitled to revoke this consent at any time. In addition, due to the European anti-terrorism regulations 2580/2001 and 881/2002, we are obliged to check your data against the so-called “EU terror lists” to ensure that no funds or other economic resources are provided for terrorist purposes.

Insofar as special categories of personal data (in particular health data, e.g. a severe disability) are processed pursuant to Art. 9 (1) GDPR, this serves exclusively to fulfil the obligations incumbent upon us pursuant to Section 164 SGB IX within the scope of the application process. Should we wish to process your personal data for a purpose not mentioned above, we will inform you in advance. This relates in particular to the retention of your application documents for future job advertisements, should your application for a specific vacancy not be successful. In this case, we will obtain a separate declaration of consent from you; otherwise, your application data will be deleted 6 months after completion of the application process, insofar as no employment relationship is established and there are no statutory retention periods to the contrary. In addition, personal data may be retained for the period during which claims can be asserted against us (statutory limitation period of three years).

If you use our application form, your data and the file attachments sent with it will be transmitted via an encrypted connection. Sending by e-mail is not encrypted so that third parties cannot be prevented from gaining knowledge. We, therefore, recommend that you apply via our encrypted application form. Your data will be received by the Human Resources department and forwarded to the department responsible for the advertised position or to the persons entrusted with handling the application process. All parties involved will treat your application documents with due care and confidentiality.

You can request information about the data stored about you. In addition, under certain conditions, you can request that your data be corrected or deleted. You may also have the right to restrict the processing of your data and the right to receive the data you have provided in a structured, common and machine-readable format.

If we process your data to protect legitimate interests (Art. 6(1)(f) GDPR), you may object to this processing on grounds relating to your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

You have the possibility to address a complaint to our data protection officer or to a data protection supervisory authority.

We do not use purely automated processing to bring about a decision – including profiling – on the establishment of an employment relationship.

The data processing serves exclusively to decide on the recipients of the data or categories of recipients.

Within our organization, those entities will have access to your data that need it to fulfil contractual and legal obligations.

External service providers (order processors)

Your data will be shared with service partners, e.g. IT and software service providers for maintenance and support, to assist us in providing our services.

Processing of your personal data by contracted service providers takes place within the framework of order processing pursuant to Art. 28 GDPR.

 

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA) or if this occurs in the context of using third-party services or disclosing, or transferring data to third parties, this will only occur if it is done to fulfil our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or allow the processing of data in a third country only if the special requirements of Art. 44 et seq. GDPR are met. I.e. the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU (EU adequacy decision) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).

Data transfer to the USA

Among other things, the services of companies based in the USA are integrated on our website. If these services are active, your personal data could be transferred to the US servers of the respective companies. We inform you that the USA is currently not a safe third country in the sense of EU data protection law according to the case law of the ECJ. Due to surveillance laws in the USA, US service providers may be obliged to hand over personal data to security authorities without data subjects being able to appeal against this. It can therefore not be ruled out that US authorities, such as intelligence agencies, may process, evaluate and permanently store your data located on servers of US service providers for surveillance purposes. We have no influence on these processing activities.

 

3. Data processing within the scope of our business services

 

Contractual services with business partners

We process the data of our contractual partners and interested parties as well as clients, suppliers, service providers and customers in accordance with Art. 6 para. 1 lit. b. GDPR in order to provide them with our contractual or pre-contractual services. The data processed in this context

he data processing serves exclusively to decide on the recipients of the data or categories of recipients.

The data processing serves exclusively the decision on the data, the type, scope and purpose and the necessity of their processing, are determined by the underlying contractual relationship. The data processed includes the master data of our contractual partners (e.g. names and addresses), contact data (e.g. mail addresses and telephone numbers) as well as contractual data (e.g. services used, contents of the contract, contractual communication, names of contact persons) and payment data (e.g. bank details, payment history). As a matter of principle, we do not process special categories of personal data, unless these are components of a commissioned or contractual processing. We process data that are required for the justification and fulfilment of contractual services and point out the necessity of their disclosure unless this is evident to the contractual partners. Disclosure to external persons or companies is made only if it is necessary in the context of a contract. When processing the data provided to us within the scope of an order, we act in accordance with the instructions of the client as well as the legal requirements.

In the context of the use of our online services, we may store the IP address and the time of the respective user action. The storage is based on our legitimate interests of the user to protect against misuse and other unauthorized use. As a matter of principle, this data is not passed on to third parties unless it is necessary for the prosecution of our claims pursuant to Art. 6 para. 1 lit. f. GDPR or there is a legal obligation to do so pursuant to Art. 6 para. 1 lit. c. GDPR.

The deletion of the data takes place when the data is no longer required for the fulfilment of contractual or legal duties of care as well as dealing with any warranty and comparable obligations, whereby the necessity of keeping the data is reviewed every three years. In all other respects, the statutory retention obligations apply.

Direct advertising

If we receive your e-mail address and postal address in the course of concluding a contract, we may use this data to inform you about our own similar product and service offers by e-mail and post from now on. If you do not wish to receive any further advertising information by e-mail or post, you can object to the use of your contact data for advertising purposes at any time with effect for the future without incurring any costs other than the transmission costs according to the basic rates. You can send your objection by mail or e-mail to the following contact addresses.

Sicoya GmbH

Carl-Scheele-Strasse 16

12489 Berlin

Phone: +49 30 6392-6970

E-mail: info@sicoya.de

 

Recipients of the data or categories of recipients

Within our organization, those entities will have access to your data that need it to fulfil contractual and legal obligations.

External service providers (order processors)

Your data will be passed on to service partners, e.g. IT and software service providers for maintenance and support, in order to support us in the provision of our services.

Any processing of your personal data by contracted service providers is carried out within the framework of order processing pursuant to Art. 28 GDPR.

Other service providers, partners and third parties

We may cooperate with other partners if it is necessary to fulfil our service offerings or if we are legally obligated to disclose data. These may be the following partners or third parties:

  • Credit institutions and payment service providers
  • credit agencies
  • Disclosure to public authorities or by court order
  • advertising agencies
  • Document shredding companies, logistics
  • Advice and consulting, auditors
  • insurance companies
  • Law firms and competent jurisdiction
  • service companies

We make a point of processing your data within the EU. However, we may use service providers that operate outside the EU. In these cases, we ensure that an adequate level of data protection is established before transferring your personal data. This means that via EU standard contracts or an EU adequacy decision, a level of data protection is achieved that is comparable to the standards within the EU.

Origin of personal data

We process personal data that we receive in the course of our business relationship. In addition, to the extent necessary for the provision of our services and for the performance of contracts, we process personal data that we have received from other companies in our group of companies or from other third parties (e.g. credit agencies) in a permissible manner (e.g. for the execution of orders, for the performance of contracts or on the basis of consent given by you). In addition, we process personal data that we have permissibly obtained from publicly accessible sources (e.g. trade and association registers, press, media) and are permitted to process.

Categories of personal data

We process the following categories of personal data about you:

Personnel master data (name, address and other contact data, date of birth), if applicable order and contract data (e.g. delivery order), payment data, data from the fulfilment of our contractual obligations, advertising and sales data, documentation data (data from consulting and service discussions) and comparable data.

Storage of data

As far as necessary, we process and store personal data for the duration of the business relationship. This also includes the initiation and processing of a contract. For the duration of the existence of warranty and guarantee claims, the personal data required for this purpose are stored. In addition, we store personal data insofar as we are legally obligated to do so. Corresponding obligations to provide proof and to store data result from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods for storage or documentation specified there are six years in accordance with commercial law requirements under Section 257 of the German Commercial Code (HGB) and up to ten years based on tax requirements under Section 147 of the German Fiscal Code (AO). We delete personal data of the person concerned as soon as the purpose of storage ceases to apply and legal retention periods do not prevent deletion.

 

4. Rights of data subjects

 

Rights of the data subjects

If personal data of a user is processed, he is a “data subject” within the meaning of the GDPR. He is entitled to the following rights vis-à-vis us as the responsible party:

  • Right to information
  • Right to rectification
  • Right to restriction of processing
  • Right to deletion
  • Right to information
  • Right to data portability
  • Right to object
  • Right to revoke the declaration of consent under the data protection law
  • Right to complain to a data protection supervisory authority Information, blocking, deletion and correction

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if applicable, a right to correction, blocking or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the text above.

 

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:

– If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the check you have

the right to request the restriction of the processing of your personal data.

– If the processing of your personal data happened/happens unlawfully, you may request the restriction of the data processing instead of the erasure.

– If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure.

– If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in performance of a contract handed over to you or to a third party in a common, machine-readable format. If you request direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR).

If data processing is carried out on the basis of Art. 6(1)(e) or (f) GDPR, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection under Article 21(1) GDPR).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) GDPR).

Right of appeal to a supervisory authority

In the event of violations of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged violation. The right of appeal is without prejudice to other administrative or judicial remedies.

Rights in case of data processing according to the legitimate interest

Pursuant to Article 21(1) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) GDPR (data processing in the public interest) or on the basis of Article 6(1)(f) GDPR (data processing for the purposes of a legitimate interest). This also applies to profiling based on this provision. In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Rights in case of direct marketing

If we process your personal data for the purpose of direct marketing, you have the right pursuant to Article 21 (2) GDPR to object at any time to the processing of personal data concerning you for the purpose of such marketing, this also applies to profiling, insofar as it is related to such direct marketing.

In the event of your objection to processing for the purpose of direct marketing, we will no longer process your personal data for these purposes. The objection can be made form-free and should preferably be addressed to: Sicoya GmbH, Carl-Scheele-Strasse 16, 12489 Berlin, phone: +49 30 6392-6970, e-mail: info@sicoya.de

Legal or contractual requirements to provide the personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of not providing the data

We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). For the conclusion of the contract it is necessary that you provide us with personal data. Without this data, we will usually have to refuse to conclude the contract or will no longer be able to perform an existing contract and may have to terminate it. If there is a legal obligation to provide the data, you are obliged to provide us with personal data. If you do not provide the data, we may not enter into the desired business relationship. Before providing personal data by the data subject, the data subject may contact our data protection officer. Our data protection officer will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences of not providing the personal data would be.

Automated decision-making, performance of profiling

For the establishment and implementation of a business relationship, we generally do not use exclusively automated decision-making within the meaning of Art. 22 GDPR.

Objection to advertising e-mails

We hereby object to the use of contact data published within the scope of the imprint obligation to send advertising and information material that has not been expressly requested. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

Changes to the data protection declaration

This data protection declaration is continuously adapted in the course of the further development of the Internet or our offer. We will announce any changes on this page in good time. In order to be informed about the current status of our data usage regulations, this page should be called up regularly. (Current status: October 2020)

 

Consent Management Tool

For the presentation of the website, we use technically necessary cookies. In addition, we use the analysis service Google Analytics and the map material Google maps from Google Ireland Limited to optimize our website. In order to use this service, we need your consent. You can revoke your consent at any time by making the appropriate cookie settings. For more information, please see our privacy policy.

Reference to processing of your data collected on this website in the USA by Google, Facebook and Linkedin: By clicking on “I accept”, you consent at the same time according to Art. 49 para. 1 p. 1 lit. a GDPR that your data is processed in the USA. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by U.S. authorities, for control and for monitoring purposes, possibly also without any legal remedy. If you click on “Accept essential cookies only”, the transmission described above will not take place. You can find further information in our privacy policy.