Privacy Policy

What sources and data do we use?insert_link

1. We process those data that are required in connection with the establishment, implementation and/or termination of our business relationships. We usually collect this data directly from you, e.g. when you purchase a product via our website, when you request a quote or place an order, or when you contact us via our website, by e-mail, at trade fairs or similar events.

2. The personal data we process include:

   • Surname, first name and gender (for the form of address)
   • address
   • usually two means of contact (e.g. telephone number and e-mail address)
   • records of business transactions (e.g. payment data and order history) as well as the respective correspondence
   • depending on the business purpose, possibly also user IDs for protected areas on our website

What do we process your data for (purpose of processing) and on what legal basis?insert_link

1. We use the data listed above for the preparation and fulfilment of business transactions and to establish and maintain effective business communication. The legal basis for these processing operations is Art. 6 (1) lit. b GDPR, which permits the processing of personal data for the performance of a contract or pre-contractual measures.

2. If we receive your e-mail address when you place an order via our website, we may use it to send you advertising or newsletters. The legal basis for this processing is Art. 6 Para. 1 lit. f GDPR, which allows the processing of personal data if there is a legitimate interest of the company. Our legitimate interest is direct advertising. If you do not wish to receive newsletters etc., you can exercise your right to object and inform us of this informally by e-mail or post (see also point 11 of this data protection notice) or use the unsubscribe link in a delivered e-mail. The legality of the use of your data until the objection remains unaffected by the objection.

3. It is possible that we may collect further data from you at a later date or wish to use it in a different way. Should this occur, we will ask you for your consent in accordance with Art. 6 Para. 1 lit. a in conjunction with Art. 7 GDPR and inform you accordingly. If you give us this consent, it can be revoked informally at any time.

4. If your data may be required for legal prosecution, processing may be carried out to safeguard our legitimate interests in accordance with Art. 6 Para. 1 lit. f GDPR. Our interest then consists in the assertion or defence of claims, for example within the scope of the duty of proof in proceedings.

Who receives my data?insert_link

1. In our company, only those persons have access to your data who need it for the smooth implementation of our business relationship. This may involve several specialist departments in our company, depending on which services or products you obtain from us. Furthermore, our IT department has access to your data for exclusively technical processing.

2. Service providers used by us may also be recipients of your personal data within the scope of order processing pursuant to Art. 28 GDPR.

3. Within the scope of processing your orders, it is sometimes necessary for us to transfer certain data to our corresponding service providers, who are based in Germany, other European countries or the European Economic Area. This includes, for example, your name, your first name, if applicable, and your address.

4. Under certain circumstances, we may have to disclose certain data to the corresponding authorized bodies as part of our legal obligations.

Is data transferred to a third country or to an international organization?insert_link

1. As a rule, data is not transferred to organizations in countries outside the European Economic Area (so-called third countries). Nevertheless, a data transfer to third countries may take place in individual cases, insofar as:

   • it is required by law,
   • you have given us your consent or
   • this is legitimized by the legitimate interest under data protection law and no higher interests of the data subject worthy of protection are opposed to this.

2. Beyond this, we do not transfer personal data to bodies in third countries or international organizations.

3. However, we use service providers for certain tasks, most of which also use service providers that may have their headquarters, parent company or data centres in a third country. A transfer is permitted if the European Commission has decided that an adequate level of protection exists in a third country (Art. 45 GDPR). If the Commission has not made such a decision, we or our service providers may only transfer personal data to a third country if appropriate safeguards are in place (e.g., standard data protection clauses adopted by the EU Commission or the supervisory authority in a specific procedure) and enforceable rights and effective remedies are available.

4. We have concluded appropriate contracts with our service providers and have also contractually agreed that data protection guarantees must always be in place with their contractual partners as well, in compliance with the European level of data protection.

How long will my data be stored?insert_link

1. We store your data for the entire duration of the business contact between you and us, which includes, in particular, the existence of a contract, order or pre-contractual measures. If no contract or order currently exists or the term of a contract ends, your data will be deleted from our customer database after one year without business contact.

2. In addition, we store your data only to the extent and insofar as we are obligated to do so due to mandatory legal regulations, such as retention periods under commercial or tax law. This applies to a period of generally ten years. If we no longer need your data for the purposes described above, it will be stored separately for the relevant statutory retention period and not processed for other purposes. After the expiration of the legal retention periods, all data still in existence will be securely deleted or destroyed immediately.

What data protection rights do I have?insert_link

1. Every data subject has the right to information under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR, the right to object under Article 21 of the GDPR and the right to data portability under Article 20 of the GDPR. With regard to the right to information and the right to erasure, the restrictions pursuant to Sections 34 and 35 BDSG apply. In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 GDPR).

2. You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us before the applicability of the General Data Protection Regulation, i.e. before May 25, 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.

Is there an obligation to provide data?insert_link

1. Initially, the provision of your personal data is neither legally nor contractually required, nor are you obliged to provide this data.

2. However, if you yourself are in a direct business relationship with us, you must provide those personal data that are required for the establishment and performance of a business relationship and the fulfilment of the associated contractual obligations. Without this data, we will usually have to refuse to conclude the contract or execute the order, or we will no longer be able to perform an existing contract and may have to terminate it.

To what extent is there automated decision-making?insert_link

We do not use automated decision-making pursuant to Article 22 GDPR for the establishment, execution and termination of the business relationship. Should we use these procedures in individual cases, we will inform you separately about this and about your rights in this regard, insofar as this is required by law.

Does profiling take place?insert_link

We do not process your data with the aim of automatically evaluating certain personal aspects.

Information about your right to object according to Article 21 GDPRinsert_link

1. Individual right of objection.

   1. You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(f) of the GDPR (data processing based on a balance of interests). This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.

   2. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

2. Recipients of an objection

   1. The objection can be made informally with the subject "Objection", stating your name and address and, if you use your right to object to direct marketing by mail, your e-mail address, and should be addressed to the contact details mentioned under point I.

Further information about the websiteinsert_link

You can order our products directly via our website. Please note the additional information on data protection that applies to our website. These can be found on our website www.tracking3.io under the item "Privacy Policy" or directly at https://www.tracking3.io/legal/privacy.

Changes to this privacy policyinsert_link

We revise this data protection notice in the event of changes to data processing or other occasions that make this necessary. You will always find the current version on this website.

What sources and data do we use?insert_link

1. We process the data you have sent us in connection with your application in order to assess your suitability for the position (or other open positions in our companies, if applicable) and to carry out the application process.

2. The personal data we process include:

   • Personal details (e.g. name and address and contact details).
   • Information on qualifications (e.g. education, work experience, language skills and further training).

What do we process your data for (purpose of processing) and on what legal basis?insert_link

1. The primary legal basis for processing your personal data in this application procedure is Section 26 of the BDSG. According to this, the processing of data that is required in connection with the decision on the establishment of an employment relationship is permissible.

2. Insofar as an employment relationship is established between you and us, we may further process the personal data already received from you for the purposes of the employment relationship in accordance with Section 26 (1) BDSG if this is necessary for the performance or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of the employee representation resulting from a law or a collective agreement, a works agreement or a service agreement (collective agreement).

3. It may happen that we are unable to consider you directly for filling a position, but would still like to keep your application on file so that we can contact you quickly if necessary. Should this occur, we will ask you for your consent in accordance with Section 26 (2) BDSG to include your application in our application pool for a certain period of time. If you give us this consent, it can be revoked informally at any time.

4. Should your data be required for legal prosecution after the application process has been completed, processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular, to safeguard legitimate interests in accordance with Art. 6 Para. 1 lit. f GDPR. Our interest then consists of asserting or defending claims, for example within the scope of the duty of proof in proceedings under the General Equal Treatment Act (AGG).

Who receives my data?insert_link

1. Your applicant data will be viewed by the HR department after receipt of your application. Suitable applications will then be forwarded internally, if necessary, to the person responsible for the respective open position. Subsequently, the further procedure is coordinated. In principle, only those persons in the company have access to your data who require it for the proper conduct of our application procedure.

Is data transferred to a third country or to an international organization?insert_link

1. As a rule, data is not transferred to organisations in countries outside the European Economic Area (so-called third countries). Nevertheless, data may be transferred to third countries in individual cases, insofar as:

   • it is required by law,
   • you have given us your consent or
   • this is legitimised by the legitimate interest under data protection law and no higher interests of the data subject worthy of protection are opposed to this.

2. Beyond this, we do not transfer any personal data to bodies in third countries or international organisations.

3. However, we use service providers for certain tasks, most of which also use service providers that may have their registered office, parent company or data centres in a third country. A transfer is permitted if the European Commission has decided that an adequate level of protection exists in a third country (Art. 45 GDPR). If the Commission has not made such a decision, we or our service providers may only transfer personal data to a third country if appropriate safeguards are in place (e.g. standard data protection clauses adopted by the EU Commission or the supervisory authority in a specific procedure) and enforceable rights and effective remedies are available.

4. We have concluded appropriate contracts with our service providers and have also contractually agreed that data protection guarantees must always exist with their contractual partners as well, in compliance with the European level of data protection.

How long will my data be stored?insert_link

1. We store your personal data for as long as is necessary for the decision on your application. Should you be awarded a position during the application process, your applicant data will be transferred to our personnel information system.

2. If we are unable to consider you for a position immediately and you consent to the further storage of your personal data, we will transfer your data to our applicant pool. Your data will be deleted there after the agreed period of time (usually 12 months) or after you revoke your consent.

3. If an employment relationship between you and us does not materialise, we may also continue to store data insofar as this is necessary to defend against possible legal claims. This usually includes six months after notification of the rejection or until the final decision in a pending legal dispute.

What data protection rights do I have?insert_link

1. Every data subject has the right to information under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR, the right to object under Article 21 of the GDPR and the right to data portability under Article 20 of the GDPR. With regard to the right to information and the right to erasure, the restrictions pursuant to Sections 34 and 35 BDSG apply. In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 GDPR).

2. You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us before the applicability of the General Data Protection Regulation, i.e. before 25 May 2018. Please note that the revocation only takes effect in the future. Processing that took place before the revocation is not affected.

Is there an obligation to provide data?insert_link

1. The provision of your personal data is neither legally nor contractually required, nor are you obliged to provide this data. However, the provision of this data is necessary for the conclusion of a contract of employment with us. Without this data, we will not be able to enter into or perform an employment relationship with you.

To what extent is there automated decision-making?insert_link

We do not use automated decision-making pursuant to Article 22 of the GDPR to establish, implement and terminate the employment relationship. Should we use these procedures in individual cases, we will inform you separately about this and about your rights in this regard, insofar as this is required by law.

Does profiling take place?insert_link

We do not process your data with the aim of automatically evaluating certain personal aspects.

Information about your right to object according to Article 21 GDPRinsert_link

1. Individual right of objection.

   1. You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(f) GDPR (data processing based on a balance of interests). This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.

   2. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

2. Recipients of an objection

   1. The objection can be made informally with the subject "Objection", stating your name, address and date of birth, and should be addressed to the contact details mentioned in point 1 or to the channel used for the application.

Changes to this privacy policyinsert_link

We revise this data protection notice in the event of changes to data processing or other occasions that make this necessary. You will always find the current version on this website.

What sources and data do we use?insert_link

1. We process personal data that we have received from you insofar as this is necessary for the purposes of recruitment, fulfilment of the employment contract and termination of the employment relationship. In addition, we process personal data of our employees and other comparably affected persons that regularly arise in the context of the employment relationship.

2. The personal data we process include:

   • personal data (e.g. name and address and contact details and date and place of birth and nationality)
   • family data (e.g. marital status and details of children)
   • religious affiliation
   • health data (e.g. notifications of incapacity to work and others, if relevant to the employment relationship, e.g. in the case of severe disability)
   • Tax identification number
   • Information on qualifications and employee development (e.g. education, work experience, language skills and further training)
   • Information on the employment relationship (e.g. date of entry and job title)
   • data relevant to payroll tax from the fulfilment of contractual obligations (e.g. salary payment)
   • information on the financial situation of employees (e.g. credit liabilities and salary garnishments, if applicable)
   • Social security data
   • Data on retirement benefits or pension funds
   • Working time data (e.g. working time records and holiday and sickness and data related to business trips)
   • Entry data
   • Authorisation data (e.g. equipment access and authority access rights)
   • Image and sound data (e.g. badge photo and video and telephone recordings)
   • Employee evaluation data
   • log data of IT-based systems, if applicable
   • as well as other data comparable with the above categories.

What do we process your data for (purpose of processing) and on what legal basis?insert_link

1. We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG):

2. To fulfil contractual obligations (Section 26 BDSG).

   1. Data is processed for the purpose of establishing, implementing or terminating the employment relationship within the framework of the contract existing with you or for the purpose of implementing pre-contractual measures that are carried out upon request. If you make use of additional benefits (e.g. childcare subsidy, pension scheme), your data will be processed to fulfil these additional benefits, insofar as this is necessary.

3. Within the framework of the balancing of interests (Art. 6 para. 1 f GDPR)

   1. Where necessary, we process your data beyond the actual performance of the contract to protect the legitimate interests of us or third parties. Examples of such cases are:

      • Measures for personnel development planning
      • Measures for the protection of employees and customers as well as for the protection of the company's property
      • Video surveillance to protect the right of access to the premises and to detect criminal offences
      • Evaluation of work procedures for work control and improvement of processes (e.g. evaluations of the number of work records or processing time of services for customers)
      • Publication of official contact data on the intranet and internal telephone directory and on the website
      • Records of staff appraisals (e.g. documentation of set targets and achievement of targets).

4. Based on your consent (Art. 6 para. 1 a GDPR in conjunction with Art. 88 GDPR and § 26 para. 2 BDSG)

   1. If you have given us consent to process your personal data, processing will only take place in accordance with the purposes and to the extent agreed in the declaration of consent. Consent given can be revoked at any time with effect for the future. This also applies to the revocation of declarations of consent given to us prior to the application of the GDPR, i.e. prior to 25 May 2018. The revocation of consent only takes effect for the future and does not affect the lawfulness of the data processed until the revocation.

   2. This concerns:

      • Use and, if applicable, publication of employee pictures, e.g. on the website

5. Due to legal requirements (Art. 6 para. 1 c GDPR as well as Art. 88 GDPR and § 26 BDSG).

   1. As a company, we are subject to various legal obligations, i.e. legal requirements (e.g. social security law, occupational health and safety, professional code of conduct for lawyers, tax laws, if applicable) as well as supervisory requirements (e.g. of the bar associations). The purposes of the processing include, among others, identity verification, the fulfilment of social security and tax law control, reporting or documentation obligations as well as the management of risks in the company.tion.

   2. Insofar as special categories of personal data are processed pursuant to Art. 9 (1) GDPR, this serves the exercise of rights or the fulfilment of legal obligations from labour law, social security law and social protection within the framework of the employment relationship (e.g. disclosure of health data to the health insurance fund, recording of severe disability due to additional leave and determination of the severe disability levy). This is done on the basis of Art. 9 para. 2 b GDPR in conjunction with. § Section 26 (3) BDSG. In addition, the processing of health data for the assessment of their ability to work pursuant to Art. 9 para. 2 h in conjunction with. § Section 22 (1) b BDSG. In addition, the processing of special categories of personal data may be based on consent pursuant to Art. 9 para. 2 a GDPR in conjunction with. § Section 26 para. 2 BDSG new (e.g. operational integration management).

Who receives my data?insert_link

1. Within the company, access to your data is granted to those offices that need it to fulfil contractual, legal and supervisory obligations as well as to safeguard legitimate interests, e.g. the HR department, representatives of the severely disabled.

2. Service providers and vicarious agents employed by us may also receive data for these purposes, insofar as they require the data to perform their respective services. These are, for example, companies in the categories of training providers and IT services. All service providers are contractually obliged to treat your data confidentially.

3. With regard to the transfer of data to recipients outside our company, it should first be noted that as an employer we only pass on necessary personal data in compliance with the applicable data protection regulations. As a matter of principle, we may only disclose information about our employees if this is required by law, if you have consented to it or if we are otherwise authorised to disclose it.

4. Under these conditions, recipients of personal data may be e.g:

   • Social security institutions
   • Health insurance companies
   • pension funds
   • Tax authorities
   • Employer's liability insurance associations
   • Public bodies and institutions (e.g. tax authorities and law enforcement agencies) if there is a legal or official obligation to do so
   • other companies for the processing of salary payments or comparable institutions to which we transmit personal data for the purpose of implementing the contractual relationship (e.g. for salary payments)
   • Auditors and payroll tax auditors
   • service providers within the framework of order processing relationships

5. Other data recipients may be those bodies for which you have given us your consent to transfer data or to which we are authorised to transfer personal data on the basis of a balancing of interests.

Is data transferred to a third country or to an international organization?insert_link

1. As a rule, data is not transferred to countries outside the European Economic Area (so-called third countries). Nevertheless, data may be transferred to third countries in individual cases, insofar as:

   • it is required by law,
   • you have given us your consent or
   • this is legitimised by the legitimate interest under data protection law and no higher interests of the data subject worthy of protection conflict with this.

2. Beyond that, we do not transfer personal data to entities in third countries or international organisations.

3. However, we use service providers for certain tasks, most of which also use service providers that may have their registered office, parent company or data centres in a third country. A transfer is permitted if the European Commission has decided that an adequate level of protection exists in a third country (Art. 45 GDPR). If the Commission has not made such a decision, we or our service providers may only transfer personal data to a third country if appropriate safeguards are in place (e.g. standard data protection clauses adopted by the EU Commission or the supervisory authority in a specific procedure) and enforceable rights and effective remedies are available.

4. We have concluded appropriate contracts with our service providers and have also contractually agreed that data protection guarantees must always be in place with their contractual partners as well, in compliance with the European level of data protection.

How long will my data be stored?insert_link

1. We process and store your personal data as long as this is necessary for the fulfilment of our contractual and legal obligations. It should be noted that the employment relationship is a continuing obligation that is intended to last for a longer period of time.

2. If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted, unless its - temporary - further processing is necessary for the following purposes:

   • Fulfilment of legal obligations to retain data, which may result, for example, from: Social Security Code (SGB IV), Commercial Code (HGB) and Fiscal Code (AO). The periods specified there for storage or documentation are generally six to ten years.
   • Preservation of evidence within the framework of the statutory limitation provisions. According to §§ 195 ff of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being 3 years.

3. If the data processing is carried out in the legitimate interest of us or a third party, the personal data will be deleted as soon as this interest no longer exists. The aforementioned exceptions apply here. The same applies to data processing based on consent given. As soon as this consent is revoked by you for the future, the personal data will be deleted, unless one of the exceptions mentioned applies. If the data is stored on the basis of a company agreement, the storage period is regulated there.

What data protection rights do I have?insert_link

1. Every data subject has the right to information under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR, the right to object under Article 21 of the GDPR and the right to data portability under Article 20 of the GDPR. With regard to the right to information and the right to erasure, the restrictions pursuant to Sections 34 and 35 BDSG apply. In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 GDPR).

2. You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us before the applicability of the General Data Protection Regulation, i.e. before 25 May 2018. Please note that the revocation only takes effect in the future. Processing that took place before the revocation is not affected.

Is there an obligation to provide data?insert_link

1. Within the scope of the employment relationship, you must provide those personal data that are necessary for the establishment, implementation and termination of an employment relationship and for the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will generally not be able to enter into or perform the contract with you.

To what extent is there automated decision-making?insert_link

We do not use automated decision-making pursuant to Article 22 of the GDPR for the establishment, implementation and termination of the working relationship. Should we use these procedures in individual cases, we will inform you separately about this and about your rights in this regard, insofar as this is required by law.

Does profiling take place?insert_link

We do not process your data with the aim of automatically assessing certain personal aspects.

Information about your right to object according to Article 21 GDPRinsert_link

1. Individual right of objection.

   1. You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(f) GDPR (data processing based on a balance of interests). This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

2. Recipients of an objection

   1. The objection can be made informally with the subject "Objection", stating your name, address and date of birth, and should be addressed to the contact details mentioned under point 1 or directly to your HR manager.

Changes to this privacy policyinsert_link

We revise this data protection notice in the event of changes to data processing or other occasions that make this necessary. You will always find the current version on this website.