Data protection regulations for the website (according to the GDPR)
We take the protection and security of your (hereinafter the “user”) personal data (hereinafter “pd”) as defined by Art. 4 no. 1 General Data Protection Regulation (hereinafter “GDPR”) seriously. Consequently, we comply with the statutory provisions to ensure adequate protection of the pd of every single user. We would like to inform you hereinafter about the nature, scope and purpose of the processing of pd: Ambigai Consultancy Services GmbH (hereinafter ”Ambigai.” or “we”) processes pd exclusively within the limits of the applicable data protection regulations. In this Privacy Policy (hereinafter “PP“), we provide you with information according to Art. 13 GDPR regarding the use of the website www.ambigai.net including its sub-pages. First of all, we are going to explain to you who is the responsible body (hereinafter “controller”) and who is the data protection officer; after that, broken down by the different modes of access in the different areas of the website, we provide you with information on the types of pd, the purposes of the processing and the legal basis for the processing, the recipients, if any, and legitimate interests, if any, and the periods until erasure of the pd and with supplementary information, where required. Finally, at the end of this Privacy Policy, we explain to you the rights to which you are entitled. 1. Contact data of the controller (Art. 13 subs. 1 a) GDPR) The controller responsible for the operation of the website and all sub-pages and thus for the handling of pd that is processed in this context is Ambigai Consultancy Services GmbH, Joachimstr. 31, 40545 Düsseldorf, Geschäftsführer: Senthil Kumar Kaliyannan Rangasamy. 2. Contact data of the data protection officer (Art. 13 subs. 1 b) GDPR) Our data protection officer is the lawyer Prof. Klaus Gennen, c/o LLR DSC GmbH, Mevissenstraße 15, 50668 Cologne, email address: gennen@llrdsc.de. 3. Website access a. Types of personal data: Every time a user accesses the website, the following log files of the respective user are collected automatically: Information on the browser type and the browser version used, operating system of the user, address of the website visited before (referrer), IP address of the user, date and time of access. b. Purposes of the processing (Art. 13 subs. 1 c) GDPR): The log files are processed to ensure proper functioning of the website. Moreover, the data serves to ensure the security of information technology systems under which the website is operated. The data is not analysed for marketing purposes or any other purposes. c. Legal basis for the processing, legitimate interests (Art. 13 subs. 1 c) and d) GDPR): The legal basis for the processing of the log files data is Art. 6 subs. 1 f) GDPR, which means that the processing is based on legitimate interests of Ambigai Our legitimate interests consist in the possibility to offer you our web services including the download of documents. d. Recipients/Third parties/Transfer to third countries (Art. 13 subs. 1 e) and f) GDPR): The data is not transferred to third parties (Art. 4 no. 10 GDPR). All data is processed on computers within the European Union. The website hoster only renders pd processing on behalf. The pd is not transferred to a third country and there is no intention to do so either. Transfer of pd to government bodies or authorities is made only within the limits of the law. e. Periods until erasure (Art. 13 subs. 2 a) GDPR): The data is erased as soon as you have terminated your visit of our website at the latest, i.e. as soon as the browser on your computer is closed. For technical reasons, data on the server (log files) is erased regularly every 7 days. 4. Contact by email via the email addresses (other than for application purposes, for this see sec. 7) We offer you the possibility at different points on our website where the applicable email addresses are stated, to contact us directly by email. a. Types of personal data: These types are email address, log files containing information on the quality and attributes of the email and the time of receipt as well as all pd that, for instance, has been disclosed by the sender in his/her email. b. Purposes of the processing (Art. 13 subs. 1 c) GDPR): The purpose of the processing is to answer the user’s request, and, subsequently, perhaps the initiation (taking steps prior to entering into a business relationship), the establishment and performance of a business relationship, depending of the kind of request made from time to time. c. Legal basis for the processing (Art. 13 subs. 1 c) GDPR): The legal basis for the processing of the data which the user transfers to us in the context of an email transmission is Art. 6 subs. 1 f) GDPR when the sender is not our customer yet or does not otherwise maintain a business relationship with us or is involved in the initiation of such a business relationship. If there is already a contractual relationship with the user or such a relationship is intended to be established on the sender’s initiative, the legal basis for the processing is Art. 6 subs. 1 b) GDPR. d. Legitimate interests in the case of processing based on Art. 6 subs. 1 f) GDPR (Art. 13 subs. 1 d) GDPR): Our legitimate interests consist in informing you and answering your request, or, as the case may be, in entering into a business relationship with you where this is part of your request. e. Recipients/ Third parties/Transfer to third countries (Art. 13 subs. 1 e) and f) GDPR): The data is not transferred to third parties (Art. 4 no. 10 GDPR) unless the user has explicitly consented to the transfer. All emails are processed on computers within the European Union, and we have concluded with the email hoster a contract for data processing on behalf according to Art. 28 GDPR. The data is not transferred to a third country and there is no intention to do so either. Transfer of pd to government bodies or authorities is made only within the limits of the law. f. Periods until erasure (Art. 13 subs. 2 a) GDPR): The data is erased upon expiry of six months from the time when the request was settled in technical respect (we know by experience and in consideration of the types of products we offer, that this is the typical request-answer cycle on the part of the user in the case of potential orders for work performance or other requests relating to our products) unless the specific nature of the request requires different handling (e.g. rendering of advice). Where the request leads to a contractual relationship or prepares such a contractual relationship, the data will be erased in accordance with the statutory provisions when the desired contractual or precontractual relationship has ended, that is after expiry of six months from the end of the said relationship unless Art. 17 subs. 3 GDPR applies, in particular where legal obligations to retain the data must be complied with and/or the data is necessary for the establishment, exercise or defence of or against legal claims. 5. Transfer of application documents We offer you the possibility to file an application for our vacancies by email (jobs@ambigai.net). Please do not send your application to another Ambigai email address. a. Types of personal data: These types are email address including the logging of the email on our computers as well as all pd contained in your email that pertain to your application, e.g. title, last name, first name, details from the curriculum vitae, references/ certificates or the like. b. Purposes of the processing (Art. 13 subs. 1 c) GDPR): The purpose of the processing is to select applicants and possibly establish an employment relationship with them. c. Legal basis for the processing (Art. 13 subs. 1 c) GDPR): The legal basis for the processing is § 26 BDSG (German Federal Data Protection Act) (new version), and, as the case may be, Art. 6 subs. 1 b) GDPR (e.g. in the case of an application for freelance work). d. Recipients/ Third parties/Transfer to third countries (Art. 13 subs. 1 e) and f) GDPR): The data is not transferred to third parties (Art. 4 no. 10 GDPR). All emails are processed on computers within the European Union, and we have concluded with the emails hoster a contract for data processing on behalf according to Art. 28 GDPR. The data is not transferred to a third country and there is no intention to do so either. Transfer of pd to government bodies or authorities is made only within the limits of the law. e. Periods until erasure (Art. 13 subs. 2 a) GDPR): The data is erased within six months from termination of the application procedure (decision on whether or not your application is accepted) unless (i) the application was successful and the entire application documents are added to the personnel file (§ 26 BDSG – German Federal Data Protection Act), (ii) you as the applicant have explicitly consented that your data is entered in a talents pool for a certain period of time (after expiry of which the data will be erased) and/or (iii) Art. 17 subs. 3 GDPR applies, in particular where legal obligations to retain the data must be complied with and/or the data is necessary for the establishment, exercise or defence of or against legal claims. 6. Rights of the user (Art. 13 subs. 2 b) – e), Art. 7 subs. 3 GDPR) - The user, subject to the statutory conditions being fulfilled, has the right at any time to request information which data relating to him or her we have stored, Art. 15 GDPR, as well as the right to rectification of this data, Art. 16 GDPR, the right to restriction of the processing, Art. 18 GDPR, and the right to erasure of his or her data, Art. 17 GDPR. - Where the user has asserted a right to rectification, erasure or restriction of the pro-cessing against Ambigai, Ambigai will communicate any such rectification or erasure of data or restriction of processing to each recipient to whom the relevant pd has been disclosed, unless this proves impossible or involves disproportionate effort. - Moreover, the user has the right to withdraw any consent he/ she has given (Art. 7, Art. 6 subs. 1 a) GDPR), see Art. 7 subs. 3 GDPR. The withdrawal of consent does however not affect the lawfulness of processing based on consent before its withdrawal. - In addition, the user has the right to object, on grounds relating to his or her particular situation, at any time to processing of pd concerning him or her which is based on Art. 6 subs. 1 e) or f) GDPR, see Art. 21 GDPR. - Moreover, the user has the right to receive the pd concerning him or her, which he or she has provided to Ambigai, in a structured, commonly used and machine-readable format provided that the statutory conditions are fulfilled (right to data portability, Art. 20 GDPR) - In all other respects, the user has the right to lodge a complaint with a supervisory authority provided that the statutory conditions are fulfilled, see Art. 77 GDPR. When the user wants to exercise any of the aforesaid rights, he/she must address to the bodies/ persons designated in sec. 1 or 2.