Scope of application
PC CADDIE AG
Phone +41 41 5110600
Fax +41 41 5110699
email info (at) pccaddie.com
Data protection officer
Klug Datenschutz – Consulting
Kaiser- Willhelm-Straße 93
email datenschutz (at) pccaddie.com
Types of data processed
- Inventory data (e.g., surname, forename, addresses)
- Contact details (e.g., email, telephone number)
- Content data (e.g., text input, photographs, videos)
- Usage data (e.g., websites visited, interest in content, access times)
- Meta - / communication data (e.g., device information, operating system, browser, IP address)
Purpose of processing
We process personal data for the following purposes:
- Providing the online offer, features and content
- Answering contact requests and communicating with users
- Safety measures Range / Marketing Measures
The definitions of terms according to Art. 4 of the General Data Protection Regulation (EU-GDPR) apply.
Relevant legal bases
In accordance with the provisions of Art. 13 EU-GDPR, we inform you of the legal basis for the processing of your personal data. Unless the legal basis is subsequently explicitly stated, the following applies:
- Legal basis for consent – Art. 6 para. 1 letter a) and Art. 7 EU-GDPR
- Legal basis for performance of contract – Art. 6 para. 1 letter. b) EU-GDPR
- Legal basis for fulfilling a legal obligation – Art. 6 para. 1 letter c) EU-GDPR
- Legal basis for safeguarding our legitimate interests – Art. 6 para. 1 letter f) EU-GDPR
Collaboration with processors and third parties
If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit data to them or otherwise grant them access to the data, this shall only take place on the basis of a legal permission, if you have given consent, if this is required by law or based on our legitimate interests (when using webhosters, etc.). The concrete legitimate interest is explicitly indicated in such a case or explicitly described. If we commission third parties with the processing of data based on a so-called "processing contract," this will be done on the basis of Art. 28 EU-GDPR.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of using third-party services or disclosure or transmission of data to third parties, this will only be done to fulfill our (pre-)contractual obligations, based on your consent, if required by law or based on our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Art. 44 ssq. GDPR are fulfilled.
You have the right to request confirmation as to whether relevant data are being processed and to request information about such data as well as further information and a copy of the data pursuant to Art. 15 EU-GDPR.
According to Art. 16 EU-GDPR you have the right to request completion of the data concerning you or correction of any incorrect data concerning you.
Pursuant to Art. 17 EU-GDPR, under the conditions stated there, you have the right to request that the relevant data will be deleted immediately or, alternatively, pursuant to Art. 18 EU-GDPR, to request a restriction of the processing of data.
You have the right to request provision of the data concerning you that you have provided to us pursuant to Art. 20 EU-GDPR and to request their transfer to other controllers (data portability).
You also have the right to file a complaint with the competent supervisory authority, in accordance with Art. 77 EU-GDPR.
Right to withdraw
You have the right to withdraw your consent at any time pursuant to Art. 7 para. 3 EU-GDPR with effect for the future, without stating reasons.
Right to object
You may object to the future processing of your data at any time pursuant to Art. 21 EU-GDPR. Such objection may be made in particular against processing for direct marketing purposes. For this, please use the contact listed above under "Responsible".
Cookies and right to object in case of direct marketing
'Cookies' are small files that are stored on the users' computers. Different types of information can be stored by such cookies. A cookie is primarily used to store the information about a user (or the device where the cookie is stored) during or after their visit to a website.
Temporary cookies, or 'session cookies' or 'transient cookies' are cookies that are deleted after a user has left a website and closes the browser. Such a cookie may store, for example, the contents of a shopping cart in an online store or a login jam.
Cookies are 'permanent' or 'persistent' if they remain stored even after the browser has been closed. For example, the login status can be saved if users visit again the website. Similarly, such a cookie can also store the users' interests, which are used for range measurement or marketing purposes.
'Third-party cookie' refers to cookies that are offered by providers other than the person responsible for operating the website (otherwise, if only their cookies are used, they are called 'first-party cookies').
If users do not want cookies stored on their computer, they are asked to make the relevant settings in their browser's system, for example to disables the Cookies. Stored cookies can be deleted in the browser's system settings. The exclusion of cookies can lead to functional restrictions of this online offer.
Deletion of data
According to legal requirements in Germany, the storage takes place in particular for 10 years according to §§ 147 para. 1 AO, 257 para. 1 No. 1 and 4, para 4 HGB (books, records, management reports, accounting documents, trading books, documents relevant for taxation, etc.) and 6 years in accordance with § 257 para. 1 no. 2 and 3, para. 4 HGB (commercial letters). (HGB - Handelsgesetzbuch, German commercial code).
In addition, we process
- Contract data (e.g., subject, term, customer category)
- Payment data (e.g., bank details, payment history)
from our customers, prospects and business partners, for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.
The hosting services we use provide: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services that we use for the purpose of operating this online offering.
Our hosting provider processes inventory data, contact data, content data, contract data, usage data, meta- and communication data of customers, interested parties, and visitors of our website on the basis of our legitimate interests in an efficient and secure provision of this online offer according to Art. 6 para. 1 letter f) EU-GDPR in conjunction with. Art. 28 EU-GDPR (conclusion of order processing contract).
Collection of access data and log files
Our hosting provider collects data on the basis of our legitimate interests within the meaning of Art. 6 para. 1 letter f) EU-GDPR, on each access to the server on which this service is located (so-called server log files). Access data includes:
- the name of the accessed website,
- date and time of access,
- transferred data volume,
- notification of successful access,
- browser type and version,
- the user’s operating system,
- referrer URL (the previously visited page),
- IP address,
- the requesting provider.
Log file data will be stored for security reasons (e.g., to investigate misuse or fraud) and deleted within 7 days. Data needed for security incident handling are excluded from deletion until the final clarification of the incident.
Provision of our business services
We process the data of our prospects, customers or other persons in accordance with Art. 6 para. 1 letter b) EU-GDPR, if we offer them contractual services (of course, also in terms of pre-contractual exchange), or in the context of an existing business relationship, e.g. to serve their customers or are themselves recipients of services. We process the data of affected persons in accordance with. Art. 6 para. 1 letter f) EU-GDPR based on our legitimate interests, e.g. when it comes to administrative tasks or public relations.
The data processed, the nature, scope, purpose and necessity of its processing are determined by the underlying contractual relationship. This includes in principle inventory and master data of the persons (e.g., name, address, etc.), as well as the contact data (e.g., email address, telephone, etc.), the contract data (e.g., services used, communicated content and information, names of contact persons) and payment data (e.g., bank details, payment history, etc.) providing we offer paid services or products.
We delete data that is no longer necessary for the performance of our statutory and business purposes. This depends on the respective task, as well as the contractual relationships. In the case of business processing, we retain the data for as long as it may be relevant to the transaction (fulfillment of the contract), as well as with regard to any warranty or liability obligations. The necessity of keeping the data is checked every three years; otherwise the statutory storage obligations apply.
Administration, financial accounting, office organization, contact management, support services
We process data in the context of general administrative tasks, as well as organization of our business, financial accounting and in compliance with legal obligations, e.g. archiving. In addition, we also process personal information relating to support services for our customers. In doing so, we process the same data that we process in the course of rendering our contractual services. The processing principles are according to Art. 6 para. 1 letter c) EU-GDPR and Art. 6 para. 1 letter f) EU-GDPR. The processing affects customers, prospects, business partners and website visitors. The purpose and our interest in processing lies in the administration, financial accounting, office organization, archiving of data, as well as the provision of support services. The deletion of the data with regard to contractual services and contractual communication corresponds to the information given in these processing activities.
We disclose or transmit data to the financial services, consultants, such as tax accountants or auditors, and other fee agents and payment service providers. In addition, the data may also be communicated to other companies of the PC CADDIE Group for their respective purposes (for example, in the case of support or in the case of internet services). Our contract partners are listed below:
PC CADDIE Service GmbH
Phone +49 2642 9854110
Fax +49 2642 9854199
email info (at) pccaddie.com
PC CADDIE://online GmbH & Co. KG
Stubber Weg 39
Phone +49 2642 9854120
Fax +49 2642 9854169
email info (at) pccaddie-online.de
Furthermore, based on our business interests, we store information about suppliers, promoters and other business partners, e.g., for later contact. This mostly business related information is in general permanently stored.
We process the applicant data only for the purpose and in the context of the application process in accordance with the legal requirements, i.e. according to § 26 BDSG (BDGS- Bundesdatenschutzgesetz, Federal Data Protection Act) to establish an employment relationship or selection of the appropriate applicant (m/f/d). The processing of the applicant data takes place in order to fulfill our (pre-)contractual obligations in the context of the application process within the scope of Art. 6 para. 1 letter b) EU-GDPR, Art. 6 para. 1 letter f) EU-GDPR and § 26 BDSG insofar as the data processing becomes necessary for us, e.g., in legal proceedings.
The application process requires applicants to provide us with the applicant data. The necessary applicant data are marked as such in our online form, otherwise result from the job descriptions and basically include the information on the person, postal and contact addresses, and the documents belonging to the application, such as cover letter, CV and certificates. In addition, applicants can voluntarily provide us with additional information.
By submitting the application to us, applicants agree to the processing of their data for the purposes of the application procedure in accordance with the type and scope set out in this data protection declaration.
Insofar as special categories of personal data within the meaning of Art. 9 para 1 EU-GDPR are voluntarily communicated within the framework of the application procedure, their processing is additionally carried out in accordance with Article 9 para 2 letter b) EU-GDPR (e.g., medical data such as severe disability or ethnic origin). If, within the scope of the application procedure, special categories of personal data as defined by art. 9 para. 1 GDPR are requested from the applicant, they are also processed according to art. 9 para. 2 letter a GDPR (e.g. health data, if they are required for the professional activity).
Applicants can send us their applications by e-mail. Please note, however, that e-mails are not sent in encrypted form (i.e., not fully encrypted, but only transport encrypted) and that applicants themselves must provide encryption. We cannot therefore accept any responsibility for the transmission of the application between the sender and reception on our server, and therefore recommend that you also send your documents by post.
If the application is successful, the data provided by the applicants can be further processed by us for the purpose of employment. Otherwise, if the application for a job offer is not successful, the applicants’ data will be deleted. Applicants’ data will also be deleted if an application is withdrawn, which the applicants are entitled to do at any time.
Candidates will be deleted after a period of six months, subject to justified revocation, so that we can answer any follow-up questions to the application and meet our obligations under the General Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax regulations.
As part of the application, we offer applicants the opportunity to remain in our "Applicant pool" for a period of two years, on the basis of a consent within the meaning of Art. 6 para. 1 letter a) and Art. 7 EU-GDPR.
The application documents in the applicant pool are processed solely in the context of future job openings and job searches, and will be destroyed at the latest after the deadline. Candidates are informed that their consent to be admitted to the applicant pool is voluntary, has no influence on the current application process, and that they can withdraw this consent at any time in the future and declare an objection under Art. 21 EU-GDPR.
Applicants in the applicant pool will also be included for further openings, without them having to re-apply.
When contacting the provider (for example, via contact form or e-mail), the the user’s details are stored according to Art. 6 para. 1 letter b) EU-GDPR, for the purpose of processing the request, as well as in the event that follow-up questions arise, stored. The requests can be stored digitally in a CRM system or a similar "management system".
The deletion takes place when the data is no longer required because the purpose has been achieved, or is no longer achievable. A review of the need for data is done once a year.
Comments and posts
If users leave comments in the blog or other posts, their IP addresses will be stored on the basis of our legitimate interest to identify those posting comments or contributing (Art. 6 para. 1 letter f) EU-GDPR). This is for our security, in the event that someone posts inappropriate content (insults, prohibited political propaganda, etc.) in comments and posts. In this case, we may be sued for the comment or post, and are therefore interested in the identity of the author.
We also reserve the right, in accordance with our legitimate interests and confirming to Art. 6 para. 1 letter f) EU-GDPR, to process user information for the so-called "spam detection". If someone uses the comment or post function as SPAM, we are, of course, interested in blocking this user if necessary, in order to prevent further SPAM activities.
The follow-up comments can be made by users with their consent, according to Art. 6 para. 1 letter a) EU-GDPR. Users will receive a confirmation email to verify that they own the email address they entered. Users can unsubscribe from ongoing comment subscriptions and revoke their consent. The confirmation email will contain notes. For the purpose of proving the consent of the users, we save the registration time together with the IP address of the users, and delete this information when users unsubscribe.
You can cancel the subscription at any time, i.e., revoke your consent. We may save the submitted email addresses for up to three years before we delete them based on our legitimate interests to provide evidence for prior consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for cancellation is possible at any time, provided that at the same time the former existence of a consent is confirmed.
Our newsletter informs you about our company and our offers.
You can register to receive our newsletter. For this purpose, you must send us your email. You can choose to send us other information that assists in the optimization of the newsletter distribution. We assure you that we will not disclose your personal data to third parties.
When registering for the newsletter, we store your IP address and the date of the application. This storage serves solely for verifying that you are indeed the person who subscribed, and not a victim of a third party’s abuse, i.e., somebody else is using your email address and logs in without the knowledge of the person entitled to receive the newsletter.
You can cancel your newsletter subscription at any time by sending an email to support (at) pccaddie.com with the subject "Newsletter cancellation".
We use the so-called "double-opt-in" procedure for registration. After registering, you will receive an e-mail asking you to confirm the registration by clicking on a link. Only then you will be registered with us for our newsletter. This confirmation serves to prevent third parties from registering for a newsletter with your e-mail address. The registration process is logged for purposes of verification. The dispatch of the newsletter and the related performance measurement are based on your consent, in accordance with. Art. 6 para. 1 letter a) and Art. 7 EU-GDPR in accordance with § 7 para. 2 no. 3 UWG (UWG - Gesetz gegen den unlauteren Wettbewerb, German law on unfair competition), or on the basis of the statutory permission pursuant to Art. 7 para 3 UWG. The logging of the registration process is based on our legitimate interests in accordance with Art. 6 para. 1 letter f) EU-GDPR. Our interest is focused on the use of a user-friendly and secure newsletter system, which serves both our business interests and the expectations of the users, and also allows us to provide proof of consent for our own protection.
Range measurement with Matomo
Within the scope of Matomo’s range analysis and based on our legitimate interests, namely the interest in the analysis, optimization and economic operation of our website, the following data is processed in accordance with Art. 6 para. 1 letter f) EU-GDPR:
- the browser type and version you use,
- the operating system you use,
- your country of origin,
- date and time of the server request,
- the number of visits,
- your time spent on the website,
- and the external links you clicked.
The IP address of the users is anonymized before it is stored.
The logs with the data of the users will be deleted after a maximum of 6 months.
Integration of services and content provided by third parties
On the basis of our legitimate interests (i.e., interest in the analysis, optimization, and economical operation of our online offers within the meaning of Art. 6 para. 1 letter f) EU-GDRP), we make use of third-party content or service offerings, such as videos or fonts (collectively referred to as "content"), in order to improve our online presence.
This always assumes that the third-party providers of this content perceive the IP address of the users, since they could not send the content to the user’s browser without the IP address. The IP address is therefore required for the display of these contents. We endeavor to use only such content, whose respective providers use the IP address only for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information, such as visitor traffic, on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include, but is not limited to, technical information about the browser and operating system, referring web pages, time of visit, and other information regarding the use of our online offer.
Use of Facebook social plugins
This website uses social plugins (“plugins”) from the social network facebook.com which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins are identified by one of the Facebook logos (white “f” on blue tile or a “thumbs-up” sign) or are marked with the note “Facebook Social Plugin”. The list and the look of the Facebook social plugins can be found here: https://developers.facebook.com/docs/plugins.
If you call up one of our internet website pages which has a plugin of this kind, your browser sets up a direct link to the Facebook servers. Facebook transfers the content of the plugin directly to your browser, which embeds it into the website. This means that we have no influence over the extent of the data which Facebook obtains with the help of this plugin and we therefore inform you according to our information status:
Through integration of the plugin, Facebook obtains the information that you have called up the relevant page on our website. If you are logged on to Facebook, Facebook can associate the visit with your Facebook account. If you interact with the plugin, for example, by using the "Like" button or by posting a comment, your browser will send this information directly to Facebook, where it will be stored. If you are not a Facebook member, there is still the possibility for Facebook to find out and store your IP address. According to Facebook, they only store anonymised IP addresses from Germany.
For information on the purpose and extent of data captured and the further processing and use of data by Facebook, as well as your rights in this regard and turn-off options for the protection of your personal privacy, please refer to the Facebook data protection information: https://www.facebook.com/about/privacy/.
If you are a Facebook member and do not want Facebook to collect data about you via our website and link this with your data stored on Facebook, you need to log off from Facebook before visiting our website.
It is also possible to block Facebook social plugins and add-ons for your browser, for example, by using the "Facebook Blocker".
This offer uses the Twitter widgets. These widgets are provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. They can be recognized by terms such as "Twitter" or "Follow" in conjunction with a blue stylized bird. By using the Twitter widgets, it is possible to share a contribution or page of this Internet presence on Twitter or to follow the provider on Twitter.
Cancellation, changes, corrections and updates
You are entitled to information on any stored personal data relating to you, upon request. In addition, you have the right to correction, blockage and deletion of such personal data as provided for by law.