1.1
We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of evolutiq GmbH. The use of the Internet pages of evolutiq GmbH is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the evolutiq GmbH. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.
As the controller, the evolutiq GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.
1.2
The controller in charge of data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is evolutiq GmbH, Vitalisstraße 67, 50827 Köln, Deutschland, Tel.: +49 221 292 973 30, E-Mail: info@evolutiq.com. The controller in charge of the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
1.3
The controller has designated a data protection officer for this website. She can be reached as follows: Fachanwältin für IT-Recht Nicole Hencinski, DIGIT@ LAW Rechtsanwälte, Mittelstraße 12-14, 50672 Köln, kanzlei@digita-law.de.
2.1
The data protection declaration of evolutiq GmbH is based on the terms used by the European guideline and regulation provider when issuing the General Data Protection Regulation (DS-GVO). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
2.2
We use the following terms, among others, in this data protection declaration:
a) Personal data is all information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject: any identified or identifiable natural person whose personal data is processed by the controller.
c) Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing is the marking of stored personal data with the aim of limiting its processing in the future.
e) Profiling is any form of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or change of location of this natural person.
f) Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data is not assigned to an identified or identifiable natural person.
g) Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
h) Processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
i) Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, authorities which may receive personal data in the context of a specific investigation mandate under Union or national law shall not be considered as recipients.
j) Third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data.
k) Consent shall mean any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
3.1
When using our website for information only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:
Data processing is carried out in accordance with Art. 6 (1) point f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files subsequently, if there are any concrete indications of illegal use.
3.2
This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the character string https:// and the lock symbol in your browser line.
For the hosting of our website and the presentation of the page content, we use a provider that provides its services itself or through selected subcontractors exclusively on servers within the European Union.
All data collected on our website is processed on these servers.
We have concluded an order processing contract with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorised disclosure to third parties.
In order to make your visit to our website more attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your end device. In some cases, these cookies are automatically deleted again after the browser is closed (so-called “session cookies”), in other cases, these cookies remain on your end device for longer and allow page settings to be saved (so-called “persistent cookies”). In the latter case, you can find the duration of the storage in the overview of the cookie settings of your web browser.
If personal data is also processed by individual cookies set by us, the processing is carried out either in accordance with Art. 6 (1) point b GDPR for the performance of the contract, in accordance with Art. 6 (1) point a GDPR in the case of consent given or in accordance with Art. 6 (1) point f GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.
You can set your browser in such a way that you are informed about the setting of cookies and you can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general.
Please note that the functionality of our website may be limited if cookies are not accepted.
6.1 Calendly
For the provision of an online appointment booking function, we use the services of the following provider: Calendly, LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA
For the purpose of making an appointment, your first name, surname and e-mail address (and telephone number, if a telephone appointment is requested) are collected in accordance with Art. 6 (1) point b GDPR and transferred to the provider in accordance with Art. 6 (1) point f GDPR on the basis of our legitimate interest in effective customer management and efficient appointment management and stored there for the purpose of organising the appointments.
After the appointment has been held or after the agreed appointment period has expired, your data will be deleted by the provider.
We have concluded an order processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.
For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
6.2 Pipedrive
For the provision of an online appointment booking function, we use the services of the following provider: Pipedrive OÜ, Mustamäe tee 3a, Tallinn, 10615, Estonia
For the purpose of making an appointment, your first name, surname and e-mail address (and telephone number, if a telephone appointment is requested) are collected in accordance with Art. 6 (1) point b GDPR and transferred to the provider in accordance with Art. 6 (1) point f GDPR on the basis of our legitimate interest in effective customer management and efficient appointment management and stored there for the purpose of organising the appointments.
After the appointment has been held or after the agreed appointment period has expired, your data will be deleted by the provider.
We have concluded an order processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.
6.3
When you contact us (e.g. via contact form or e-mail), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for establishing contact and for the associated technical administration.
The legal basis for processing data is our legitimate interest in responding to your request in accordance with Art. 6 (1) point f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) point b GDPR. Your data will be deleted after final processing of your enquiry; this is the case if it can be inferred from the circumstances that the facts in question have been finally clarified, provided there are no legal storage obligations to the contrary.
7.1 Microsoft Teams
We use this provider to conduct online meetings, video conferences and/or webinars: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA
The provider processes different data, whereby the scope of the processed data depends on the data you provide before or during the participation in an online meeting, video conference or webinar. Your data as a communication participant is processed and stored on servers of the provider. This may include, in particular, your registration data (name, e-mail address, telephone number (optional) and password) and session data (topic, participant IP address, device information, description (optional)). In addition, participants’ image and sound contributions as well as voice input in chats may be processed.
For the processing of personal data that is necessary for the performance of a contract with you (this also applies to processing operations that are necessary for the implementation of pre-contractual measures), Art. 6 (1) point b GDPR serves as the legal basis. If you have given us your consent to process your data, the processing is based on Art. 6 (1) point a GDPR. You can revoke your consent at any time with effect for the future.
In addition, the legal basis for data processing when conducting online meetings, video conferences or webinars is our legitimate interest pursuant to Art. 6 (1) point f GDPR in the effective conduct of the online meeting, webinar or video conference.
We have concluded an order processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.
For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
7.2 Microsoft Forms
We use the services of the following provider to conduct surveys or for online forms: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
In addition to a transfer of data to the above-mentioned provider location, data may also be transferred to: Microsoft Corporation, USA
The provider enables us to design and analyse surveys and online forms. In addition to the personal data that you enter into the forms, information on your operating system, browser, date and time of your visit, referrer URL and your IP address is also collected, transferred to the provider and stored on the provider’s servers.
The information you enter in the forms is stored under password protection to ensure that third party access is excluded and that only we can analyse the data for the purpose specified in the form.
For the processing of personal data that is necessary for the performance of a contract with you (this also applies to processing operations that are necessary for the implementation of pre-contractual measures), Art. 6 (1) point b GDPR serves as the legal basis. If you have given us your consent for the processing of your data, the processing is based on Art. 6 (1) point a GDPR. Consent given can be revoked at any time with effect for the future.
We have concluded an order processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.
For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
7.3 Applications for job advertisements using a form
On our website, we offer those interested in a job the possibility to apply online using an appropriate form. In order to be included in the application process, applicants must provide us with all personal data required for a well-founded and informed assessment and selection.
The required data includes general personal information (name, address, telephone or electronic contact details) as well as performance-specific evidence of the qualifications required for a position. Where appropriate, health-related information may also be required, which, in the interests of social protection, must be given special consideration in the applicant’s own person under labour and social law.
In the course of sending the form, the applicant’s data will be encrypted according to the state of the art, transmitted to us, stored by us and evaluated exclusively for the purpose of processing the application.
The legal basis for these processing operations is generally Art. 6 Para. 1 lit. b, in the sense of which passing through the application procedure is considered to be the initiation of an employment contract.
Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g. health data such as information on the status of severely disabled persons) are requested from applicants in the context of the application procedure, processing is carried out in accordance with Art. Art. 9 para. 2 lit. b. GDPR so that we can exercise the rights arising from labour law and social security and social protection law and fulfil our obligations in this respect.
Cumulatively or alternatively, the processing of the special categories of data may also be based on Art. 9 para. 1 lit. h GDPR, if it is carried out for purposes of preventive health care or occupational medicine, for the assessment of the applicant’s ability to work, for medical diagnosis, care or treatment in the health or social field or for the management of systems and services in the health or social field.
If, in the course of the evaluation described above, the applicant is not selected, or if an applicant withdraws his or her application prematurely, the data submitted on the application form will be deleted after 6 months at the latest after notification. This period is calculated on the basis of our legitimate interest in being able to answer any follow-up questions about the application and, if necessary, to comply with our obligation to provide evidence in accordance with the regulations on the equal treatment of applicants.
In the event of a successful application, the data provided will be further processed on the basis of Art. 6 para. 1 lit. b GDPR for the purposes of the employment relationship.
8.1 Cookie Consent Tool
This website uses a so-called “cookie consent tool” to obtain effective user consent for cookies and cookie-based applications that require consent. The “cookie consent tool” is displayed to users when they visit the site in the form of an interactive user interface on which consent for certain cookies and/or cookie-based applications can be given by ticking the appropriate boxes. When the tool is used, all cookies/services requiring consent are only loaded if the respective user gives their consent by ticking the appropriate box. This ensures that such cookies are only set on the respective user’s device if consent has been given.
The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this process.
If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 (1) point f GDPR, on the basis of our legitimate interest in a legally compliant, user-specific and user-friendly consent management for cookies and, consequently, in a legally compliant design of our website.
Another legal basis for the processing is Article 6(1)(c) GDPR. As the controller, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.
Where necessary, we have concluded a data processing agreement with the provider that ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.
Further information about the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.
8.2 – DATEV
For the execution of the accounting, we use the service of the cloud-based accounting software of the following provider: DATEV eG, Paumgartnerstr. 6-14, 90429 Nuremberg, Germany
The provider processes incoming and outgoing invoices and, if applicable, also the bank transactions of our company in order to automatically record invoices, match them to the transactions and create the financial accounting from this in a semi-automated process.
Insofar as personal data is also processed in this context, the processing is carried out in accordance with Art. 6 (1) point f GDPR on the basis of our legitimate interest in the efficient organisation and documentation of our business transactions.
8.3 – Candis
For the execution of the accounting, we use the service of the cloud-based accounting software of the following provider: Candis GmbH, Schönhauser Allee 180, 10119 Berlin, Germany
The provider processes incoming and outgoing invoices and, if applicable, also the bank transactions of our company in order to automatically record invoices, match them to the transactions and create the financial accounting from this in a semi-automated process.
Insofar as personal data is also processed in this context, the processing is carried out in accordance with Art. 6 (1) point f GDPR on the basis of our legitimate interest in the efficient organisation and documentation of our business transactions
8.4 – DocuSign
We use the services of the following provider for the digital signing of documents:
DocuSign Inc., 221 Main St., San Francisco, CA 94105, USA (“DocuSign”). For this purpose, DocuSign processes the data you enter when using the service, as well as usage data from your device and transaction-related data. The legal basis is Art. 6 Para. 1 S. 1 lit. b) and f) GDPR. DocuSign stores all personal data on servers within the EU. The contract concluded with DocuSign International (EMEA) Limited, 5 Hanover Quay, Grand Canal Dock, Dublin | D02 VY79, Ireland, guarantees this.
For more information about DocuSign’s data processing, please refer to DocuSign’s privacy policy at https://www.docusign.de/datenschutzerklaerung/datenschutz. To ensure a high level of data protection and so-called appropriate safeguards, DocuSign has issued binding internal data protection regulations in accordance with Art. 47 GDPR, which can be viewed at https://www.docusign.com/trust/privacy/binding-corporate-rules. We store your personal data for as long as is necessary to fulfill legal and contractual obligations. If storage of the data is no longer necessary for the fulfillment of contractual or legal obligations, the data will be deleted.
9.1
The applicable data protection law grants you the following comprehensive rights of data subjects (rights of information and intervention) vis-à-vis the data controller with regard to the processing of your personal data:
9.2 Right to object
If, within the framework of a consideration of interests, we process your personal data on the basis of our predominant legitimate interest, you have the right at any time to object to this processing with effect for the future on the grounds that arise from your particular situation. If you exercise your right to object, we will stop processing the data concerned. However, we reserve the right to further processing if we can prove compelling reasons worthy of protection for processing which outweigh your interests, fundamental rights and freedoms, or if the processing serves to assert, exercise or defend legal claims. If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data which are used for direct marketing purposes. You may exercise the objection as described above. If you exercise your right to object, we will stop processing the data concerned for direct advertising purposes.
The duration of the storage of personal data is based on the respective legal basis, the purpose of processing and – if relevant – on the respective legal retention period (e.g. commercial and tax retention periods).
If personal data is processed basis on an express consent pursuant to Art. 6 (1) point a GDPR, this data is stored until the data subject revokes his consent.
If there are legal storage periods for data that is processed within the framework of legal or similar obligations on the basis of Art. 6 (1) point b GDPR, this data will be routinely deleted after expiry of the storage periods if it is no longer necessary for the fulfillment of the contract or the initiation of the contract and/or if we no longer have a justified interest in further storage.
When processing personal data on the basis of Art. 6 (1) point f GDPR, this data is stored until the data subject exercises his right of objection in accordance with Art. 21 (1) GDPR, unless we can provide compelling grounds for processing worthy of protection which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
If personal data is processed for the purpose of direct marketing based on Art. 6 (1) point f GDPR, this data is stored until the data subject exercises his right of objection pursuant to Art. 21 (2) GDPR.
Unless otherwise stated in the information contained in this declaration on specific processing situations, stored personal data will be deleted if it is no longer necessary for the purposes for which it was collected or otherwise processed.