I Introduction
We are pleased that you visit our website. We respect your privacy. Data protection and data security when using our website are very important to us. With this data protection declaration we would like to inform you to what extent data is collected when you use our website and for what purposes we use this data. We would also like to inform you about your rights in this regard.
II General information
Below we provide information about the collection of personal data when using our website in accordance with Art. 13 GDPR. Personal data is all data that can be personally related to you, e.g. E.g. name, address, email addresses, user behavior.
The person responsible in accordance with Article 4 Paragraph 7 of the EU General Data Protection Regulation (GDPR) is
Chips 4 Light GmbH, Am Kühlen Kasten 8, 93161 Sinzing
www.chips4light.com/de/imprint/.
You can reach our data protection officer at:
Bugl & Colleagues Society for Data Protection and Information Security mbH, Alexander Bugl, Eifelstraße 55, 93057 Regensburg, email: kontakt@buglundkollegen.de
III Your rights
If you as a user process personal data, you are considered a data subject in accordance with the GDPR. Those affected have the following rights vis-à-vis the person responsible:
• Right to information (Article 15 GDPR)
• Right to correct or delete personal data (Articles 16, 17 GDPR)
• Right to restriction of processing (Article 18 GDPR)
• Right to notification in connection with the correction or deletion of your personal data or the restriction of processing (Article 19 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to revoke declarations of consent. The lawfulness of the data processing carried out until the revocation remains unaffected due to the previously valid consent. (Art. 7 Para. 3 GDPR)
• Right to complain to a supervisory authority (Article 77 GDPR)
Contact options for the supervisory authorities in the individual countries.
IV Hosting
The hosting services we use (services for operating and providing the website) serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, email delivery, security services and technical maintenance services, which we provide for for the purposes of operating this online offering.
In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data from customers, interested parties and visitors to this online offering based on our legitimate interests in the efficient and secure provision of this online offering in accordance with Art. 6 Para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of order processing contract).
V Access our website
When you use the website for purely informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you would like to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:
- IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the request (specific page)
– Access status/HTTP status code
– amount of data transferred in each case
– Website from which the request comes
– Browser
– Operating system and its interface
– Language and version of the browser software.
We may also use another service provider to be able to display the data protection declaration. An embedding code is used, via which your IP address is transmitted to the service provider (preeco GmbH).
We process your data for a limited time based on our legitimate interest in order to ensure that personal data is derived in the event of unauthorized access or attempted access to local servers and to be able to properly display the data protection declaration and download the fonts we use from our own server can (Art. 6 Para. 1 lit. f GDPR).
VI Use of cookies
In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive associated with the browser you are using and through which certain information flows to the place that sets the cookie (here us). They serve to make the Internet offering more user-friendly and effective overall.
We differentiate between two categories of cookies: (a) essential cookies, without which the functionality of our website would be limited and (b) optional cookies for website analysis and marketing purposes.
The use of optional cookies is based on your consent (Art. 6 Para. 1 lit. a GDPR).
In our cookie banner we describe the optional cookies used on this website in detail.
VII Google Analytics
a. Type and purpose of processing
This website uses Google Analytics, a web analysis service provided by the Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland. Google Analytics uses so-called “cookies”, i.e. text files that are stored on your computer and which enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, due to the activation of IP anonymization on these websites, your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other Google data. The purposes of data processing are to evaluate the use of the website and to compile reports on activities on the website. Further related services will then be provided based on the use of the website and the Internet.
b. Legal basis for processing
The data entered is processed based on the user’s consent (Art. 6 Para. 1 lit. a GDPR).
c. Data categories
• IP address (shortened/anonymized)
d. Recipient
• Employees of the IT and marketing department of your own company
• Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland
e. Storage periods
Data will only be processed in this context as long as the relevant consent is given. They will then be deleted unless there are legal retention requirements. To contact us in this context, please use the contact details provided at the beginning of this data protection declaration.
f. Legal / contractual requirement
The provision of your personal data is voluntary, solely based on your consent. If you prevent access, this may result in functional restrictions on the website.
G. Third country transfer
Processing outside the European Union (EU) or the European Economic Area (EEA) cannot be excluded.
H. Withdrawal of consent
You can revoke your consent to the storage of your personal data at any time with future effect.
You can prevent the storage of cookies by setting your browser software accordingly; However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the available browser plug-in: “ Browser add-on to deactivate Google Analytics”.
i. Automatic decision making and profiling
With the help of the tracking tool Google Analytics, the behavior of website visitors can be evaluated and their interests can be analyzed. For this purpose, we create a pseudonymous user profile.
VIII Google ReCaptcha
a. Type and purpose of processing
For the purpose of protecting against misuse of our web forms and against spam, we use the Google reCAPTCHA service in some forms on this website. By checking manual input, this service prevents automated software (so-called bots) from carrying out abusive activities on the website. This serves to protect our legitimate interests, which predominate in the context of a balancing of interests, in protecting our website from misuse and in ensuring that our online presence is displayed smoothly.
Google reCAPTCHA uses a code embedded in the website, a so-called JavaScript, as part of the verification process that enables an analysis of your use of the website, such as cookies. The automatically collected information about your use of this website, including your IP address, is usually transmitted to a Google server in the USA and stored there. In addition, other cookies stored in your browser by Google services are evaluated by Google reCAPTCHA.
Personal data is not read or saved from the input fields of the respective form.
b. Legal basis for processing
Processing is carried out in accordance with Article 6 Paragraph 1 Letter f of the GDPR based on our legitimate interest in improving the security and functionality of our website.
c. Data categories
IP address, browser, timestamp, etc.
d. Recipient
The recipients of the data are internal employees of the marketing and IT departments and Google as the processor.
e. Storage periods
Once we no longer use Google reCAPTCHA, the data collected in this context will be deleted.
f. Legal / contractual requirement
The provision of your personal data is based on our legitimate interest. Without providing your personal data, we cannot grant you access to the content and services we offer.
G. Third country transfer
Processing also takes place outside the European Union (EU) or the European Economic Area (EEA). In order to guarantee the level of data protection in this third country, we have concluded standard data protection clauses with Google.
H. Withdrawal of consent
You can prevent Google from collecting the data generated by JavaScript or the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by changing your browser settings prevent JavaScript or the setting of cookies. Please note that this may limit the functionality of our website for your use.
Further information about Google's data protection policy can be found here: https://policies.google.com/privacy.
i. Automated decision making and profiling
As a responsible company, we do not use automatic decision-making or profiling in this data processing.
IX Zoho ONE
a. Type and purpose of processing
On this website we use the ZOHO ONE offer from ZOHO Corporation GmbH, based in Trinkaustr. 7 in 40213 Düsseldorf. Personal data that you provide to us via a contact form, newsletter registration, email or other means will be processed and maintained by us with the help of Zoho in order to be able to offer a better service in various areas such as customer service or marketing.
b. Legal basis for processing
The legal basis for the integration of Zoho is our legitimate interest (Art. 6 Para. 1 lit. f) GDPR) in providing secure and efficient functionality of the website.
c. Data categories
IP address, location data, browser, etc...
d. Recipient
The recipients of the data are internal employees of the internal departments and Zoho as the processor.
e. Storage periods
In this context, the data is stored for the business relationship. They will then be deleted unless there are legal retention requirements. To contact us in this context, please use the contact details provided at the beginning of this data protection declaration.
f. Legal / contractual requirement
The provision of your personal data is based on our legitimate interest in avoiding functional restrictions on the website.
G. Third country transfer
Processing also takes place outside the European Union (EU) or the European Economic Area (EEA). In order to ensure the level of data protection in this third country, we have concluded standard contractual clauses with Zoho.
H. Possibility of objection
You have the right to object to the processing of your personal data at any time. You can inform us of your objection at any time using the contact option provided at the beginning of this data protection notice.
i. Automated decision making and profiling
As a responsible company, we do not use automatic decision-making or profiling in this data processing.
XI online presence in social media
We maintain online presences within social networks in order to inform users active there about our services and, if they are interested, to communicate directly via the platforms. We are currently represented in the following networks:
https://www.linkedin.com/company/chips-4-light-gmbh/
https://www.facebook.com/Chips4Light/
All of our social media channels can only be accessed by website visitors via an external link. We do not use any plugins or other interfaces on our website that the respective networks offer to embed the offers on websites.
We have no influence on the collection of data and its further use by social networks. There is no information about the extent, where and for how long the data is stored, the extent to which the networks comply with existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on. We therefore expressly point out that user data (e.g. personal information, IP address) is stored by the network operators in accordance with their data usage guidelines and used for business purposes.
We process the data of users on social media presences insofar as they contact and communicate with us via comments or direct messages, for example.
The legal basis for processing the user's data is Article 6 Paragraph 1 Letters b and f GDPR.
• LinkedIn
• Facebook
No functions or content from the LinkedIn service, offered by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, are integrated into our online offering. The LinkedIn channels can only be accessed via an external link. If the visitors to our website are members of the LinkedIn platform, LinkedIn can assign the access to the social media channel to the user's profile there if the user accesses the LinkedIn profile when logged in visited. We would like to point out that we have no influence on the content or extent of use of the data collected by LinkedIn. For further information in this regard, we refer to LinkedIn's data protection declaration: https://de.linkedin.com/legal/privacy-policy
You can access the social media network Facebook via external links on our website. All functions in the social media network are offered by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. The Facebook channels can only be accessed via an external link. If you are logged in to Facebook with your own profile and access our social media channel, Facebook can assign your visit to your logged in profile. If you do not want your user account to be assigned to your IP address, please log out of your Facebook account before using our website.
For further information on the processing of your data, we refer to Facebook's privacy policy: https://facebook.com/privacy/explanation and our https://www.facebook.com/Chips4Light/
XII Facebook fan page
{Company} operates an online presence on Facebook, a so-called Facebook fan page. When you visit our fan page, the following additional information on data processing applies. Information about data protection on Facebook in general can be found here (https://www.facebook.com/about/privacy/).
1. Joint responsibility, contact details, company data protection officer:
In accordance with Art. 26 GDPR, we are jointly responsible with Facebook for the operation of our Facebook fan page. For this purpose, we have entered into an agreement with Facebook specifying who fulfills which obligations with regard to data protection. This agreement can be accessed here (https://www.facebook.com/legal/terms/page_controller_addendum). Facebook is then primarily responsible for providing the data subject with information about the joint processing and for enabling them to exercise their data protection rights. Regardless of this, we hereby inform you about your visit to our fan page.
Our contact details are:
Chips 4 Light GmbH
Am Kühlen Kasten 8
93161 Viehhausen
inf0@chips4light.com
You can reach Facebook at:
Meta Platforms Ireland Ltd.
4 Grand Canal Square,
Grand Canal Harbor,
Dublin 2, Ireland
You can reach Facebook online here (https://www.facebook.com/legal/terms?ref=pf)
You can reach our company data protection officer at:
Bugl & Colleagues Society for Data Protection and Information Security mbH
Alexander Bugl
Eifelstrasse 55
93057 Regensburg
Email: kontakt@buglundkollegen.de
You can reach Facebook's data protection officer at
https://www.facebook.com/help/contact/540977946302970.
2. Collection and storage of personal data as well as type and purpose and their use:
a) Data collected by Facebook:
If you are a Facebook user, Facebook collects the data described in the Facebook Data Policy under “What types of information do we collect?” If you are not a Facebook user, cookies containing identifiers, small text files, may still be stored in your browser, which enable so-called tracking of your user behavior.
As a rule, user data when you visit Facebook is also processed by Facebook for market research and advertising purposes. Based on user behavior (including when visiting our fan page), complex user profiles are created that Facebook can use to show visitors personalized advertisements inside and outside of Facebook. Further information can also be found in the Facebook data policy.
If you do not agree to this, you can object here (opt-out).
b) Data we use (“page insights”) and legal basis:
Facebook provides us with statistics and usage data that we can use to analyze the use of our fan page (so-called “page insights”). This enables us to continually improve our offering on Facebook. We as operators do not make any decisions regarding the processing of Insights data and any other information resulting from Art. 13 GDPR, such as the storage period of cookies on user devices. The primary responsibility under the GDPR for the processing of Insights data lies with Facebook and Facebook fulfills all obligations under the GDPR with regard to the processing of Insights data.
As the site administrator, we have no other way to evaluate user behavior on our fan page, including through user tracking. It is also fundamentally not possible for us to identify the visitor to the fan page based on the page insights. In particular, under the agreement, we have no right to require Facebook to disclose individual visitor data. Identification is only possible for us if we can assign individual profile pictures to “like” information for the page; but only if our fan page has been marked “like” by the corresponding visitor and the “like” information is set to “public”.
You can find out what information Facebook uses to create page insights here.
The operation of the Facebook fan page and the use of the page insights serves our legitimate interest in effective external representation and efficient communication with our customers and interested parties. This interest justifies the operation of the site both in relation to the legitimate interests of Facebook users and in relation to visitors to our fan page who do not have a Facebook account. The legal basis is therefore Article 6 Paragraph 1 Letter f) GDPR.
3. Transfer of data to third parties:
Data collected by Facebook is exchanged and processed within the entire Facebook group. The Facebook Group also includes Instagram, WhatsApp and Oculus. For example, information collected via Facebook is used to show the user personalized advertising on Instagram, or information from WhatsApp is used to take action on Facebook against accounts that send spam via WhatsApp. This information can be found in the Facebook Data Policy under “How do the Facebook companies work together?”
When Facebook processes data, it may happen that user data is transferred outside the European Economic Area (EEA), particularly the USA.
4. Right to object:
If your personal data is processed on the basis of legitimate interests in accordance with Article 6 (1) (f) GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR, provided there are reasons for this Your particular situation arises or the objection is directed against direct advertising. In the latter case, you have a general right to object, which we will implement without specifying a special situation. If you would like to exercise your right of withdrawal or objection, simply send an email.
5. Rights of those affected:
You have the right to withdraw your consent to us at any time. This means that we are no longer allowed to continue data processing based on this consent in the future. In addition, you have the right to information in accordance with Art. 15 GDPR, the right to correction in accordance with Art. 16 GDPR, the right to deletion in accordance with Art. 17 GDPR, the right to restriction of processing in accordance with Art. 18 GDPR, and the right Data portability from Art. 20 GDPR. There is also a right to lodge a complaint with a responsible data protection supervisory authority (Article 77 GDPR).
In principle, you can assert your data subject rights against both Facebook and us. Since only Facebook has direct access to your user data, you can most effectively assert your data subject rights against Facebook.
XIII Newsletter
a. Type and purpose of processing
Your data will only be used to send you the newsletter you subscribed to by email. Your name is provided so that we can address you personally in the newsletter and, if necessary, identify you if you want to exercise your rights as a data subject. To receive the newsletter, it is sufficient to provide your email address. When you register to receive our newsletter, the data you provide will be used exclusively for this purpose. Subscribers can also be informed by email about circumstances that are relevant to the service or registration (e.g. changes to the newsletter offer or technical circumstances). For effective registration we need a valid email address. The processing of the data is based on our legitimate interest in the effective processing of the inquiries addressed to us The data is used exclusively for sending newsletters and is not passed on to third parties.
b. Legal basis for processing
Based on your expressly given consent (Art. 6 Para. 1 lit. a GDPR, Art. 7 GDPR in conjunction with Section 6 TTDSG), we will regularly send you our newsletter or comparable information by email to the email address you provided .
c. Data categories
Name, Email, ....
d. Recipient
Recipients of the data are internal employees of the department {departments}.
e. Storage periods
The data will only be processed in this context as long as the relevant consent is given. They will then be deleted.
f. Legal / contractual requirement
The provision of your personal data is voluntary, solely based on your consent. Unfortunately, we cannot send you our newsletter without your consent.
G. Third country transfer
The processing does not take place outside the European Union (EU) or the European Economic Area (EEA).
H. Withdrawal of consent
You can revoke your consent to the storage of your personal data and its use for sending newsletters at any time with effect for the future. There is a corresponding link in every newsletter. You can also unsubscribe directly on this website at any time or inform us of your revocation using the contact option provided at the end of this data protection notice.
i. Automated decision making and profiling
As a responsible company, we do not use automatic decision-making or profiling in this data processing.
XIV Information requirements in the application process
a. Type and purpose of processing
We process the applicant data only for the purpose and as part of the application process in accordance with the legal requirements. The processing of applicant data is carried out to fulfill our (pre-)contractual obligations as part of the application process, if the data processing is necessary for us, for example in the context of legal proceedings.
The application process requires that applicants provide us with their applicant data. If we offer an online form, the necessary applicant data is marked; otherwise it can be found in the job descriptions and, in principle, this includes personal information, postal and contact addresses and the documents associated with the application, such as a cover letter, CV and certificates. Applicants can also voluntarily provide us with additional information. By submitting their application to us, applicants agree to the processing of their data for the purposes of the application process in the manner and scope set out in this data protection declaration. If provided, applicants can submit their applications to us using an online form on our website. The data is transmitted to us in encrypted form in accordance with the state of the art. Applicants can also send us their applications via email {application email address}. However, we ask you to note that emails are generally not sent encrypted and applicants must ensure encryption themselves. We cannot therefore assume any responsibility for the transmission path of the application between the sender and receipt on our server and therefore recommend using an online form or sending it by post. If the application is successful, the data provided by the applicants can be further processed by us for the purposes of the employment relationship.
b. Legal basis for processing
The processing of your data primarily serves to establish the employment relationship in accordance with Art. 88 Para. 1 GDPR in conjunction with. V. m. § 26 para. 1 BDSG.
c. Data categories
{Data Categories}
If special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are voluntarily communicated as part of the application process, their processing will also take place in accordance with Art. 9 Para. 2 lit. b GDPR (e.g. health data, such as severely disabled status or ethnic origin). .
d. Recipient
Recipients of the data are internal employees of the {departments/s}
e. Storage periods
The deletion will take place, subject to a legitimate revocation by the applicant, after a period of {number of months} month(s) has elapsed, so that we can answer any follow-up questions about the application and meet our obligations to provide proof under the Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax law requirements.
f. Legal / contractual requirement
Providing your personal data beyond the storage period, e.g. in order to be included in our applicant pool, is voluntary and based solely on your consent. You can revoke this consent to the storage of your personal data at any time with effect for the future.
G. Third country transfer
The processing does not take place outside the European Union (EU) or the European Economic Area (EEA).
H. Withdrawal of consent
If the application for a job offer is not successful, the applicant's data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. You can revoke your consent to the storage of your personal data beyond the storage period at any time with effect for the future. You can inform us of your revocation at any time using the contact option provided at the beginning of this data protection notice.
i. Automated decision making and profiling
As a responsible company, we do not use automatic decision-making or profiling in this data processing.