acandis

2. Basic principles

We collect and process your personal data in compliance with the relevant legal provisions, in particular the General Data Protection Regulation (hereinafter "GDPR") and the Federal Data Protection Act (hereinafter "BDSG") and in accordance with the following provisions.

3. Terms

3.1. Personal data

Personal data is any information about an identifiable or identified natural person. This includes, for example, name, address, telephone number, email address, IP address, username, password or information about which web pages were accessed by a visitor.

3.2. Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the responsible person or their processor.

3.3. Processing

Processing is any operation or set of operations which is performed on personal data, whether or not by automatic means. This includes collecting, recording, organising, arranging, storing, adapting or modifying, reading, retrieving, using, disclosing by transmission, dissemination or any other form of making available, matching or linking, restricting, deleting or destroying.

3.4. Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

3.5. Responsible party

The responsible party is the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data.

3.6. Order processor

The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the responsible party.

3.7. Recipient

The recipient is any natural or legal person, public authority, agency or other body to whom personal data is disclosed, whether or not that person is a third party.

3.8. Third party

Third parties shall mean any natural or legal person, public authority, agency or body other than the data subject, the responsible party, the processor and the persons who, under the direct authority of the responsible party or the processor, are authorised to process personal data.

3.9. Consent

Consent shall mean any freely given unambiguous and informed indication of the data subject”™s wishes in a specific case, in the form of a statement or any other unambiguous consenting act by which the data subject signifies their consent to the processing of personal data relating to them.

4. Collection, processing and use of your personal data

We only collect, process and use your personal data if you have given your prior consent or if this is legally permissible or we are legally required to do so. If it is sufficient for the stated purpose to use anonymised or pseudonymised data, we restrict ourselves exclusively to the collection and use of this data.

4.1. Log files

Each time our website is accessed, certain usage data is transmitted by the respective Internet browser and stored in log files, the so-called server log files, and deleted after leaving the website. The following data is affected:
• Date and time of your access to our website
• IP address of the requesting computer
• Name and URL of the retrieved file
• Message about whether the retrieval was successful
• Identification data of the browser and operating system used
This data is collected and processed for the purpose of enabling you to use our website (connection establishment), to ensure system security, to technically manage the network infrastructure, to provide information to law enforcement authorities in the event of a cyber attack or misuse, and to optimise our services.
This data is deleted after you leave our website - subject to any legal or official retention obligations.
The legal basis for the collection, storage and use of this data is our legitimate interest in being able to provide you with the information on our website without interruption and to guarantee the necessary security (Art. 6 para. 1 sentence 1 f) DSGVO).

4.2. Contact

If you contact us via the contact form, we record and process the form of address you choose, your surname, first name, email address, the subject of your message and your message in order to address you correctly, to assign your message and to reply to it.
When you contact us by email, we collect, store and process your email address, your name and the content of your message. If you provide your address and other contact details, we also store and process this data.
Please note that this additional data, which you provide voluntarily, is not necessary for us to answer your messages and please check carefully whether you wish to provide us with this data.
We store and use your personal data for the purpose of answering your questions and processing your messages or other questions or communications.
After communication with you has ended, this data will be deleted - subject to any legal or official retention obligations or the legality of the processing of the data on another legal basis.
The legal basis for the processing of your personal data is our legitimate interest in being able to communicate with you in order to responds to your messages (Art. 6 para. 1 sentence 1 f) GDPR).

4.3. Application

If you send us your application by post or email, we will collect, store and process the contact data you provide, such as your name, address, telephone number, fax number and email address, in order to use them for communication with you in the application process. Your complete application documents as well as other documents provided by you within the scope of the application procedure and our documents will be stored confidentially and access-protected. Paper documents shall also be stored in a manner that ensures access and security.
If you have provided us with your documents in paper form, we will return the original documents to you immediately after completion of the application process if no employment contract is concluded. At the latest six months after sending our notification, your data will be deleted and the paper copies professionally destroyed and disposed of, unless you have explicitly agreed (according to Art. 6 Abs. 1 S. 1 lit. of DSGVO) to the further storage of your data for the reason of consideration for a future vacant positions. Of course we will proceed in the same way if you inform us that you wish to withdraw your application. After successful completion of the application process, we will use and process your documents and data within the scope of the employment relationship. You will receive separate information on this.
The legal basis for the collection and processing of your data is the need for a decision to establish an employment relationship (Art. 6 para. 1 sentence 1 b) GDPR; Art. 26 para. 1 sentence 1 b) BDSG) and our legitimate interest in its use for the purpose of the proper conduct of the application process (Art. 6 para. 1 sentence 1 f) GDPR).

4.4. Protected information area

As a customer you will be sent by email the access data to our protected information area. By entering the access data you can log into the information area and view and download information material, brochures etc.
The legal basis for the processing of your personal data is our legitimate interest in informing you as our customer about our offers and our products (Art. 6 para. 1 sentence 1 let. f) GDPR).

4.5. Cookies

Cookies are very small text files used by websites, which your browser stores on your computer and which can send certain information to us or, if applicable, to third parties.
Transient cookies are automatically deleted when you close the browser. This includes in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the shared session. This enables your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
Persistent cookies are automatically deleted after a certain period of time, which can vary depending on the cookie. In contrast to transient cookies, deletion does not occur automatically when the browser is closed. However, you can delete the cookies at any time in the security settings of your browser.
We use cookies which are absolutely necessary to provide a service expressly requested by the user ("necessary cookies") within the scope of our legitimate interest in the provision and operation of the website on the basis of Art. para. 6 1 sentence 1 let. f GDPR. The following necessary cookies are set when you visit our website:
• Name: PHPSESSID; Purpose: technically necessary for the operation of the website, e.g. to store language selection and login details. Storage period: until the end of the session
• Name: piwik_ignore; Purpose: deactivation of statistical collection by our statistics tool "Matomo" (optional cookie the storage of which must first be activated by the user. Storage period: 2 years)
In addition, other information is stored on or retrieved from your device that is not absolutely necessary to provide a service explicitly requested by the user. Such storage or access is only carried out if you grant your consent. Details of the type of information, the purpose of processing, the storage period of the information and possible recipients of the data will be provided in the further course of this privacy policy. Through your browser settings, you can refuse cookies, delete them from your computer, block them or activate the function that you are always asked before a cookie is set. Accepting cookies is not a requirement for visiting our website. However, we would like to point out that you may only have restricted access to the information we provide if you disable cookies. In particular, we point out that the complete deletion of your cookies means that the opt-out cookie for the Matomo tracking tool (see point 4.8.) is also deleted and you may need to be reactivate it.
In the following we show you an example of how you can deactivate cookies:

Example in Internet Explorer browser:
1. Open Internet Explorer.
2. Select "Internet Options" from the "Tools" menu.
3. Click on the "Privacy" tab.
4. Now you can set whether cookies should be accepted, selected or rejected.
5. Press "OK" to confirm your setting.

Example in Firefox browser:
1. Open the Firefox browser.
2. Select the "Settings" item in the "Tools" menu.
3. Click on the "Privacy" tab.
4. From the drop-down menu, select "Create according to custom settings".
5. Now you can set whether to accept cookies, how long you want to keep these cook-ies and you can add as exceptions which websites you always or never want to allow cookies to be used.
6. Press "OK" to confirm your setting.

Example in the Safari browser:
1. Open the Safari browser.
2. Select "Settings" in the toolbar (symbol: grey gear wheel in the upper right corner) and click on "Privacy".
3. Under "Accept Cookies" you can set whether and when Safari should accept cookies from websites. For further information click on "Help" (?).
4. If you would like more information about the cookies stored on your computer, click on "Show cookies".

4.6. Web analysis/tracking tools

We use the Matomo tracking tool, open source software, to ensure the needs-based design and continuous optimisation of our website and to statistically record the use of our website for marketing purposes and to use this information for the purpose of optimising our offer for you.
We use Matomo exclusively with shortened IP addresses (shortened by the last two subnets); a direct personal reference is therefore excluded. The IP address transmitted by your browser via Matomo is not merged with other data collected by us.
If you do not agree to the storage and evaluation of this data from your visit to our website in the future, you can object to the storage and use of this data at any time with a mouse click. In this case a so-called opt-out cookie is stored in your browser, which means that Matomo does not collect any session data. Please note that the complete deletion of your cookies means that the opt-out cookie is also deleted and may need to be reactivated by you:
The information is used to evaluate the use of the website, to prepare reports on website activities and to provide other services associated with the use of the website and the Internet for the purposes of market research and the demand-oriented design of these Internet pages. The data can also be used to create and evaluate pseudonymised user profiles. The information generated by the cookie in the pseudonymous user profile is not used to personally identify the visitor to this website and is not merged with personal data about the bearer of the pseudonym.
The legal basis for the processing of your data by us is our legitimate interest in statistically evaluating our website for marketing purposes in order to optimise our offer and make it meet your needs (Art. 6 para. 1 sentence 1 f) GDPR).

4.7. Google Web Fonts

This website uses so-called web fonts for the uniform presentation of fonts. When you view a page, your browser loads the required web fonts into the browser cache to display text and fonts correctly. The web fonts are downloaded from our local servers as they are only locally integrated. Your data will not be passed on to third parties, especially not to Google. Legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f DSGVO.

4.8. YouTube

On our site we occasionally use the provider YouTube, a provider of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland.
LLC , 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for the integration of videos.
YouTube makes it possible to obtain precise information about the surfing behaviour of users (so-called user tracking): When a YouTube video is called up, the user”™s browser establishes a direct connection with the YouTube servers. As a result, user information, including without limitation the IP address, is sent to YouTube and YouTube is notified that the user has visited the relevant page. If the user is logged into YouTube at the same time, YouTube may associate the visit to the site with the user”™s account. If the user wants to prevent this, they must first log out of YouTube before watching a video.
But even in cases where the user is not a member of YouTube, a data transfer to YouTube takes place when a video is called up.
Further details on the purpose and scope of data collection, processing and use by the social networks and the respective rights of the user, as well as the options for protecting privacy via the profile/account settings, can be found in the Google (YouTube) privacy policy.
Information on data protection can be found at: https://policies.google.com/privacy?hl=de&gl=de..
Shariff solution:
We would like to give you the opportunity to watch YouTube videos. At the same time, however, we would like to protect you as a visitor to our website as much as possible from passing on your data without your consent. A concrete transfer of your data to YouTube should only be possible if you agree to the data transfer. This is why we use the c”™t Shariff project developed by the magazine publisher Heise as a standard and to protect your data. With Shariff, you can watch YouTube videos on our website without your browsing behaviour being visible to YouTube at the same time.
The Shariff button only connects to YouTube when you become active and click the button. Only from this point on will your user data be transmitted to the respective network in the USA or other third countries and stored there as described above. YouTube cannot collect any data from you before then. For more information about the c”™t Shariff project please click here: https://www.heise.de/ct/ausgabe/2014-26-Social-Media-Buttons-datenschutzkonform-nutzen-2463330.html.
.
The legal basis for this collection and processing of your data is our legitimate interest in making selected YouTube videos available to you on our website (Art. 6 para. 1 sentence 1 f) GDPR) and your consent (Art. 6 para. 1 sentence 1 a) GDPR). For the revocation of your consent we refer to our statements under point 7.

4.9. Fan pages

In order to provide customers, partners or other interested parties with up-to-date information and to get in contact with them, we have so-called "fan pages" in the social networks Facebook, Twitter, LinkedIn, XING and YouTube in addition to our own website
The data processing is carried out by the provider of the social media platform. Data processing outside the European Union cannot be excluded. The operator of the platform may provide us with aggregated usage data, but we have no access to personal data if you only visit the fan page.
The legal basis for data processing is Art. 6 para. 1 let. f) GDPR. In the case of consent in the form of an opt-in ("tick", "activate button") or some other form of obtaining consent, the legal basis is Art. 6 para. 1 let. a) GDPR. Consent can be revoked at any time without giving reasons to the person to whom it was given, with effect for the future.
Since the data processing is carried out by the operator of the platform, we recommend that you contact the respective operator of the platform to discover your rights to notification, correction, deletion and porting of data and objection regarding your visit to our fan site. Of course we will support you in exercising your rights, if necessary.
In addition, under certain circumstances cookies may be set on your device. The purposes and legal basis for the use of cookies are explained in "Cookies" in this privacy policy or in the privacy policy of the provider of the platform.
You can find more information at the following links:
• Facebook: Facebook Ireland, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland („Facebook Ireland“).
When visiting our Facebook fan page, according to Facebook, personal data is processed as explained at the following link:
https://www.facebook.com/legal/terms/information_about_page_insights_data.
Further information can be found at: https://www.facebook.com/legal/terms/page_controller_addendum und unter: http://www.facebook.com/policy.php.
• Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Irland; https://twitter.com/privacy.
• LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland; http://www.linkedin.com/legal/privacy-policy.
• XING SE, Dammtorstraße 30, 20354 Hamburg; further information can be found at: https://privacy.xing.com/de/datenschutzerklaerung.
• Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland; further information can be found at: https://policies.google.com/privacy?hl=de&gl=de.

4.10. Order processing/data transfer

4.10.1 . Order processing

Without prejudice to other provisions, we reserve the right to transfer your data to processors on the basis of the above legal bases (e.g. within the scope of computer support, newsletter dispatch, direct mail, hosting or the professional destruction of files and data). There are always agreements on order processing with the service providers commissioned in this way. These ensure that the data transmitted in this way is only used by our representatives to fulfil the tasks specified by us in accordance with the above purpose and in compliance with the necessary technical and organisational measures for data security and data protection.

4.10.2. Transfer of data to third parties

Apart from this, your personal data will not be passed on to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:
• you have expressed consent under Art. 6 para. 1 sentence 1 a) GDPR;
• disclosure under Art. 6 para. 1 sentence 1 f) GDPR is necessary for the assertion, exercise and defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data;
• in the event of a legal obligation to pass on the data under Art. 6 para. 1 sentence 1 c) GDPR and
• this is legally permissible and for the processing of contractual relationships with you in accordance with Art. 6 Para. 1 sentence 1 b) GDPR. In this case we will inform you about the transmission of your data.

5. Encryption/data security

5.1. Encryption

The collection, processing and use of your data via our website is carried out exclusively with SSL encryption (so-called Secure Socket Layer) with the highest encryption level in each case. Currently the encryption is 256 bit. SSL is used to encrypt the continuous flow of data on the Internet between the server and the user”™s browser in order to prevent "secret listening and reading" - as far as this is technically possible. Among other things, you can recognise an SSL connection by the fact that the URL is marked "https://" in the address bar of your browser and/or a "lock symbol" or "key symbol" (icon) appears at the bottom of the status bar of your web browser. By clicking on the symbol, you will receive further information about the encryption and/or the SSL certificate used, depending on the browser used.

5.2. Data security

In addition, we use all reasonable and appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved and developed in line with technological developments.

6. Deletion of data/restriction of data processing

In principle, your data will be deleted when your consent no longer exists or when your data is no longer required for the purpose of data processing and there is no other legal basis for processing your data. Should your data still have to be stored despite revocation, objection or omission of the purpose of the data processing due to existing legal, official or contractual obligations (e.g. warranty, financial accounting), the data processing will be limited by marking and blocking of this data.

7. Rights of data subjects

As a person affected by the data processing, you are entitled to the following rights:
• Right to information (Art. 15 GDPR)
You have the right to request information about the personal data we have stored about you. This includes in particular information on the purposes of the processing, the categories of personal data processed, the categories of recipients to whom your data has been or will be disclosed, the duration of storage, the existence of a right of rectification, erasure, restriction of processing or opposition, the existence of a right of opposition, the origin of your data if not collected by us, the existence of automated decision making including the creation of profiles and, where appropriate, meaningful information on the details. You also have the right to receive a copy of the personal data that is the subject of our processing.
• Right of rectification (Art. 16 GDPR)
You have the right to request that we correct inaccurate personal information and promptly complete incomplete personal information.
• Right of withdrawal/right to "be forgotten" (Art. 17 GDPR)
You have the right to ask us to delete your personal data in accordance with the legal provisions. In as far as the deletion conflicts with legal and official storage obligations or the processing is necessary to exercise the right to freedom of opinion and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims, the processing of the data is restricted (see below).
• Right to restrict processing (Art. 18 GDPR)
You have the right to demand that we restrict the processing of your personal data, i.e. mark the data and restrict its future processing (blocking) in compliance with the legal provisions.
• Right to data transmission (Art. 20 GDPR)
You have the right to request that we transfer the personal data provided by you in a common, structured and machine-readable format to you or to a responsible person designated by you.
• Right of objection to direct marketing (Art. 21 GDPR)
You have the right to object at any time to the processing of your personal data for advertising purposes ("advertising objection").
• Right to object to data processing if the legal basis is a "legitimate interest" (Art. 21 GDPR)
You have the right to object to data processing by us at any time, provided that this is done on the legal basis of a "legitimate interest". We will then stop processing the data unless we can prove - in accordance with the legal provisions - that there are compelling reasons for further processing worthy of protection which outweigh your rights.
• Right to withdraw consent (Art. 7 para. 3 GDPR)
If you have given us permission to collect and process your data, you can revoke this permission at any time with effect for the future. The lawfulness of the processing of your data in the past until revocation remains unaffected. Please note that we may continue to collect and process your data despite a revocation if this is necessary and permissible on another legal basis (e.g. to fulfil an existing contractual relationship with you, because of a legitimate interest, because of a legal obligation).
• Right of appeal to the supervisory authority (Art. 77 GDPR)
You can lodge a complaint with the competent supervisory authority if you believe that the processing of your data is contrary to the law. You have the option of contacting the data protection authority responsible for your place of residence or your country or the data protection authority responsible for us.

8. Competent data protection authority

The data protection authority responsible for us is
The State Commissioner for Data Protection and Freedom of Information
Königstrasse 10a
70173 Stuttgart
Tel.: 0711/615541-0
Fax: 0711/615541-15
Email: poststelle@lfdi.bwl.de

9. Up-to-dateness and modification of the privacy policy

This privacy policy is currently valid and has the status February 2020.
In the course of the further development of our website and offers or due to changed legal or official requirements it may become necessary to change this privacy policy.
The current privacy policy can be viewed, printed and saved by you at any time on the website at www.acandis.com.

10. Feedback

We attach great importance to your feedback on our data protection conditions. If you have any questions about our data protection declaration or if you believe that it is not being properly observed, you can contact our data protection officer by email, telephone, fax or post. You can reach them by telephone during normal business hours from Monday to Friday between 09:00 and 16:00.

Dated: May 2023