Name and contact details of the data controller in accordance with Article 4 (7) GDPR
Company engineering people GmbH
Address Söflinger Str. 70, 89077 Ulm
Phone +49 (0) 731 / 20790-0
Fax +49 (0) 731 / 20790-120
Contact details of the Data Protection Officer
Security and protection of your personal data
We consider it our primary responsibility to maintain the confidentiality of the personal data you provide and to secure it against unauthorised access. We therefore apply the utmost care as well as state-of-the-art security standards to ensure maximum protection of your personal data.
As a company under private law, we are subject to the provisions of the EU's General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). We have implemented technical and organisational measures to ensure that the regulations governing data protection are observed both within our company and by our external service providers.
1. Personal data
"Personal data" refers to any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is anyone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier, or to one or more factors that are specific to the physical, physiological, genetic, mental, economic, cultural or social identity of said natural person.
"Processing" means any operation or set of operations performed using personal data, whether by automated means or not, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or disclosure by other means, alignment or combination, restriction, erasure or destruction.
3. Restriction of processing
"Restriction of processing" means the marking of stored personal data with the goal of limiting its processing in the future.
"Profiling" means any automated processing of personal data that involves the use of personal data to evaluate certain personal aspects relating to a natural person, in particular with a view to analysing or predicting aspects relating to said natural person's work performance, economic situation, health situation, personal preferences, interests, reliability, conduct, location or movements.
"Pseudonymisation" means the processing of personal data in a manner that ensures it cannot be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures which guarantee that the personal data cannot be attributed to an identified or identifiable natural person.
6. File system
"File system" means any structured collection of personal data that can be accessed by selecting specific criteria, whether centralised, decentralised or organised on a functional or geographical basis.
7. Data controller
The "data controller" is a natural or legal person, public authority, agency or other body who/which, alone or in concert with others, determines the purposes and means of the processing of personal data. If the purposes and means of such processing are stipulated under EU or national law, provision can be made for the controller – or for the specific criteria used for the controller's appointment – in accordance with EU or national law.
8. Order processor
An "order processor" is any natural or legal person, public authority, agency or other body who/which processes personal data on behalf of the data controller.
A "recipient" is any natural or legal person, public authority, agency or other body to whom personal data is disclosed, regardless of whether or not they are a third party. However, authorities which may receive personal data in the context of a specific investigation mandate under EU or national law shall not be categorised as recipients. The processing of personal data by these authorities shall be carried out in accordance with the applicable data protection legislation and in compliance with the purposes of the processing.
10. Third party
"Third party" means any natural or legal person, public authority, agency or body other than the data subject, the data controller, the processor and those persons who, under the direct authority of the data controller or the processor, are authorised to process the personal data.
The data subject's "consent" means any freely given specific, informed and unequivocal expression of his or her wishes in the form of a declaration or other unequivocal affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.
Lawfulness of the processing
The processing of personal data is only lawful if a legal basis for the processing exists. In particular, the legal basis for the processing may be
Article 6 (1) (a – f) GDPR:
a. The data subject has given his/her consent to the processing of his/her personal data for one or more specified purposes.
b. The processing is necessary for the performance of a contract to which the data subject is party, or in order to complete certain steps in preparation for the conclusion of a contract at the request of the data subject.
c. The processing is necessary to ensure compliance with a legal obligation to which the data controller is subject.
d. The processing is necessary in order to protect the vital interests of the data subject or another natural person.
e. The processing is necessary for the performance of a task carried out in the public interest or for the exercise of official authority vested in the data controller.
f. The processing is necessary in order to protect the legitimate interests of the data controller or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which necessitate the protection of his or her personal data, in particular if the data subject is a child.
Information regarding the collection of personal data
(1) Below you will find information about the collection of personal data when you use our website. In this case, the personal data may include your name, address, e-mail addresses and user behaviour.
(2) If you contact us by e-mail and/or via a contact form, the data you provide (your e-mail address, your name and telephone number if applicable) will be stored by us for the purpose of answering your questions. We delete the data generated in this context when its storage is no longer required. The processing of this data may also be restricted due to statutory storage obligations.
Collection of personal data when you visit our website
If you use our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we will only collect the personal data that your browser transmits to our server. If you wish to view our website, we will collect the following data, which is technically necessary in order to display our website and ensure its stability and security (the legal basis is Art. 6 (1) (1) (f) GDPR)
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transmitted in each case
- Website from which the request originated
- Operating system and its interface
- Language and version of the browser software
(1) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk and assigned to the browser you are using, and which exchange certain information with the website that generated the cookie. Cookies cannot run programs or deliver viruses to your computer. They merely serve to make the online service as a whole more user-friendly and effective.
(2) This website uses the following types of cookies, the scope and function of which are explained below:
- Transient cookies (see a.)
- Persistent cookies (see b.).
a. Transient cookies are automatically deleted when you close the browser. In particular, these include session cookies, which store a "session ID" that allows the various requests received from your browser to be assigned to the same session. This allows your computer to be recognised if you re-visit our website at a later time. The session cookies are deleted when you log out or close the browser.
b. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies via your browser's security settings at any time. They are automatically deleted after 60 days at the latest.
c. You can configure your browser settings to suit your preferences and (for example) refuse to accept third-party cookies or all cookies. So-called "third-party cookies" are cookies that have been generated by a third party, i.e. not by the actual website that you are currently visiting. Please note that by disabling cookies you may not be able to use all features of this website.
Additional functions and services provided via our website
(1) In addition to the purely informational use of our website, we offer various services that can be used by those interested. To do so, you will usually be required to provide additional personal data, which we will use to provide the respective service in compliance with the aforementioned data-processing regulations.
(2) We sometimes use external service providers to process your data. In all cases, these companies have been carefully selected and commissioned by us, are bound by our instructions and are reviewed regularly.
(3) Furthermore, we may share your personal data with third parties if participation in promotions, competitions, the conclusion of contracts or similar services are jointly offered by us and these partners. You will receive more detailed information about this when you enter your personal data or in the description of the service below.
(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this in the service description.
Our services are categorically aimed at adults. Persons under 18 years of age should not transmit any personal data to us without the consent of their parents or legal guardians.
Rights of data subjects
(1) Revocation of consent
If the processing of personal data is based on your previously granted consent, you have the right to revoke this consent at any time. The revocation of your consent shall not affect the lawfulness of the processing that was carried out on the basis of your consent prior to its revocation.
You can contact us at any time to exercise your right of revocation.
(2) Right to confirmation
You have the right to request confirmation from the data controller as to whether we are processing your personal data. You can request such confirmation at any time using the contact details provided above.
(3) Right of access
If your personal data is being processed, you can, at any time, request details of your personal data as well as the following information at any time:
a. The purposes of the processing
b. The categories of the personal data being processed
c. The recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations
d. If possible, the planned storage duration for the personal data or, if this is not possible, the criteria used to determine this duration
e. The existence of a right of rectification or erasure of the personal data relating to you or of a right of objection to – or restriction of – said processing by the data controller
f. The existence of a right of appeal to a supervisory authority
g. If the personal data is not collected from the data subject, all available information concerning the origin of the data
h. The existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) DPA and, at least in these cases, meaningful information about the logic involved and the scope and intended consequences of such processing for the data subject
If personal data is transferred to a third country or to an international organisation, you have the right to be informed about the existence of the appropriate safeguards pursuant to Article 46 GDPR in the context of the transfer. We will provide one copy of the personal data that is the subject of the processing. For any additional copies you request, we may charge a reasonable fee that reflects our administrative costs. If the application is submitted electronically, the information will be provided in a standard electronic format unless otherwise specified by the applicant. Your right to receive a copy pursuant to paragraph 3 shall not adversely affect the rights and freedoms of other persons.
(4) Right of rectification
You have the right to ask us to correct any incorrect personal data concerning you without delay. With regard to the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
(5) Right of erasure ("right to be forgotten")
You have the right to ask the data controller to delete personal data relating to you immediately, whereby we are obliged to delete personal data immediately if any of the following reasons apply:
a. The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
b. The data subject withdraws the consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR and there is no other legal basis for the processing.
c. The data subject lodges an objection to the processing pursuant to Article 21(1) DPA and there is no overriding legitimate reason for the processing, or the data subject lodges an objection to the processing pursuant to Article 21(2) GDPR.
d. The personal data was processed unlawfully.
e. The erasure of personal data is necessary to comply with a legal obligation under EU or national law to which the data controller is subject.
f. The personal data was collected in relation to information society services offered in accordance with Article 8(1) of the GDPR.
Where the data controller has made the personal data public and is obliged to delete it in accordance with paragraph 1, the data controller shall take reasonable measures, including technical measures – taking into account the available technology and implementation costs – to inform any other data controllers who process the personal data that a data subject has requested them to delete all links to the personal data and/or copies and/or replications thereof.
The right of erasure ("right to be forgotten") does not exist to the extent that the processing is necessary:
– to exercise the right to freedom of expression and information
– to comply with a legal obligation requiring processing under EU or national law to which the data controller is subject, or to carry out a task in the public interest or to exercise official authority vested in the data controller
– for reasons in the public interest relating to public health pursuant to Article 9(2)(h) and (i) and Article 9(3) GDPR
– for archiving, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Article 89 (1) GDPR, insofar as the law referred to in paragraph 1 is likely to render impossible or seriously hamper the attainment of the objectives of such processing, or
– to assert, exercise or defend legal claims.
(6) Right to restrict the processing
You have the right to request that we restrict the processing of your personal data if one of the following conditions is met:
a. the accuracy of the personal data is contested by the data subject, and for a period that enables the data controller to verify the accuracy of the personal data
b. the processing is unlawful and the data subject waives their right to request erasure of the personal data and requests instead the restriction of its use
c. the data controller no longer needs the personal data for the purposes of the processing, however the data subject needs it for the purpose of asserting, exercising or defending legal claims, or
d. the data subject has lodged an objection to the processing pursuant to Article 21 paragraph 1 GDPR, to the extent that it remains unclear whether the legitimate reasons of the data controller outweigh those of the data subject
Where the processing has been restricted in accordance with the above conditions, such personal data, apart from being stored, shall be processed only with the consent of the data subject, or for the purpose of pursuing, exercising or defending legal claims, or protecting the rights of another natural or legal person, or on grounds of an important public interest of the European Union or a Member State.
In order to exercise their right to limit the processing, the data subject may contact us at any time using the contact details provided above.
(7) Right to data portability
You have the right to receive the personal data concerning you, and which you have provided to us, in a structured, common and machine-readable format, and you have the right to transfer such data to another data controller without interference from the data controller to whom the personal data was originally submitted, provided that:
a. the processing is based on consent pursuant to Article 6 (1) (a) or Article 9 (2) (a) or on a contract pursuant to Article 6 (1) (b) GDPR and
b. the processing is carried out by means of automated processes.
When exercising the right to transfer data in accordance with paragraph 1, you have the right to arrange for the personal data to be transferred directly from one data controller to another data controller, insofar as this is technically feasible. You can exercise your right of data portability without prejudice to your right of erasure ("right to be forgotten"). This right shall not apply to any processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
(8) Right of objection
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is carried out on the basis of Article 6 (1) (e) or (f) GDPR, including profiling based on these provisions. The data controller shall no longer process the personal data unless it can demonstrate compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or unless the processing is for the purpose of asserting, exercising or defending legal claims.
Where personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data relating to you for the purpose of such marketing, including profiling, to the extent that said profiling is related to direct marketing of this nature. If you object to the processing of your data for direct-marketing purposes, your personal data will no longer be processed for these purposes.
In the context of the use of Information Society services, and notwithstanding Directive 2002/58/EC, you may exercise your right of objection by means of automated processes on the basis of technical specifications.
You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for the purposes of scientific or historical research or for statistical purposes, as referred to in Article 89(1), except where such processing is necessary for the performance of a task carried out in the public interest.
You can exercise this right of objection at any time by contacting the relevant data controller.
(9) Automated case-by-case decisions including profiling
You have the right not to be subjected to a decision based solely on automated processing, including profiling, which has legal effect on you or which significantly affects you in a similar way. This shall not apply if said decision:
a. is necessary for the conclusion or performance of a contract concluded between the data subject and the data controller
b. is authorised by EU or national legislation to which the data controller is subject and said legislation provides for adequate measures to safeguard the rights and freedoms and legitimate interests of the data subject, or
c. is made with the express consent of the data subject.
The data controller shall take appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, including at least the right to obtain the intervention of a representative of the data controller, to put forward his or her point of view and to appeal against the decision.
Data subjects can exercise this right at any time by contacting the relevant data controller.
(10) Right of appeal to a supervisory authority
You also have, without prejudice to any other administrative or judicial remedy, the right of appeal to a supervisory authority, in particular in the Member State in which you are resident, in which your place of employment is located or in the place where the alleged infringement occurred, if the data subject considers that the processing of personal data relating to him/her is being carried out in breach of this Regulation.
(11) Right to an effective judicial remedy
Without prejudice to any available administrative or extra-judicial remedy, including the right of appeal to a supervisory authority pursuant to Article 77 GDPR, you have the right to an effective judicial remedy if you consider that your rights under this Regulation have been infringed as a result of any processing of your personal data in violation of this Regulation.
Applications can only be submitted via the website of engineering people GmbH if you provide your informed consent. To do this, please read the Declaration of consent and then tick the corresponding checkbox. The data that you upload to our server is transmitted in encrypted form. If possible, please therefore use this option instead of sending us your data by e-mail.
Use of Google Analytics
(2) Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
(3) Google will use this information on our behalf to evaluate the use of our website by users, to compile reports on activity related to this website and to provide further services to us in connection with the use of this website and the internet. Pseudonymous user profiles of the users may be created on the basis the processed data.
(4) We only use Google Analytics with IP anonymisation enabled. This means that the user's IP address is truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the user's full IP address transferred to a Google server in the USA and truncated there.
(7) The personal data of users will be deleted or anonymised after xx weeks.
Integration of Google Maps
(1) We use the Google Maps service on this website. This allows us to display interactive maps directly on the website and facilitates convenient use of the map function.
(2) When you visit the website, Google is informed that you have accessed the corresponding subpage of our website. In addition, the data described in § 3 of this declaration is transmitted. This happens regardless of whether you are logged in to a Google account or no such user account exists. If you are logged in to a Google account, your personal data will be directly associated with your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as user profiles and uses it for the purpose of advertising, market research and/or demand-oriented design of its website. In particular, an evaluation of this kind is carried out (even for users who are not logged in) for the purpose of serving needs-based ads and informing other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles – you must contact Google to exercise this right.
Contract data processors
We commission external service providers (contract data processors) to carry out certain services, including the dispatch of goods or newsletters, or for payment processing. A separate data processing agreement is concluded with each service provider to ensure the protection of your personal data.
We currently work with the following service providers:
Pure Labs GmbH
Lindwurmstrasse 76, 80337 Munich, Germany
IT Consulting Kühnl
Söflinger Str. 70, 89077 Ulm, Germany