Rastatter Straße 62
Managing Director: Thomas Podstawski
Link to Legal Notice: https://www.podstawski-group.com/impressum/
Phone +49 (0) 621 377 0 33 0
Fax +49 (0) 621 377 0 33 99
Types of data processed:
– Inventory data (e.g. names, addresses).
– Contact details (e.g., e-mail, telephone numbers).
– Content data (e.g., text input, photographs, videos).
– User data (e.g., visited websites, interest in content, access times).
– Meta/communication data (e.g., device information, IP addresses).
Categories of persons concerned
Visitors and users of the Online Offer (hereinafter referred to as “Users”).
Purpose of processing
Provision of the Online Offer, its functions and contents.
Answering contact requests and communicating with Users.
Audience measuring/marketing purposes.
Terms used in this document
“Personal Data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “Data Subject”); an identifiable natural person is one who can be identified directly or indirectly, in particular by means of an identification such as a name, an identification number, location data, an online identification (e.g. cookie) or one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
“Processing” means any operation or series of operations carried out with or without the aid of automated procedures in connection to the Personal Data. The term covers a wide range and involves practically every aspect of data handling.
“Pseudonymisation” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific Data Subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures to ensure that the Personal Data are not attributed to an identified or identifiable natural person.
“Profiling” means any automated processing of Personal Data consisting in the use of such Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocation of that natural person.
“Controller” means the natural or legal person, authority, institution or other body that, alone or together with others, decides about the purposes and means of processing personal data.
“Processor” means a natural or legal person, authority, institution or other body processing Personal Data on behalf of the Data Controller.
Applicable legal bases
We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the state-of-the-art technology, implementation costs and the nature, scope, circumstances and purposes of processing as well as the different probability of occurrence and seriousness of the risk to the rights and freedoms of natural persons, in accordance with Art. 32 of the GDPR.
Such measures will in particular include ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, distribution, security of availability and its separation. Furthermore, we have established procedures to ensure the exercise of rights of Data Subjects, deletion of data and reaction to the endangerment of data. We also take the protection of personal data into account during the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly presettings (Art. 25 of the GDPR).
Cooperation with Processors and Third Parties
If we disclose data to other persons and companies (contracted data processors or third parties) within the scope of our processing, transmit it to them or otherwise grant them access to the data, this shall only take place on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as payment service providers, in accordance with Art. 6, Section 1, letter b of the GDPR, is required for contract fulfillment), if you have consented, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when assigning agents, web hosts, etc.).
If we commission third parties with the processing of data on the basis of a so-called “commissioned data processing”, this is done on the basis of Art. 28 of the GDPR.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this only takes place if it is necessary to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. We process or have the data processed in a third country only if the special requirements of Art. 44 ff of the GDPR are met, unless permitted by law or contract. This means, for example, processing is carried out on the basis of special assurances, such as the officially recognised statement of the EU-compliant data protection level (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).
Rights of the Data Subjects
You have the right to request confirmation as to whether the data concerned are being processed and to request information about these data as well as further information and a copy of the data in accordance with Art. 15 Of the GDPR.
You have the following rights: In accordance with Article 16 of the GDPR, you have the right to request the rectification of data concerning you or the completion of any inaccurate data concerning you.
In accordance with Art. 17 of the GDPR, you have the right to demand that relevant data be deleted immediately or, alternatively, to demand a restriction of the processing of the data in accordance with Art. 18 of the GDPR.
You have the right to request a transfer of the data relating to you, which you have made available to us, to other responsible parties, according to Art. 20 of the GDPR.
In accordance with Article 77 of the GDPR, you the right to file a complaint with the competent supervisory authority.
Right to withdraw
You have the right to withdraw your consent in accordance with Art. 7, Section 3 of the GDPR with immediate effect.
Right to object
You can object to the future processing of the data concerning you in accordance with Art. 21 of the GDPR at any time. The objection may be lodged in particular against processing for direct marketing purposes.
Cookies and right of objection in the event of direct advertising
“Cookies” are small files that are stored on the user’s device. Cookies can store different information. Cookies are primarily used to store information about a user (or the device on which the cookie is stored) during or after his or her visit to the Online Offer. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user closes his or her browser after leaving the Online Offer. In such a cookie, for example, the content of a shopping cart in an online shop or a login status can be stored. “Permanent” or “persistent” cookies are those that remain stored even after the browser is closed. For example, the login status can be saved when users visit it after several days. Likewise, the interests of users used for audience measurement or marketing purposes may be stored in such a cookie. “Third-Party-Cookie” are Cookies, which are offered by other providers than the Data Controller, who is responsible for the Online Offer (otherwise, if they are only Controller’s Cookies, they are called “First-Party Cookies”).
If Users do not wish cookies to be stored on their devices, they will be asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The disallowing of cookies can lead to functional restrictions of the Online Offer.
Right to be forgotten
According to legal requirements in Germany, the storage is carried out, in particular, for 10 years in accordance with § 147, Section 1 of the German Commercial Code, § 257, Section 1, No. 1 and 4, Section 4 of the German Commercial Code (books, records, management reports, accounting documents, trading books, documents relevant for taxation, etc.) and 6 years in accordance with § 257, Section 1, No. 2 and 3, Section 4 of the German Commercial Code (commercial letters).
In accordance with legal requirements in Austria, storage is carried out, in particular, for 7 years in accordance with § 132 Section 1 of the Austrian Accounting Law (accounting documents, receipts/invoices, accounts, receipts, business papers, statement of income and expenses, etc.), for 22 years in relation to real estate and for 10 years for documents related to electronically provided services, telecommunications, radio and television services, which are provided to non-entrepreneurs in EU member states and for which the Mini-One-Stop-Shop (MOSS) is used.
We process the data of our customers, clients and interested parties (uniformly referred to as “Customers”) in accordance with Art. 6, Section 1, letter b of the GDPR to provide our contractual or pre-contractual services to them. The data processed here, the type, scope and purpose and the necessity of their processing are determined by the subject-matter of the contract. This basically includes the Customer’s personal data (name, address, etc.), as well as contact data (e-mail address, telephone, etc.), the contractual data (content of the order, premiums, terms, information on the companies/insurers/benefits brokered) and payment data (commissions, payment history, etc.). Furthermore, we can process the information on the features and circumstances of persons or items belonging to them if this is part of the subject of our order. These can be, for example, information on personal living conditions, mobile or immovable property.
Within the scope of our services, it may also be necessary for us to process special categories of data in accordance with Art. 9, Section 1 of the GDPR, in particular, information on a person’s health. In accordance with Art. 6, Section 1, letter a, Art. 7, Art. 9, Section 2, letter a of the GDPR, we obtain the express consent of the customer for this, if necessary.
To the extent required by law or for the fulfillment of the contract, we disclose or transfer the Customer’s data to providers of the services/properties, insurers, reinsurers, broker funds, technical service providers, other service providers, e.g. cooperating associations, financial service providers, credit institutions and investment companies as well as social insurance carriers, tax authorities, tax consultants, legal advisors, auditors, insurance ombudsmen and the Federal Financial Supervisory Authority (BaFin) within the scope of requests for cover, conclusion and processing of contracts. Furthermore, we can commission subcontractors, such as sub-brokers. We obtain consent from customers if this is required for disclosure/transmission (which may be the case, for example, in the case of special categories of data pursuant to Art. 9 of the GDPR).
The data will be deleted after the expiry of statutory warranty and comparable obligations, whereby the necessity of retaining the data is checked every three years; otherwise, the statutory retention obligations apply.
In the case of statutory retention obligations, deletion shall take place after their expiry. According to German law in the insurance and financial sector, in particular, consulting protocols for 5 years, brokerage notes for 7 years and broker contracts for 5 years as well as generally 6 years for documents relevant under commercial law and 10 years for documents relevant under tax law are required to be kept.
We process the data of our contractual partners and interested parties as well as other clients or contractual partners (uniformly referred to as “Contractual partners”) in accordance with Art. 6, Section 1, letter b of the GDPR to provide our contractual or pre-contractual services to them. The data processed here, the type, scope and purpose and the necessity of their processing, are determined by the underlying contractual agreement.
The processed data includes the data of our contractual partners (e.g., names and addresses), contact data (e.g. e-mail addresses and telephone numbers) as well as contractual data (e.g., services used, contents of contracts, contractual communication, names of contact persons) and payment data (e.g., bank details, payment history).
We do not process special categories of personal data, unless these are part of a commissioned or contractual processing.
We process data which are necessary to establish and fulfill the contractual services and point out the necessity of their disclosure if this is not evident for the contractual partners. Disclosure to external persons or companies is only made if it is required within the framework of a contract. When processing the data provided to us within the scope of an order, we act in accordance with the instructions of the customer and the legal requirements.
When using our online services, we may store the IP address and the time of the particular user action. This data is stored on the basis of our legitimate interests as well as the users’ interests with regard to protection against misuse and other unauthorized use. As a matter of principle, this data will not be passed on to third parties, unless it is necessary to pursue our claims pursuant to Art. 6, Section 1, letter f of the GDPR or there is a legal obligation in accordance with Art. 6, Section 1, letter c of the GDPR.
The data will be deleted if the data is no longer required for the fulfillment of contractual or statutory duties to provide security as well as for the handling of any warranty and comparable obligations, whereby the necessity of storing the data is checked every three years; otherwise, the statutory storage obligations apply.
Administration, financial accounting, office organization, contact management
We process data within the framework of administrative tasks as well as the organisation of our company, financial accounting and compliance with legal obligations, e.g. archiving. We process the same data that we process in the course of providing our contractual services. The processing is governed by Art. 6, Section 1, letter c of the GDPR and Art. 6, Section 1, letter f of the GDPR. We process the Data of customers, potential customers, business partners and website visitors. The purpose and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, i.e. tasks which serve the maintenance of our business activities, the performance of our tasks and the provision of our services. The deletion of the data with regard to contractual services and contractual communication corresponds to the information provided in these processing activities.
We disclose or transfer data to the tax authorities, consultants, such as tax consultants or auditors, as well as other payment service providers.
Furthermore, we store information on suppliers, event organisers and other business partners on the basis of our business interests, e.g. for the purpose of contacting them later. We store this data, which is mainly company-related, permanently.
Data protection in the recruitment process
We process the candidate data only for the purpose and in the context of the recruitment process in accordance with the legal requirements. The processing of the candidate data takes place in order to fulfill our (pre)contractual obligations in the context of the recruitment process within the meaning of Art. 6, Section 1, letter b of the GDPR, Art. 6, Section 1, letter f of the GDPR if data processing becomes necessary e.g. in the context of legal procedures for us (in Germany, § 26 of the Federal Data Protection Law additionally applies)
The recruitment process requires that candidates provide us with their details. If we offer an online form, the necessary candidate data are marked or otherwise result from the job descriptions and generally include personal data, addresses for correspondence and telephone numbers and the documents belonging to the candidate, such as cover letter, curriculum vitae and certificates. In addition, candidates may voluntarily provide us with additional information.
If special categories of personal data within the meaning of Art. 9 Section 1 of the GDPR are voluntarily disclosed in the recruitment process, they are also processed in accordance with Art. 9 Section 2 letter b of the GDPR (e.g. health data, disability or ethnic origin). If special categories of personal data within the meaning of Art. 9, Section 1 of the GDPR are requested from candidates during the recruitment process, they are additionally processed in accordance with Art. 9, Section 2, letter a of the GDPR (e.g. health data, if these are required for the exercise of the profession).
If made available, candidates can send us their applications via an online form on our website. The data is encrypted and transmitted to us using state-of-the-art technology.
Candidates can also send us their applications by e-mail. Please note, however, that e-mails are generally not sent in encrypted form and that the candidates themselves must ensure that they are encrypted. We cannot, therefore, accept any responsibility for the transmission of the application between the sender and our server and recommend that you use an online form or send it by post. Instead of using the online application form and e-mail, applicants can still send us their application by post.
If the application is successful, the data provided by the candidate can be further processed by us for the purpose of employment. If the application for a job offer is not successful, the candidates’ data will be deleted. Candidates’ data will also be deleted if an application is withdrawn, to which the candidates are entitled at any time.
The deletion will take place after a period of six months, under the right of a justified withdrawal of the candidate, so that we can answer any follow-up questions to the application and meet our obligations under the General Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax regulations.
Establishment of contact
When contacting us (e.g. via contact form, e-mail, telephone or social media), the user’s details for processing the contact enquiry and its processing pursuant to Art. 6, Section 1, letter b (in the context of contractual/pre-contractual connections), Art. 6, Section 1, letter f (other requests) of the GDPR. User information can be stored in a customer relationship management system (“CRM system”) or comparable inquiries management system.
We delete the requests if they are no longer necessary. We review this requirement every two years; the statutory archiving obligations also apply.
Hosting and emailing
The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, e-mail delivery, security services and technical maintenance services that we use for the purpose of operating our Online Offer.
We or our hosting provider process personal data, contact data, content data, contract data, usage data, meta- and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests in an efficient and secure providing of our Online Offer according to Art. 6, Section 1, letter f of the GDPR in connection with Art. 28 of the GDPR (conclusion of contract).
Collection of access data and log files
We, or our hosting provider, collect the following data on the basis of our legitimate interests within the meaning of Art. 6, Section 1, letter f of the GDPR on each access to the server on which this service is located (so-called server log files). Access data includes the name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the request provider.
Log file information is stored for a maximum of 7 days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data that must be kept for further evidence purposes are excluded from deletion until the respective incident has been finally clarified.
On the basis of our legitimate interests (i.e. the analysis, optimisation and economic operation of our Online Offer within the meaning of Art. 6 Section 1 letter f of the GDPR) Google Analytics, we use the information provided by Google Analytics, a web analysis service of Google LLC (“Google”). Google is using cookies. The information generated by the cookie about the use of the Online Offer by Users is transferred to a Google server in the USA and stored there.
Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to evaluate the use of our Online Offer by Users, to compile reports on the activities within this Online Offer and to provide us with further services associated with the use of this Online Offer and the use of the Internet. The processed data can be used to create anonymous user profiles.
We use Google Analytics only with IP anonymisation enabled. This means that Google will reduce the IP address of users within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
Users’ Personal Data will be deleted or made anonymous after 14 months.
Jetpack (WordPress Stats)
On the basis of our legitimate interests (i.e. the analysis, optimisation and economic operation of our Online Offer within the meaning of Art. 6, Section 1, letter f of the GDPR) we use the plugin Jetpack (hereinafter referred to as “WordPress Stats”), which includes a tool for statistical analysis of visitor access, by Automattic Inc. 60 29th Street #343, San Francisco, CA 94110, USA. Jetpack uses “cookies”, which are text files placed on your device, to help the website analyse how users use the site.