Privacy Policy

Privacy Policy

This Privacy Policy informs you about the nature, scope, and purpose of the collection, use, and processing of personal data by us.
We have implemented numerous technical and organizational measures to ensure that the processed personal data are protected as completely as possible. However, due to inherent security vulnerabilities, e.g., of internet-based data transmission, absolute protection cannot be guaranteed. For this reason, every data subject is free to convey personal data to us in alternative ways, for example, by telephone.

Inhaltsverzeichnis

1. • Name and Address of Data Controller
2. • Collection of General Data and Information
3. • Contact Options
4. • Erasure and Blocking of Personal Data
5. • Data Subject Rights
6. • Data Protection for Applications and During the Application Process
7. • Cookies
8. • Matomo Web Analytics
9. • Usercentrics Cookie Consent
10. • Legal Basis for Processing
11. • Data Transfer
12. • Security
13. • Automated Decision-Making
14. • Changes to This Privacy Policy

1. Name and Address of Data Controller

3ks profile gmbh
Asangstraße 16
94436 Simbach, Germany
+49 9954 70017-0
+49 9954 70017-99
info@3ks.de

We cooperate with an external Data Protection Officer, whose contact information is as follows:

Christian Bößl
CB. ADDATA GmbH
Reitmeierfeld 23
94099 Ruhstorf an der Rott, Germany
+49 8531 978 447-0

2. Collection of General Data and Information

Our website collects a host of general data and information every time a data subject or an automated system retrieves the website. These general data and pieces of information are stored in the server log files. The follow-ing can be collected:

• Browser types and versions used
• Operating system used by the accessing system
• Website from which an accessing system reaches our website (so-called referrer)
• Subpages that are accessed via an accessing system on our website
• Date and time of website access
• Internet Protocol address (IP address)
• Internet service provider of accessing system
• Other similar data and information that may be used for averting danger in the event of attacks on our IT systems

When we use such data and information, we do not draw any conclusions about the data subject. Rather, we require this information for the following purposes:

• To deliver our website content correctly
• To optimize the content of our website and its promotion
• To ensure the permanent functionality of our IT systems and the technology of our website and to supply law enforcement authorities with the information necessary for criminal prosecution in the event of a cyberattack

We statistically evaluate these anonymously collected data and pieces of information to improve the data protec-tion and data security in our company and, ultimately, to ensure an optimal level of protection of the personal data we process. The anonymous data in the server log files are stored separately from all personal data provided by a data subject.

3. Contact Options

In accordance with statutory rules, the website contains information that enables fast electronic contact with our company as well as direct communication with us, which also includes a general address for so-called electronic mail (email address). If a data subject contacts the Data Controller by email or via a contact form, the personal data conveyed by the data subject are automatically stored. Such personal data conveyed voluntarily by a data subject to the Data Controller are stored for the purposes of processing or contacting the data subject. These per-sonal data are not passed on to third parties.

4. Erasure and Blocking of Personal Data

The Data Controller processes and stores personal data of the data subject only for the period of time required for the purpose of storage to be fulfilled or as provided for by the relevant laws and rules to which the Data Controller is subject.
When the purpose of storage no longer applies or a storage period elapses, the personal data are erased or, if statutory retention periods oppose erasure, blocked routinely and in accordance with statutory rules.

5. Data Subject Rights

a) Right to access: Every data subject has the right to obtain free information about the stored personal data pertaining to him or her. Specifically, this is the following:

• Purposes of processing
• Categories of personal data that are processed
• Recipients or categories of recipients that the personal data have been disclosed to or will be disclosed to, especially in the case of recipients in third countries or international organizations
• If possible, the planned duration of storage of the personal data; otherwise, the criteria for defining this duration
• Existence of a right to rectification or erasure of the personal data about the data subject or to restriction of processing by the Data Controller or of a right to object to this processing
• Existence of a right to lodge a complaint with a supervisory authority
• If the personal data are not collected from the data subject: all available information about the origin of the data
• Existence of automated decision-making including profiling pursuant to Article 22(1) and Article 22(4) of the GDPR and – at least in these cases – meaningful information about the logic involved as well as the scope and the desired effects of such processing for the data subject

b) Right to rectification: Every data subject has the right to demand rectification of his or her data. Furthermore, the data subject has the right to demand completion of incomplete personal data – also by means of a supplementary declaration – in consideration of the purposes of processing.

c) Right to erasure: Every data subject has the right to demand immediate erasure of the personal data about him or her by the Data Controller. Archiving or blocking takes the place of erasure if statutory retention periods oppose erasure.

d) Right to restriction of processing: Every data subject has the right to demand restriction of processing by the Data Controller if one of the following prerequisites is met:

• The correctness of the personal data is disputed by the data subject for a duration that allows the Data Controller to check whether the personal data are correct.
• The processing is unlawful, and the data subject objects to erasure of the personal data and demands the restriction of use of the personal data instead.
• The Data Controller no longer needs the personal data for the purposes of processing, but the data sub-ject needs them to assert, exercise, or defend legal claims.
• The data subject has objected to processing in accordance with Article 21(1) of the GDPR and it has not yet been determined whether the legitimate reasons of the Data Controller outweigh those of the data subject.

e) Right to data portability: Every data subject has the right to receive in a structured, standard, and machine-readable format the personal data about him or her that have been made available by the data subject to a data controller. This includes the right to convey these data to another data controller without hindrance from the data controller to whom the per-sonal data have been provided if the processing is based on consent in accordance with Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract in accordance with Article 6(1)(b) of the GDPR and the pro-cessing is carried out using automated procedures as long as the processing is not necessary for the performance of a task that is in the public interest or that is carried out in the exercising of official authority conferred on the data controller.
Furthermore, the data subject, in exercising his or her right to data portability in accordance with Article 20(1) of the GDPR, has the right to effect the conveyance of the personal data directly from one data controller to another data controller as far as this is technically feasible and provided that the rights and freedoms of others are not thereby affected.

f) Right to object: Every data subject has the right to object at any time to the processing of his or her personal data, which takes place on the basis of Article 6(1)(e) or Article 6(1)(f) of the GDPR, for reasons arising from his or her particular situation. This also applies to profiling based on these provisions.

g) Right to nonautomated processing, including profiling: Every data subject has the right to not be subject to a decision that is based solely on automated processing (including profiling) and that has legal consequences for or similarly affects him or her if the decision:

• Is not required for the entering into or performance of a contract between the data subject and the Data Controller,
• Is permissible on the basis of legislation of the Union or of the Member States to which the Data Con-troller is subject and this legislation contains adequate measures for safeguarding the rights and free-doms as well as the legitimate interests of the data subject, or
• With the explicit consent of the data subject.

h) Right to withdraw: Every data subject has the right to withdraw his or her consent to processing of personal data at any time. The withdrawal can take place at any time without any reasons being given and is effective from that point on.

i) Right to lodge a complaint: Every data subject has the right to lodge a complaint with the competent supervisory authority if he or she believes that his or her personal data are not being processed in compliance with data protection law. The contact data for the competent supervisory authority for us are as follows: Bayerisches Landesamt für Datenschutzaufsicht, Promenade 18, 91522 Ansbach, Germany

If you wish to exercise your rights as a data subject, please contact the following:
3ks profile gmbh
Asangstraße 16
94436 Simbach, Germany
+49 9954 70017-0
datenschutz@3ks.de

6. Data Protection for Applications and During the Application Process

We collect and process the personal data of applicants for the purposes of completing the application process. Processing can also take place electronically. This is especially the case when an applicant sends the correspond-ing application documents electronically, for example, via email. If the Data Controller enters into an employ-ment contract with an applicant, the conveyed data are stored for the purposes of carrying out the employment relationship in compliance with statutory rules. If no employment contract is entered into by the Data Controller and the applicant, the application documents are automatically deleted six months after the announcement of the rejection decision provided that the data subject has not consented to longer storage or erasure does not con-flict with any other legitimate interests of the Data Controller. Other legitimate interests in this sense include, for example, a burden of proof existing in proceedings according to the German General Act on Equal Treatment (AGG).

7. Cookies

When you visit our websites, we may store information on your computer in the form of cookies. Cookies are small text files that are transferred from a web server to your browser and store on your hard drive. This infor-mation allows you to be recognized automatically the next time you visit our website and thus makes use of it easier for you. Of course, you can also visit our websites without accepting cookies. If you do not want your com-puter to be recognized the next time you visit, you can reject the use of cookies by changing your browser settings to “Deny cookies.” The respective procedure can be found in the user guide for your browser.

8. Matomo Web Analytics

We use the open source software tool Matomo on our website. Cookies can be used for this. The data collected with the Matomo technology (including your anonymized IP address) are processed on our servers.
When individual pages of our website are accessed, the following data are stored:
- Two bytes of the IP address of the retrieving system of the user
- Retrieved website
- Website from which the user accessed the retrieved website (referrer)
- Subpages retrieved from the retrieved website
- Time spent on the website
- How often the website was retrieved

The software is set in such a way that the IP addresses are not stored in full, but two bytes of the IP address are masked (example: 130.75.xxx.xxx). As a result, it is no longer possible to assign the shortened IP address to the retrieving computer. Through the anonymization of the IP address, the interest of users in the protection of their personal data is adequately taken into account. Cookies are stored on the user’s computer and conveyed from there to our site. Therefore, as the user, you also have full control over the use of cookies. By changing the set-tings in your browser, you can deactivate or restrict the transmission of cookies. You can delete cookies that have already been stored at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible for all of the features of the website to be used to their full extents.

9. Usercentrics Cookie Consent

This website uses the cookie consent technology from Usercentrics to obtain your consent for storing certain cook-ies on your device and documenting them in compliance with data protection law. This technology is provided by Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, website: usercentrics.com/de/.
When you enter our website, the following personal data are transmitted to Usercentrics:
- Your consent(s) or the withdrawal of your consent(s)
- Your IP address
- Information about your browser
- Information about your device
- Time of your visit to the website

In addition, Usercentrics stores a cookie in your browser to be able to assign the granted consents or their with-drawals to you. The data collected in this way are stored until you ask us to erase them, you delete the Usercen-trics cookie yourself, or the purpose for data storage no longer applies. Mandatory statutory retention require-ments remain unaffected.
Usercentrics is used for obtaining the legally prescribed consents for the use of cookies. The legal basis for this is Article 6(1)(c) of the GDPR.

10. Legal Basis for Processing

Article 6(1)(a) of the GDPR serves our company as a legal basis for processing operations for which we obtain consent for a specific processing purpose. If processing of personal data is necessary for the performance of a contract to which the data subject is a party, as, for example, is the case for processing operations that are neces-sary for delivery of goods or provision of another service or consideration, the processing is based on Article 6(1)(b) of the GDPR. This also applies to processing operations that are necessary for performing measures prior to the entering into of a contract, for example, in the case of inquiries regarding our products or services. If our company is under a legal obligation that makes the processing of personal data necessary, for example, for meeting tax obligations, the processing is based on Article 6(1)(c) of the GDPR. In rare cases, the processing of personal data could be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company were injured and his name, age, health insurance data, or other vital information had to be passed on to a doctor, hospital, or other third party. Then the processing would be based on Article 6(1)(d) of the GDPR. Finally, processing operations could be based on Article 6(1)(f) of the GDPR. This is the legal basis for processing operations that are not covered by any of the aforementioned legal bases if the processing is necessary for safeguarding a legitimate interest of our company or a third party provided that the interests and the fundamental rights and freedoms of the data subject do not override it. We are permitted to carry out such processing operations especially because they were specifically mentioned by the European legislators. In this respect, they took the view that a legitimate interest could be assumed if the data subject was a customer of the data controller (Recital 47 Sentence 2 of the GDPR)

11. Data Transfer

The personal data are only passed on or otherwise conveyed to third parties if this is necessary for the purposes of contract processing / billing purposes or the data subject has provided prior consent. Otherwise, the data are only passed on in compliance with the legal data protection provisions or at the request of authorities, courts, or the tax office or in the event of a claim by a third party due to a possible violation of property rights (copyrights, trademarks, and other ancillary copyrights) by a property right holder. Personal data are not transferred in or to third countries.

12. Security

We have implemented technical and administrative security measures to protect your personal data from loss, destruction, manipulation, and unauthorized access. All of our employees and service providers working for us are obligated to comply with the applicable data protection laws.
Whenever we collect and process personal data, they are encrypted before being transmitted. This means that your data cannot be misused by third parties. Our security precautions undergo a continuous improvement process and our Privacy Policy is continuously being revised. Please make sure that you have the latest version.

13. Automated Decision-Making

As a company aware of our responsibility, we do not use automated decision-making or profiling.

14. Changes to This Privacy Policy

We reserve the right to change our Privacy Policy if this becomes necessary due to new technologies. Please make sure that you have the latest version. If fundamental changes are made to this Privacy Policy, we will announce them on our website.
Privacy Policy Last Updated: May 2021