Privacy policy of AUBII GmbH

The requirements of the EU General Data Protection Regulation (hereinafter GDPR) apply throughout Europe. We would like to inform you about the processing of personal data by our company in accordance with this regulation (see Articles 13 and 14 GDPR). If you have any questions or comments about this privacy policy, you can always address them to the email address indicated under 1.2.

1 OVERVIEW

In this section of the privacy policy you will find information on the scope, the person responsible for data processing, their data protection officer and data security.

1.1 Scope

The data processing by the AUBII GmbH can essentially be divided into two categories :

– for the purpose of contract performance , all data necessary for the performance of a contract with AUBII GmbH will be processed. If external service providers are also involved in the processing of the contract, e.g. hosting service providers or payment service providers, your data will be passed on to the respective if this is  required.

– By calling up the website / application of AUBII GmbH, various information is exchanged between your device and our server. This can also be personal data. The information collected in this way is used, among other things, to optimize our website or to display advertising in the browser of your device.

This Privacy Policy applies to the following offers:

– our online offer available at www.excellent.org.

– Whenever one of our offers (e.g. websites, subdomains, mobile applications, web services or third-party affiliations) refers to this Privacy Policy, regardless of the way in which you access or use it.

All these offers are collectively referred to as “Services”.

1.2 Responsible person

Responsible person for the data processing i.e. the one who decides about the purposes and means of the processing of personal data in connection with the services is

AUBII GmbH
Alsterufer 34
20354 Hamburg
Germany
Telephone: +49 40 328 90 10 80
E-mail: service@excellent.org

1.3 Data Protection Officer

You can contact our data protection officer as follows:

Datenschutz Saxelfur UG (haftungsbeschränkt)
Prof. Dr. Simon A. Fischer,
Modering 3
22457 Hamburg
E-Mail: mail@saxelfur.de
Telefon: 040 – 5520 1813

1.4 Data security

In order to develop the measures required by Art. 32 GDPR and thus achieve a level of protection commensurate with the risk, we have established the information security standard according to VdS 3473 in our company.

The guidelines of the VdS 3473 – Cyber-Security for small and medium-sized enterprises of the VdS Schadenverhütung GmbH contain guidelines and assistance for the implementation of an information security management system, as well as concrete measures for the organizational and technical protection of IT infrastructures. They are designed with the objective of ensuring an adequate level of protection.

2 THE DATA PROCESSING IN DETAIL

In this section of the privacy policy, we will inform you in detail about the processing of personal data as part of our services. For better clarity, we divide this information by certain functionalities of our services. During the normal use of the services, different functionalities and thus also different processing operations can be used successively or simultaneously.

2.1 General information about the data processing

For all processing operations described below, unless otherwise stated:

a.      No obligation to provide

There is no contractual or legal obligation to provide personal data. You are not required to provide data.

b.      Consequences of non-provision

In the case of required data (data which are marked as obligatory when entering data), non-provisioning means that the service concerned can not be provided. Otherwise, non-provisioning may mean that our services can not be provided in the same form and quality.

c.      Consent

In some cases, you may also give us your consent for further processing in connection with the processing described below (possibly for some of the data). In this case, we will separately inform you in connection with the submission of the respective declaration of consent of all modalities and the scope of the consent and the purposes that we pursue with these processing operations.

d.      Transfer of personal data to third countries

If we provide data to third countries, i.e. countries outside the European Union, then the transmission will take place only in compliance with the statutory eligibility requirements. The admissibility requirements are regulated by Art. 44-49 GDPR.

e.      Hosting with external service providers

Our data processing takes mainly place with the involvement of so-called hosting service providers, who provide us with storage space and processing capacities in their data centers and, according to our instructions, also process personal data on our behalf. These service providers process data either exclusively in the EU or we have guaranteed an appropriate level of data protection using EU standard privacy clauses.

f.        Transmission to state authorities

We transfer personal data to governmental authorities (including law enforcement agencies) when required to fulfill a legal obligation to which we are subject (Legal Basis: Art. 6 (1) (c) GDPR) or to assert, exercise or defend legal claims (Legal basis Art. 6 para. 1 f) GDPR).

g.      Storage time

We do not store your data longer than we need it for the respective processing purposes. If the data is no longer required for the fulfillment of contractual or legal obligations, these data will be deleted on a regular basis, unless their temporary storage is still necessary. Reasons for this can be, for example:

  • The fulfillment of commercial and tax retention requirements
  • The receipt of evidence for legal disputes within the framework of the statutory statute of limitations

Likewise it is possible for us to store your data further with us, if you have expressly given your consent.

h.      Data categories

      • Account data : login/ user ID and password
      • Personal data: title, salutation, gender, first name, last name, date of birth
      • Address data: Street, house number, if necessary additional addresses, postal code, city, country
      • Contact details: phone number, fax number, e-mail address
      • Credentials: information about the service you have signed up for; date and technical information on registration, confirmation and deregistration; at the registration of you specified data
      • Ordering information: ordered products, prices, payment and delivery information
      • Payment data : account information, credit card details, other payment services such as Paypal, SEPA/BACS mandate reference, invoice number, return debit date
      • Access data : date and time of the visit of our service, the page from which the accessing system came to our site; pages accessed during use; session identification data; and the following information about the accessing computer system: Internet Protocol address (IP address) used, browser type and version, device type, operating system and similar technical information.
      • Application data: Curriculum vitae, certificates, evidence, work samples, pictures
      • Reviewer data : name, e-mail address, number of rating stars, text content (review), delivery or service date, order or invoice number
      • Mediation process data : reviewer data, mediation reason, mediation start and end, evidence (invoices, correspondence, photos, tracking number, etc.)
      • Company data: customer number, company, contact person, homepage, industry, profile name, VAT ID, HR number, URL, URLs to external rating portals/ profiles, Facebook ID.
      • Debt collection data: Reminder costs, invoice and reminder date
      • Employee data : personal data, address data, contact data, bank accounts, sick leaves, employment contracts, personnel forms, target agreements, social insurance numbers, health insurance certificates, tax IDs, enrollment certificates, information from the Employment Agency, exemption from pension insurance, dismissals

2.2 Calling the website/ application

Here is how we process your personal information when you visit our services. In particular, we point out that the transmission of access data to external content providers (see b.) is inevitable due to the technical functioning of information transmission on the Internet.

2.2.1 Information on processing

Data category Intended Legal basis Legitimate interest Storage time
access data Establishing a connection, presenting the contents of the service, detecting attacks on our site due to unusual activities, fault diagnosis Art. 6 para. 1 f) GDPR proper functioning of services, security of data and business processes, prevention of misuse, prevention of damage through interference with information systems 14 days

 

2.2.2 Recipient of personal data

Recipient category Affected data Legal basis of the transfer Legitimate interest
External content providers that provide content (such as images, videos, embedded social networking postings, banner ads, fonts, update information) required to view the service access data Art. 6 para. 1 f) GDPR proper functioning of services, (expedited) presentation of content
IT security service access data Order processing (Art. 28 GDPR) Preventing attacks by exploiting security holes/ vulnerabilities
Hoster access data Art. 6 para. 1 f) GDPR Web hosting

2.3 Newsletter

What happens to your personal data in connection with a subscription to our newsletter, we describe here:

2.3.1 Information on processing

Data category Intended Legal basis Legitimate interest Storage time
E-mail address Verification of the application (double opt-in process), sending of the newsletter Article 6 (1) (a) GDPR Duration of newsletter subscription
Personal data Personalization of the newsletter Art. 6 (1) (bf) GDPR Duration of newsletter subscription
Credentials Trace ability of completed newsletter registration/ confirmation/ deregistration Art. 6 (1) (b), f) GDPR Proof of successful newsletter registration, confirmation and deregistration Duration of newsletter subscription
User Profile Data Newsletter Interest based design of the newsletter Art. 6 (1) (f) GDPR Improvement of our service, promotional purposes Duration of newsletter subscription

2.3.2 Recipient of personal data

Recipient category Affected data Legal basis of the transfer Legitimate interest
Service provider for newsletter distribution All under 2.3.1. mentioned data Order processing (Article 28 (3) sentence 1 GDPR)

Privacy Shield Agreement
https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active

Transmission to the USA

2.4 Application

In an ongoing application process, we process your personal data in the following ways:

 

2.4.1 Information om processing

Data category Intended Legal basis Legitimate interest storage time
Address data, contact data Identification, establishment of contact, communication for contract initiation Art. 6 (1) (b) GDPR 6 months
Personal data Identification, contact, age verification Art. 6 (1) (b) GDPR 6 months
Application data candidate selection Art. 6 (1) (b) GDPR 6 months

2.4.2 Recipients of personal data

No data are transfered

 2.5 Customer support

How we process your personal information when contacting our customer service can be found here:

2.5.1 Information on processing

Data category Intended Legal basis Legitimate interest Storage time
Account data, personal data, contact data, login data, order data, payment data, access data, application data, appraiser data, review data, company data Processing of customer inquiries Art. 6 para. 1 b), f) Customer loyalty, improvement of our service 6 months

2.5.2 Recipients of personal data

recipient category Affected data Legal basis of the transfer  legitimate interest
Hoster All under 2.5.1. mentioned data Art. 6 para. 1 f) GDPR Web hosting

2.6 Contract conclusion

When you conclude a contract with us, your data will be processed at the conclusion of the contract as follows:

2.6.1 Information for processing

Recipient category Affected data Legal basis of the transfer Legitimate interest Storage time
Company data, personal data, address data, contact data, registration data, order data, payment data, access data Contract Art. 6 (1) (b) GDPR  ten years

2.6.2 Recipients of personal data

Recipient category Affected data Legal basis of the transfer Legitimate interest
Hoster All under 2.6.1. mentioned data Order processing (Art. 28 GDPR)

2.7 Invoicing, reminder process and debt collection process

For the invoice, reminder process and debt collection your data are processed as follows:

2.7.1 Information for processing

Data category Intended Legal basis Legitimate interest Storage time
Company data, personal data, address data, contact data, order data, payment data Collect open receivables Art. 6 (1) (b) GDPR  ten years

2.7.2 Recipients of personal data

Recipient category Affected data Legal basis of the transfer Legitimate interest
Payment service All under 2.7.1. mentioned data Order processing (Art. 28 GDPR) Execution of different payment methods (SEPA, BACS, credit card, Paypal, etc.)
Debt collection service All under 2.7.1. mentioned data, debt collection data Order processing (Art. 28 GDPR)

2.8 Accounting

2.8.1 Information for processing

Data category Intended Legal basis Legitimate interest Storage time
Account data, person data, login data, employee data, company data, order data, payment data, collection data, company data, address data, contact data, order data Accounting and tax consultancy Art. 6 (1) (b) GDPR  Ten years

2.8.2 Recipients of personal data

Recipient category Affected data Legal basis of the transfer Legitimate interest
Tax consultancy All under 2.8.1. mentioned data Order processing (Art. 28 GDPR)

2.9 Post of a review

The following information describes how your personal information are processed when you post a review.

2.9.1 Information about processing

Data category Intended Legal basis Legitimate interest Storage time
Reviewer data Posting of a review Art. 6 (1) (b) GDPR, Recital 40 and 44

 

Fulfillment of the contractual agreement Duration of the customer contract or revocation possibility of the reviewer

2.9.2 Recipientof personal data

Recipient category Affected data Legal basis of the transfer Legitimate interest
Hoster all under 2.9.1. mentioned data Order processing (Art. 28 GDPR)

2.10  Mediation process

The following information describes how your personal information are processed during a mediation process.

2.10.1 Information for processing

Data category Intended Legal basis Legitimate interest Storage time
Mediation data, company data Mediation process Article 6 (1) (a), (b) GDPR Fulfillment of the contractual agreement 6 months

2.10.2 Recipient of personal data

Recipient category Affected data Legal basis of the transfer Legitimate interest
Hoster all under 2.10.1. mentioned data Order processing (Art. 28 GDPR)

2.11 Tracking

Below we describe how your personal information is processed using tracking technologies to analyze and optimize our services and for promotional purposes.

The description of the tracking methods also includes information on how to prevent or contradict the processing of data.  Please note that the so-called “opt-out”, i.e. the rejection of processing, is usually stored via cookies. If you use our services via a new device or in another browser, or if you have deleted the cookies set by your browser, you must explain the refusal again.

The tracking methods described process personal data only in pseudonymous form.  A connection with a specific, identified natural person, i.e. a combination of the data with information about the carrier of the pseudonym, does not take place.

2.11.1 tracking to analyze and optimize our services and their use, as well as to measure the success of advertising campaigns and optimize the display of advertising

Purposes of processing

The analysis of user behavior by means of tracking helps us to check the effectiveness of our services, to optimize them and to adapt them to the needs of our users, as well as to correct errors. It also serves to statistically determine parameters for the use of our services (range, intensity of use, user surfing behavior) on the basis of uniform standard procedures and thus to obtain comparable values across the market.

Tracking to measure the success of advertising campaigns is designed to help us optimize our ads for the future, and to help marketers and advertisers optimize their ads accordingly. The aim of tracking to optimize the display of advertisements is to show users advertising tailored to their interests, to increase the success of the advertising and thereby also the advertising revenues.

Legal basis of processing

Legitimate interest pursuant to Art. 6 para. 1 f) GDPR

The tracking methods used in detail

Name of the service functionality Possibility to prevent processing (opt-out) Data transfer to third country? Adequacy decision (Article 45 GDPR) Suitable guarantees, (Art. 46 GDPR)
Google Analytics Web analytics service tools.google.com/dlpage/gaoptout?hl=de no   Privacy-Shield-Agreement

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Facebook pixel Custom Audiences for Ads (Facebook Ads) Opposition of cookies for distance measurement and advertising purposes:

Network: http://optout.networkadvertising.org/,

US-Webseite: (http://www.aboutads.info/choices),

European Website: http://www.youronlinechoices.com/uk/your-ad-choices/

yes  Privacy-Shield-Agreement

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

Lead Forensics Business web analytics service http://lfwebproxy.westeurope.cloudapp.azure.com:5000/?clientID=120186 no
Mailchimp Tracking e-mail activities You can cancel the receipt of our newsletter at any time yes Privacy-Shield-Agreement

https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active

Google Double click yes Privacy-Shield-Agreement

https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active

Pipedrive Tracking e-mail activities By contradiction to EXCELLENT.ORG yes  

If you want to opt-out of interest-based advertising, you can also go to http://www.youronlinechoices.com, click on “Preference Management” and follow the instructions to use the data for interest-based advertising listed there Service providers completely or individually to prevent. You will still receive advertising, but it is not interest-based.

2.12 Social Media Plugins

This website may contain additional programs (plugins) from social networks such as: Facebook, Google+, Twitter or Pinterest, which are operated by third parties and via which messages can be transmitted to the corresponding social network via a button in order to rate content, for example to be recommended or shared. This is the purpose and legitimate interest in promoting our services.We configure our services in such a way that data transmission does not take place until you press the button. The legal basis for data transmission in this case is Art. 6 I f) GDPR. The respective provider is responsible for the data protection compliant processing of the transmitted data.

Name of the service providers Privacy information of the provider
Facebook Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA https://de-de.facebook.com/about/privacy/
Google+ Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA https://www.google.com/+/policy/pagesterm.html
Twitter Twitter Inc., 539 Bryant Street, Suite 402, San Francisco, CA 94107, USA https://twitter.com/de/privacy
LinkedIn LinkedIn Ireland Unlimited Company,Wilton Place,Dublin 2, Irland https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy

3 AFFECTED RIGHTS

3.1 Right to object

If we process your personal data in order to operate direct mail, you have the right at any time to object to the processing of your personal data for the purpose of such advertising, as far as it relates to such direct mail, with future effect.

You also have the right, for reasons arising from your particular situation, to object to the processing of personal data concerning you at any time with regard to the future in accordance with Article 6 (1) (e) or (f) GDPR appeal.

The right to object can be exercised free of charge.

You can reach us via the contact details listed under 1.2.

3.2 Right of access by the data subject

You have the right to know whether personal data concerning you are processed, which personal data this may be, and further information in accordance with Art. 15 GDPR.

3.3 Right to rectification

You have the right to demand immediate correction of your incorrect personal data (Art. 16 GDPR). Taking into account the purposes of processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

3.4 Right to erasure (“right to be forgotten”)

You have the right to demand that personal data relating to you be deleted immediately if one of the reasons stated in Art. 17 (1) GDPR is applicable and the processing is not for one of the purposes set out in Art. 17 (3) GDPR is required.

3.5 Right to restriction of processing

You are entitled to demand a restriction on the processing of your personal data if one of the conditions laid down in Art. 18 (1) (a) to (d) GDPR is met.

3.6 Right to Data Portability

You have the right to receive personally identifiable information you provide us in a structured, common and machine-readable format. Furthermore, you have the right to transmit this data to another person without hindrance or to obtain that a direct transmission takes place by us, if this is technically possible. This should always apply if the basis of the data processing is the consent or a contract and the data is processed automatically. Accordingly, this does not apply to data held in paper form only.

3.7 Right to object for consent

If the processing is based on your consent, you have the right to revoke your consent at any time. The legality of the processing on the basis of the consent until the revocation is not affected.

3.8 Right to complain

You have the right of appeal to a supervisory authority.

4 GLOSSARY

Contractor: a natural or legal person, public authority, body or body that processes personal data on behalf of the controller.

Browser: computer program for displaying web pages (e.g. Chrome, Firefox, Safari)

Cookies: In the context of the World Wide Web, a cookie describes a small text file that is stored locally on the computer of the user when visiting a website. This file stores data about the behavior of the user. When the browser is called up and the corresponding website is visited repeatedly, the cookie is used and uses the stored data to provide the web server with information about the surfing behavior of the user.

In this context cookies are information that a website stores locally on a visitor’s computer in a small text file. This can be settings already made by the user on a page, but also information that the website has gathered completely independently from the user. Later, these locally stored text files can then be read out again by the same web server from which they were created. Most browsers accept cookies automatically. You can manage cookies using the browser features (usually under “Options” or “Preferences”). This may disable the storage of cookies, be made dependent on your approval in individual cases or otherwise restricted. You can also delete cookies at any time.

Third countries: Country which is not bound by the legal requirements of the EU Data Protection Directive (non-EEA)

Personal information:  Any information relating to an identified or identifiable natural person. A natural person is considered as identifiable, which can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, the expression of the physical , physiological, genetic, mental, economic, cultural or social identity of this natural person.

Pixel:Pixels are also called counting pixels, tracking pixels, web beacons or web bugs. These are small, invisible graphics in HTML emails or on web pages. When a document is opened, this small image is downloaded from a server on the Internet, where the download is registered there. This allows the operator of the server to see if and when an e-mail has been opened or a website has been visited.This function is usually realized by calling a small program (Javascript). This will allow certain types of information to be detected and shared on your computer system, such as the content of cookies, the time and date of the page view, and a description of the page on which the pixel is located.

Profiling:Any type of automated processing of personal data that involves the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal preferences to analyze or predict interests, reliability, behavior, whereabouts or location of this natural person

Services: Our offers subject to this Privacy Policy (see Scope).

Tracking: The collection of data and their evaluation regarding the behavior of visitors to our services.

Tracking technologies: Tracking can be done via the log files stored on our web servers as well as by collecting data from your device via pixels, cookies and similar tracking technologies.

Processing:  Any process or series of operations related to personal data, such as collecting, acquiring, organizing,  processing, storing, adapting or modifying, reading out, querying, using, with or without the help of automated procedures; disclosure by submission, dissemination or other form of provision, reconciliation or association, restriction, erasure or destruction.