§1 Information on the collection of personal data
(1) The following contains information about the processing of personal data when using our website.Personal data is all data that can be related to you as an individual, e.g. name, address, email address, and user behaviour. Our aim is to inform you about our processing procedures and at the same time fulfil our legal obligations, in particular those set out in the EU General Data Protection Regulation (GDPR).
(2) The controller, as per Art. 4 (7) GDPR, is eSystems MTG GmbH, Bahnhofstr. 100, 73240 Wendlingen, Phone: +49 7024 40598-0, E-Mail: firstname.lastname@example.org Internet: www.esystems.de (see our legal notice).
You can contact our data protection officer at email@example.com or via our postal address, adding the reference “The Data Protection Officer”.
(3) When you contact us by email or via a contact form, the data you provide (your email address, and potentially your name and telephone number) will be stored by us in order to answer your questions. If the enquiry is associated with a contract, we will delete the data arising in this context after the contract period has expired, otherwise after the data is no longer required. We will also restrict processing if statutory retention obligations exist.
(4) If we use contracted service providers for certain elements of our offer, or wish to use your data for advertising purposes, we will always carefully select and monitor these service providers and inform you about the respective processes as detailed below. In doing so, we will also state the specified criteria for the storage period.
§ 2 Your Rights
(1) You have the following rights regarding your personal data:
- The right to information,
- The right to correction or deletion,
- The right to restriction of processing,
- The right to object to processing,
- The right to data portability.
(2) You also have the right to complain to a data protection supervisory authority about our handling of your personal data.
§3 Processing of personal data when visiting our website
When using the website simply for information purposes, i.e. just browsing without registering and without providing us with any other information, we process the personal data that your browser transmits to our server. The data described below is technically necessary for us to provide you with our website, and to ensure stability and security, meaning that it must be processed by us. The legal basis is Art. 6 (1) (1) (f) GDPR:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (page viewed)
- Access status/HTTP status code
- Transmitted amount of data
- Previously visited page
- Operating system
- Language and version of browser software
Cookies are text files or information that a website stores in your device’s memory and that relate to the specific website you are using. Cookies can provide us with certain information. Cookies can’t run programmes or transfer viruses to your device; their primary purpose is to make our website faster and more user-friendly.
This website uses the following types of cookies; their function and legal basis are also detailed below.
- Temporary cookies: These, and particularly session cookies, are automatically deleted when you close the application or log out. They store what is known as a session ID. This allows various requests from your browser to be assigned to the session and for your computer to be recognised when you return to our application.
Persistent cookies: These are automatically deleted after a specified duration, which varies depending on the cookie. You can view stored cookies and their duration at any time in your browser settings and delete them manually.
Essential, technically necessary functions for the proper working of our website: The technical set-up of our mobile app requires us to use certain technologies, and in particular cookies. Our website cannot be used (to its full extent) and support functions are not possible without such technologies. These are generally temporary cookies that are deleted at the end of the session, at the latest after 30 days. You cannot disable these cookies if you wish to use our website. The legal basis for this processing is Art. 6 (1) (1) (f) GDPR.
Optional cookie consent:
This website uses the plugin Borlabs Cookie, which sets a technically necessary cookie (borlabs cookie) to store your cookie consent. Borlabs Cookie doesn’t process any personal data.
The borlabs cookie stores the consent you give when you visit the website. If you wish to revoke this consent, simply delete the cookie in your browser. When you revisit/reload the website, you will be asked for your cookie consent again.
The legal basis for this processing is Art. 6 (1) (1) (a) GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing up to the time of withdrawal.
§5 Web tracking using Google Analytics
(1) This website uses Google Analytics, a web tracking service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The purpose of using this tool is so we can analyse your user interactions on websites and in apps and use the statistics and reports we obtain to improve what we offer and to make it more interesting for you as a user.
(2) We primarily capture the interactions between you as a user of the website and our website using cookies, device/browser data, IP addresses, and website or app activities. Your IP addresses are also captured in Google Analytics to ensure the security of the service and to provide us as the website operator with information about the country, region and location of each user (known as IP geolocation). We do, of course, use the anonymisation function (IP masking) for your protection, i.e. Google anonymises the last octet of IP addresses within the EU/EEA.
(3) Google acts as a data processor and we have signed a corresponding contract with Google. The information generated by the cookie and the (usually shortened) IP addresses about your use of this website are, as a rule, transmitted to a Google server in the USA and processed there. Google has, according to its own information, imposed a standard that corresponds to the former EU-US Privacy Shield and has promised to comply with applicable data protection laws when transferring data internationally. We have also agreed on what are known as standard contractual clauses with Google; the purpose of these is to maintain an appropriate level of data protection in third countries.
(4) The legal basis for the collection and further processing of information (which takes place for a maximum of 14 months) is your consent (Art. 6 (1) (1) (a) GDPR). You can withdraw your consent at any time without affecting the lawfulness of processing up to the time of withdrawal. In apps, the advertising ID can be reset by going to the Android or iOS settings. The easiest way to revoke your consent is via our Consent Manager or by installing the Google browser add-on, which can be accessed via the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.
§6 Application portal
If you would like to apply for one of our advertised job vacancies or send us a speculative application, please use our application portal. This is the only way we can ensure that your personal data reaches us securely online without anyone being able to access it during transmission. It also makes it easier for us to process your application, because a set procedure with a strict authorisation concept is followed when your application is transferred to our system. In addition, it helps us to process your application correctly and to delete your personal data properly.
If you apply for a job with us, we generally collect the following personal data that you voluntarily submit to us:
- Postal address (street, house number, additional address information, postcode, city, state/county, country)
- Personal information (first name, surname, academic titles, gender, date of birth, place of birth, telephone numbers, fax numbers, email addresses, homepage, links to social media profiles)
- Work and project history (start date, end date, company name, company address, employment relationship, weekly working hours, sector, field of work, position, competences, websites and internet resources)
- Education history (start date, end date, name of institution, address, subject/programme of study/specialism)
- Academic publications (publication date, title, subject, institute, conference proceedings, list of authors, postal address of conference, competences, field of work, sector, websites and internet resources)
- Other information (personal interests/hobbies, references and recommendations, other websites and internet resources)
- Career aims
- Salary, date of availability, position
The legal basis for the processing is your consent as per Art. 6 (a) GDPR and, for the processing of your application for the purpose of contract fulfilment, Art. 6 (b) GDPR.
Once the job posting has ended, your data will be deleted from our applicant system immediately.
If you are appointed, we will transfer your data to your employee file. If you are not successful, we will delete your data from our system. Experience has shown that this process can take up to six months, which is why the standard period for deletion is six months. If you would like us to delete your data earlier, you can simply let us know.
In the case of a speculative application, we will keep your data in our system for 12 months with your consent. After this time, the data will be automatically deleted and you will be automatically notified by our system. At this point, you will need to submit a new application if you want to remain in our system. If you wish to have your data deleted earlier, you can simply let us know.
§7 Microsoft365 and Microsoft Teams
We use Microsoft365 and particularly the Microsoft Teams tool to hold telephone conferences, online meetings, video conferences and webinars (hereinafter referred to as “online meetings”). Microsoft Teams is a service provided by the Microsoft Corporation (https://privacy.microsoft.com/en-gb/privacystatement) as part of the Microsoft365 environment, which we also use for email communication (Microsoft Exchange Online) and for data sharing (Microsoft SharePoint).
Regarding communication via Microsoft Teams in particular:
If you access the Microsoft Teams website, the provider of Microsoft Teams is responsible for data processing. However, accessing the website is only necessary in order to download the software needed to use Microsoft Teams.
Various types of data are processed when Microsoft Teams is used. The scope of data also depends on the data you provide before or during an online meeting.
The following personal data is processed:
- User details: e.g. display name, email address if applicable, profile picture (optional), preferred language
- Meeting metadata: e.g. date, time, meeting ID, telephone numbers, location
- Text, audio and video data:
- You may have the option of using the chat function in an online meeting.
- The text you enter will be processed in order to display it in the online meeting.
- Data from your device’s microphone and from any video camera on your device is processed for the duration of the meeting to allow video to be displayed and audio to be played.
- You can switch off or mute the camera or microphone yourself at any time through the relevant settings in the Microsoft Teams applications.
- If we want to record an online meeting, we will transparently notify you in advance and ask for your consent where necessary.
- We will log the chat content if this is necessary for the purpose of documenting the results of an online meeting.
- However, this is generally not the case.
- Automated decision-making as defined in
Art. 22 GDPR is not used.
Legal basis for data processing
Insofar as personal data is processed by our employees, Section 26 BDSG (German Federal Data Protection Act) is the legal basis for data processing. If, in the context of Microsoft Teams, personal data is a key requisite for the use of Microsoft Teams, but this data is not necessary for the establishment, implementation or termination of the employment relationship, Art. 6 (1) (f) GDPR is the legal basis for data processing.
In such cases, our interest lies in the effective organisation of online meetings. Otherwise, the legal basis for data processing when holding online meetings is Art. 6 (1) (b) GDPR, insofar as the meetings are held in the context of contractual relationships.
Where no contractual relationship exists, the legal basis is Art. 6 (1) (f) GDPR. Here too, our interest lies in the effective organisation of online meetings.
Recipients / disclosure of data
Personal data processed in the context of participating in online meetings will not be disclosed to third parties unless they are specifically intended for disclosure. Please note that content from online meetings, as with in-person meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on to other recipients.
Other recipients: The Microsoft Teams provider obtains knowledge of the above mentioned data as necessary insofar as this is provided in the context of our data processing agreement with Microsoft Teams.
Data processing outside of the European Union
Data processing outside of the European Union (EU) is not carried out as a matter of principle, as we have restricted our storage location to data centres in the European Union. However, we cannot guarantee that data won’t be routed via internet servers located outside the EU. This may be the case if participants in an online meeting are located in a third country.
However, data is encrypted during transmission via the internet and is therefore protected against unauthorised access by third parties,
We always delete personal data when there is no need for further storage. A need may exist if the data is still required in order to fulfil contractual services, or to review, issue or defend against warranty and guarantee claims. In the event of statutory retention obligations, deletion will only be considered after the respective retention obligation has ended.
§9 Our activities on social media networks
This section provides you with information about how we handle your personal data, specifically with regard to our presence on social networks and our offers.
Please check carefully which personal data you share with us via social networks. For example, as long as you are logged in to your account and visit our profile operated by the provider, the provider can associate this directly with your profile. This makes you recognisable to the provider.
Your visit history can therefore be used by the provider to create a profile about you. We explicitly point out that the providers store their users’ data (e.g. personal information, IP address, etc.) and may also use this data for business purposes.
We essentially use these pages and profiles for better and more convenient contact with customers, interested parties, employees and potential employees. Experience has shown us that our online presence beyond that of our website leads to significantly increased market penetration and contact opportunities. Our social media activities are therefore a key factor in our business success. We therefore expressly state our legitimate interest in using these services (Art.6 (1)(f)). By using our profile pages on social media networks, usage data is collected in addition to the personal data that you yourself shared with the provider when creating your account and, as a rule, the provider in question creates a personalised usage profile. However, this is not something we can influence. Our activity only enables the provider to see that you have shown an interest in our company and that you might like our posts. Apart from the tracking carried out by the provider outside our sphere of influence, there are therefore no other factors we know of that would restrict your fundamental rights and freedoms and counteract our legitimate interest in using the aforementioned services. In the case of the above-mentioned tracking (recording and evaluation of your user behaviour by the provider), we of course also expect prompt clarification and provision of legal certainty.
The following link allows you to efficiently configure your browser to counteract the unwanted recording of your user behaviour, although presumably to a limited extent:
Further details on data processing and the responsible party for each provider can be found via the following links:
- Google/ YouTube
Responsible party: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)
Responsible party:: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA)
Responsible party:: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland)
§10 Google Fonts and reCaptcha
We use Google reCAPTCHA to secure our communication channels and online forms provided via the website. We also use Google Fonts to ensure the best possible presentation of our content on all devices. The provider in both cases is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
reCAPTCHA is used to check whether the data entered on our websites (e.g. via a contact form) is entered by a human or by an automated programme.
To this end, reCAPTCHA analyses website visitor behaviour on the basis of various criteria. This analysis begins automatically as soon as the website visitor arrives at the website. reCAPTCHA analyses various pieces of information (e.g. IP address, length of time spent on the website, and mouse movements made by the user). The data collected during analysis is forwarded to Google.
reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is in progress.
Data processing takes place on the basis of Art. 6 (1) (f) GDPR. We have a legitimate interest in protecting our web content from improper automated surveillance and from SPAM and also in ensuring its optimal display on a variety of user devices.
For further information from Google about its services, please see: