Thank you for visiting our website. In the following, we would like to inform you about the handling of your data according to Art. 13 of the General Data Protection Regulation (DSGVO).
1. Responsible person
Polyteia GmbH is responsible for the data processing described below in terms of data protection regulations.
Contact requests can be sent via e-mail to firstname.lastname@example.org stellen.
2. Log file processing
When you visit our website, our web server stores standardized information about your end device and the browser used in a log file. We process this data to be able to analyze errors of our server and abuse attempts. In detail, this data record consists of
- the name of the retrieved web page,
- the date and time of the query,
- the amount of data transferred,
- der Meldung über den erfolgreichen Abruf,
- the message about the successful retrieval,
- the specific address of the page accessed on our site,
- if applicable, the page from which you reached us,
- the transmitted identifier of the browser.
From this data you are not identifiable for us, the log data is only evaluated anonymously. Log data is regularly deleted in a timely manner, but at the latest after 7 days. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f) DSGVO.
3. SSL or TLS encryption
This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. inquiries to the person responsible). You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser line.
4. Hosting – Hetzner GmbH
We host our website with our order processor Hetzner GmbH with server location in Germany.
91710 Gunzenhausen, Deutschland
5. Contact form
A contact form is available on our website, which can be used for electronic contact. If you contact us via our contact form or by means of personal messages, the data entered in the input mask will be transmitted to us and stored.
In addition, Art. 6 para. 1 lit. b DSGVO also comes into consideration as a legal basis, insofar as your request serves to implement pre-contractual measures.
Fields that are not marked with an “*” (phone / e-mail / comment) are purely voluntary. The processing of data that you enter into the form on a voluntary basis is based on Art. 6 para. 1 lit. a DSGVO. You can revoke your consent to the use of your e-mail address by sending an informal message, e.g. by e-mail to email@example.com at any time with effect for the future.
5.1. Contact by e-mail
If you contact us by e-mail, your request including all personal data resulting from it (name, first name, request, etc.) will be stored and processed by us for the purpose of processing your request.
The processing of this data is based on Art. 6 (1) lit. b DSGVO, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures.
In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) f DSGVO) or on your consent (Art. 6 (1) a DSGVO) if this has been requested.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular legal retention periods – remain unaffected.
On our website you are offered the opportunity to order newsletters on various topics or products. For this purpose, the following data will be processed within the scope of the consent to be given by you for the purpose of advertising delivery: Name, first name, e-mail address and/or telephone number). Polyteia GmbH uses the so-called double opt-in procedure to confirm your request and e-mail address. In this process, an e-mail is sent to the e-mail address you provided with the request to confirm your consent. In connection with the double opt-in procedure, we document the IP address, date and time of the submission of the web form as well as the IP address, date and time of the confirmation of the double opt-in e-mail.
We only process the voluntary information you provide to us for the purpose of sending you the newsletter. Our legal basis for processing is your consent in accordance with Art. 6 (1) a) DSGVO. You can unsubscribe from receiving our newsletter at any time by sending an informal message to firstname.lastname@example.org.
This will simultaneously terminate your consent to its dispatch by the dispatch service provider and the statistical analyses. A separate cancellation of the dispatch by the dispatch service provider or the statistical analysis is unfortunately not possible. You will find a link to cancel the newsletter at the end of each newsletter.
Our newsletter is sent by means of „Mailjet”, a newsletter service of the French provider Mailjet, 4 rue Jules Lefebvre, 75009 Paris.
Your personal data is stored on Mailjet’s servers. Mailjet uses this information to send and evaluate the newsletters on our behalf. Furthermore, Mailjet may, according to its own information, use this data to optimize or improve its own services, e.g. for the technical optimization of the dispatch and the presentation of the newsletters or for economic purposes to determine from which countries the recipients come.
However, Mailjet does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.
We use tracking technologies on our website, such as cookies, to measure and evaluate our website and to continuously improve our content. For the protection of our users and partners, we can also detect and prevent fraud and security risks.
Cookies are small text files used by websites to simplify and speed up the management of your visit to our website or are necessary to allow you to use and access secure areas of the website.
Depending on where a cookie comes from, a distinction can be made between so-called first-party cookies and third-party cookies:
- First-Party-Cookies – Cookies that are generated and stored locally by the website operator as the controller or by a processor commissioned by the operator. Only the operator has access to these cookies.
- Third-Party-Cookies – Cookies that are generated, set and accessed by third-party providers who are not acting as processors on behalf of the website operator.
Depending on the validity period, a distinction can also be made between so-called transient and persistent cookies:
- Transient cookies – Cookies, which are automatically deleted when you close the browser. These include in particular the Session cookies.
- Persistent cookies – Cookies that remain stored on your terminal device for a specified period of time after you close the browser.
Depending on their nature and purpose, the use of certain cookies may require the consent of the user. In this respect, cookies can be differentiated according to whether the user’s consent is mandatory for their use:
- Consent free cookies – Cookies that are strictly necessary for the website operator, expressly requested by the subscriber or user, to provide this service (“Strictly Necessary Cookies”).
- Cookies requiring consent – Cookies used for all purposes other than those mentioned above.
You can object to data processing at any time with effect for the future by preventing the storage of cookies through the setting in your browser or by clicking on the link below and changing your currently set preferences in our Cookie Consent Manager.
- Your IP address (the last three digits are set to ‘0’).
- Date and time of consent.
- Browser information URL from which the consent was sent.
- An anonymous, random and encrypted key your consent status of the end user, as proof of consent.
The purpose of the data processing is the analysis and management of the consents granted in order to comply with our obligation of a DSGVO-compliant consent management. The processing is necessary for the fulfillment of a legal obligation (Art. 7 para. 1DSGVO) to which we are subject (Art. 6 para. 1 p. 1 lit. c DSGVO).
The key and consent status are stored in the browser for 12 months using the CookieConsent cookie. This preserves your cookie preference for subsequent page requests. With the help of the key, your consent can be proven and tracked.
If you activate the service function “Bulk Consent” to activate consent for multiple websites through a single end-user consent, the service additionally stores a separate, random, unique ID with your consent. If all of the following criteria are met, this key is stored in encrypted form in the third-party cookie “CookieConsentBulkTicket” in your browser:
Processing takes place in the European Union. You can find more information on objection and removal options vis-à-vis Cybot at: https://www.cookiebot.com/de/privacy-policy/
7.2. Google Analytics
We use “Google Analytics” on our website, a service provided by Google Ireland Ltd (“hereinafter “Google”), Gordon House, Barrow Street, Dublin 4. Ireland.
7.3. Google reCAPTCHA
We use “Google reCAPTCHA” on our website, a service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4. Ireland.
With reCAPTCHA, we can check whether the data entry on this website (e.g. in a contact form) is made by a human or by an automated program. For this purpose, Google reCAPTCHA analyses the behaviour of the website visitor on the basis of various information (e.g. IP address, device and application data, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google and may also be shared with other third parties. The Google reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place.
Within the scope of the Google products mentioned above (7.2; 7.3), your tracking data may also be transmitted to Google LLC; 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA. The data processing may therefore take place outside the EU or the EEA. With regard to Google LLC, an adequate level of data protection cannot be assumed due to processing in the USA. Consequently, there is a risk that authorities may access the data for security and monitoring purposes without you being informed or being able to appeal. We have no influence on whether and to what extent Google processes your data for its own purposes or links it to other user profiles of yours.
We use the services of the software manufacturer HubSpot. HubSpot is a software company from the USA with a branch in Ireland (HubSpot European Headquarters, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland).
HubSpot is a service platform. The service used is an integrated software solution that allows us to manage customer data and cover various aspects of our online marketing. This includes, among other things, the analysis of landing pages and reporting. In the process, so-called “web beacons” are used and cookies are stored on the end device used by you.
For example, the following personal data may be collected:
type of browser,
duration of the visit,
The information collected as well as the content of our website is stored on servers of our software partner HubSpot Ireland. We use HubSpot to analyse the use of our website. This enables us to constantly optimise our website and make it more user-friendly. We also use information to determine which of our company’s services are of interest to customers and newsletter subscribers and to contact them for advertising purposes. In addition, we use the analysis to optimise our website for you.
However, we only use your IP address in a shortened version. This means that the user’s IP address is shortened by HubSpot within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.
The cookies have a usual lifetime of 24 months. In addition, we delete the personal data collected via HubSpot as soon as the purpose for which it was collected has been achieved, unless the deletion conflicts with legal retention periods.
Your tracking data may also be transferred to HubSpot Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141 USA in this context. The data processing may therefore take place outside the EU or the EEA. With regard to HubSpot Inc., no adequate level of data protection can be assumed due to processing in the USA. Consequently, there is a risk that authorities may access the data for security and monitoring purposes without you being informed or being able to appeal. We have no influence on whether and to what extent HubSpot processes your data for its own purposes or links it to other user profiles of yours.
8. Job application
In the course of your online application, we will collect and process the following application data from you:
- First name, last name,
- address, E-Mail,
- Date of birth, title, telephone number, address,
- Application documents (CV, certificates, qualifications, photograph, etc.),
- Other data related to the application (e.g. data on bank details for reimbursement of travel expenses, etc.)
Your data will initially be processed exclusively for the purpose of carrying out and reviewing the application procedure. The legal basis for this is Article 88 (1) DS-GVO in conjunction with Section 26 (1) sentence 1 BDSG. As a rule, we do not require any special categories of personal data (e.g. information about a severe disability) for the application process as defined in Article 9 of the GDPR. However, if you voluntarily provide us with such data, the processing will be carried out on the legal basis of Art. 9 (2) lit. b DS-GVO in conjunction with Section 26 (3) BDSG.
If an employment relationship arises between you and us, we process your data in accordance with Art. 88 DS-GVO in conjunction with Art. 26 BDSG. § Section 26 of the German Federal Data Protection Act (BDSG) for the purpose of implementing the employment relationship with you.
8.1. Data deletion
We store your personal data as long as this is necessary for the decision on your application. If you are not hired, your personal data or application documents will be deleted six months after the end of the application process, unless longer storage is legally required or permitted (e.g. for the assertion, exercise or defence of legal claims for the duration of a legal dispute, travel expense accounting, etc.).
If you are not hired, you may receive an invitation to join our talent pool following the application process. This will allow us to continue to consider you in our selection of applicants for suitable vacancies in the future. If we have your consent to do so, we will store your application data in our talent pool in accordance with your consent.
If an employment relationship is established following the application process, we will store your data for the duration of the employment relationship with you. However, you will receive further information about the processing of your data in the employment relationship as soon as the employment relationship with us begins.
9. Social media channels
We also promote presences on the social networks listed below on our website.
- Twitter: https://twitter.com/Polyteia
- LinkedIn: https://www.linkedin.com/company/polyteia/
- Medium: https://medium.com/polyteia-blog
The integration takes place via a linked graphic of the respective network. The use of this linked graphic prevents the automatic establishment of a connection to the respective server of the social network when the website is called up.
This means that you will only be redirected to the service of the respective social network by clicking on the corresponding graphic. After the redirection, information about you is collected by the respective network. This is initially data such as IP address, date, time and page visited. It cannot be ruled out that the data collected in this way is processed in the USA.
If you are logged into your user account of the respective network during this time, the network operator may be able to assign the collected information to your personal account. If you interact, for example, via a “Share” button of the respective network, this information can also be stored in your personal user account and possibly published.
If you want to prevent the collected information from being directly assigned to your user account, you must log out before clicking on the graphic or configure the respective user account accordingly. For further information on the processing of your data, please refer to our social media notices.
10. Your data subject rights
With regard to the data processing listed here, you are entitled to various data subject rights which are regulated in the GDPR.
10.1. Right to information
Pursuant to Article 15 of the EU Data Protection Regulation, you have the right to request confirmation from us as to whether personal data relating to you is being processed. If this is the case, you have the right to information about this personal data and the information mentioned in Art. 15 (1) Hs. 2 EU-DSGVO. This includes in particular the purpose of the processing, the categories of data processed, the recipients to whom data have been or will be disclosed, as far as possible the planned duration of storage or the criteria for the duration of storage.
10.2. Right to correction
Pursuant to Article 16 of the EU Data Protection Regulation, you have the right to demand that we correct any inaccurate personal data relating to you without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.
10.3. Right to deletion
Pursuant to Article 17 of the EU Data Protection Regulation, you have the right to demand that we delete personal data relating to you without delay. We are obliged to delete personal data without delay if one of the reasons listed in Art. 17 (1) EU GDPR applies. These reasons include, for example, that the data is no longer necessary for the purposes for which it was collected or otherwise processed.
10.4. Right to restrict processing
Pursuant to Art. 18 of the EU Data Protection Regulation, you have the right to demand that we restrict processing if one of the conditions set out in Art. 18 of the EU Data Protection Regulation applies. This includes, for example, that you dispute the accuracy of the personal data. In this case, we may only process the data in a restricted manner for as long as it takes to verify the accuracy of the personal data.
10.5. Right to data portability
Pursuant to Art. 20 EU GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You have the right to transfer this data to another controller, i.e. another body that processes data, without hindrance, provided that the original processing was based on consent or was necessary for the performance of a contract.
10.6. Right of objection
Pursuant to Art. 21 EU-DSGVO, you have the right to object at any time to the processing of personal data relating to you if this data is processed on the basis of Art. 6 para. 1 lit. e) or f) EU-DSGVO and there are grounds arising from your personal situation. You may object to the processing of data for the purpose of direct marketing at any time. Personal data will then no longer be processed for this purpose. The right to object can be exercised by means of an informal declaration. A written declaration or, optionally, an e-mail to the above contact address is sufficient.
10.7. Right to revoke the declaration of consent
10.08. Automated decision in individual cases including profiling
Pursuant to Art. 22 EU GDPR, you have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. Article 22 (1) of the EU GDPR provides for exceptions to this right, whereby Article 22 (4) of the EU GDPR in turn provides for partial exceptions.
10.09. Right to complain to a supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, place of work or place of the alleged infringement, pursuant to Article 77 of the EU GDPR, without prejudice to any other administrative or judicial remedy, if you consider that the processing of personal data relating to you infringes this Regulation. In the present case, the competent supervisory authority is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Tel.: +49 30 13889-0
11. Data Protection Officer
Our external data protection officer will be happy to provide you with information on the subject of data protection under the following contact details:
Ali Tschakari, LL.M.
Bitkom Servicegesellschaft mbH
If you contact our data protection officer, please state the responsible office named in the imprint.
12. Final provisions
Polyteia GmbH reserves the right to adapt this data protection declaration at any time so that it always complies with the current legal requirements or in order to implement changes to the services in the data protection declaration, e.g. when introducing new services or changes to the website. The new data protection declaration will then apply for a renewed access to this website.