emlix data protection declaration
Dated: May 2018
The protection of your data is one of the most important business principles of emlix GmbH. With this data protection declaration we would like to inform you about the type and extent as well as the purpose of the person-related data collected, used and processed by us in compliance with the valid legislation.
When processing the data, we strictly observe the legal requirements of the respectively valid General Data Protection Regulation and the Telemedia Act. The type and extent of the data storage depends on whether you use our website to obtain information, to register for services, to investigate the possibility of a business relationship with us or start such a relationship.
In the following, we would like to inform you as a user of our website, as an existing or prospective business partner, about your rights, and give you an overview of the processing of person-related data in relation to the use of our website and services.
Name, address and contact details of those responsible
Responsible according to the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) as well as all other data protection legislation is:
Gothaer Platz 3
Telephone: +49 (0)551 / 30664 -0
Processing of person-related data in general
In principle, we process the person-related data of our users only when this is necessary in order to provide our website, contents, products and services. Data processing takes place only with the consent of the user. An exception is made in such cases in which obtaining consent in advance is not possible for valid reasons and the processing of the data is allowed according to the provisions of valid legislation.
Security and quality of the stored data
emlix protects your person-related data. We have set up suitable technical and administrative security measures according to the current standard of technology to protect person-related data from loss or destruction as well as the access and use or manipulation by unauthorized persons. For example, data is transmitted and stored in encrypted form when it is sent to us via the internet. We also demand that our suppliers and service partners also protect the stored data from unauthorized access or use.
Collection of person-related data
a. Visiting our website
When you call up our website under www.emlix.com or www.embedded-linux.de data is automatically sent from your internet browser to our web server: date and time, information on the browser in use, browser settings, the operating system in use, the quantity of data transferred as well as the access status (file transferred, file not found etc.). In addition, your IP address is transmitted. All the data is stored in a so-called log-file on our web server.
b. Download of documents from our website
If you call up documents (for example in PDF format) on our website, our web server automatically stores the date and file name of the download in addition to the visit data.
c. Use of our contact form on our website
For making content directly, we offer a contact form on our website. When using this form, you have to enter the following data: name, company, E-mail address and your message. On our contact form, entries that we need for processing are marked as mandatory fields. Other entries are optional.
d. Registration for our newsletter on our website
In order to receive our E-mail newsletter, the entry of your E-mail address is necessary.
e. Inquiries regarding information or orders
For the processing of inquiries by letter, fax, E-mail or telephone regarding our services and products as well as the provision of support services, we record the information that we require for the processing: name and business contact data as well as the inquiry itself.
f. E-mail contact with employees of our customers as well as partners and suppliers
In order to perform our contractual obligations and our services for customers and partners as well as when working together with our suppliers, we record the information that we require for the processing: name and business contact data, position, information on the services performed as well as the invoicing data.
g. Visits of customers and suppliers to our business premises
For visits to our business premises we record the information that is necessary for the visit: name and business contact data, position and information on the visit. For the protection of people and property, we use video surveillance in the access areas of our business premises.
h. Use of our development services
The use of our development services and other services requires that you are registered as a user within the framework of a current business relationship. With the registration you will be asked to provide the following data: first name, surname, E-mail address and SSH-key. When logging in as a registered user, access data (login name, time) and your IP-address are recorded in the protocol file(s) on our server.
i. Transmission of information relating to job applications
For the processing of applications provided by post or E-mail we receive person-related data from you. We store only the information that we need for the completion of the application procedure: this may include name, address and contact data, information on education and professional qualifications, further training and other information that we have received from you in connection with your application.
If we conclude an employment contract with an applicant, we record the data that we require for the fulfilment of the employment relationship. If no employment contract is concluded, applications are deleted two months after the rejection is communicated. If those responsible for processing have a legitimate interest in not deleting the application, then deletion does not take place immediately. A legitimate interest could, for example, be an obligation to provide evidence in a court case in relation to the General Equal Opportunities Act (Allgemeinen Gleichbehandlungsgesetz, AGG).
When our website is called up, cookies are transmitted. These are small text files, which are stored on the computer of the user. Through the cookie ID contained in them, the browser can be identified. Cookies are a necessary precondition for some, more user-friendly, services of our website. As a user, you can deactivate the storage of cookies in your browser and delete cookies that have already been transmitted. Furthermore, you can configure your browser so that you are notified when a website attempts to set a cookie.
Use of Google AdWords conversion cookies
We place advertisements using Google AdWords in the Google search services. The company operating Google AdWords is Google Inc. If you access our website via a Google advertisement, a conversion cookie is transmitted.
With the help of this cookie, we and Google can determine whether users have accessed our website directly via an AdWords advertisement. This information is transmitted to servers of Google in the USA, where it is stored. A conversion cookie loses its validity automatically after 30 days. It does not serve to identify the user.
You can find the data protection provisions of Google at www.google.de/intl/de/policies/privacy/. You can refuse the use of interest-related advertisements by Google. To do this, please access the link support.google.com/ads/answer/2662922 and make the necessary settings there.
Links to third parties from our website
The information offered on our website possibly includes content linked with the websites of third parties, thereby referencing them. At the time these references (links) were set up, we could not identify any infringements of valid legislation on these pages. We have no control of, no influence on and no access to content, cookies or other functions of these third-parties. As a user, you can contact these third parties directly and view their data protection declarations.
Purpose of processing of person-related data
The collection and processing of data and information has the purpose of enabling communication and the initiation of contact with the users of our website, interested parties, customers, partners, suppliers and job applicants. This relates in particular to the initiation, performance, support and maintenance of business relationships.
In this connection, we process person-related data for the following purposes: making available of information about our services and products as well as supplementary services; market analyses; marketing campaigns; initiation, performance, invoicing and booking of contractual business relationships; support and maintenance activities; guaranteeing the protection of our services and products; determination and elimination of fraud and security risks; clarification and solving of (legal) conflicts with the enforcement of valid contracts and the securing and defence of legal entitlements.
Legal basis for the processing of person-related data
We process person-related data according to the GDPR after receiving your consent for the fulfilment of pre-contractual measures and contractual obligations, for marketing purposes and to comply with legal regulations such as notification obligations, and also for the protection of legitimate interests of ours or third parties in the context of the consideration of interests according to the GDPR. This includes, for example, the guaranteeing of our IT security, measures for customer loyalty and measures for building security (e.g. access controls).
Storage duration of person-related data
Person-related data is stored and processed by us for the time period necessary to achieve the purpose of the processing or when this is a legal requirement. As a rule, this is the duration of contract fulfilment or contract initiation.
Furthermore, we are subject to obligations for the storage of person-related data for specific storage periods derived from trade and tax legislation according to general fiscal law (Abgabenordnung, AO), the German Commercial Code (Handelsgesetzbuch, HGB) as well as storage periods derived from other legislation.
Data from job applications is stored for a maximum of six months. Data from the video surveillance in the entry areas of our offices is deleted automatically after seven days.
Automated decisions and profiling
Automated decisions or profiling are not carried out by emlix.
Evaluation of access to our website
When you use our website, a cookie is set via your browser in order to collect and analyse statistical data about the use of our website. Our web analysis tool collects and stores data for the purpose of optimizing our website marketing.
In the context of the analysis of the user data from our website we obtain information on person-related data such as IP address, date and time, information on the browser in use, browser settings, the operating system in use, the most recently visited website (origin or referrer URL), the volume of data transferred as well as the access status (file transmitted, file not found etc.) of the user.
This enables us to obtain information about the origin of the users and their movements through our website. Using this data, pseudonymized user profiles and reports are created in order to understand the activity on our website. This data is stored by us. It is not passed on to third parties.
We do not combine the information obtained in this way with person-related data or with other data. The web analysis tool is operated only on our server and log-files sensitive to data protection legislation are only stored on our server.
As a user, you can permanently refuse the placement of cookies by our website through appropriate settings in your browser. Furthermore, a cookie that has already been placed can be deleted at any time using the settings in your browser or alternative software.
Transmission of data to contracted data processors
We do not sell any person-related data, nor do we transfer it to third parties for the purpose of marketing or advertising.
The transmission of person-related data takes place to service providers used by us (contracted processors). This can include, for example, computing centre operators, credit institutes, tax accountants, financial and payroll bookkeepers, lawyers and other service providers.
The security of the transmitted person-related data is guaranteed through the conclusion of agreements on contracted data processing under observation of the valid provisions of the data protection legislation. We only transfer data to other third parties when this is necessary for the purpose of data processing and you have given your consent to this transfer of data.
We can often only provide our services and products in cooperation with other companies and service providers. For this purpose, in the context of the initiation or performance of business it is necessary that all participating partners have the same level of information and knowledge.
We therefore transfer information and contact data to partner companies and suppliers, under observation of the data protection legislation and the confidentiality agreements concluded, when in individual cases this is necessary within the framework of the initiation of business or the carrying out of a business relationship.
Furthermore, we pass on person-related data when we are obligated to do so by law, judicial or criminal investigations or a court order.
Transmission of data to countries outside the EU
We transmit person-related data to states outside the EU only in exceptional cases and under observation of the respective legal provisions and guarantee appropriate protection of the person-related data according to the level of protection in Germany. This applies, for example, to the use of Google AdWords (conversion cookies).
Every person affected by the processing of person-related data has rights that have been allocated by legislative authorities: you can demand information about your person-related data processed by us; demand the correction of incorrect data; demand the completion of incomplete data; demand the deletion of your data (right to be forgotten); under certain conditions you can demand a limitation of the processing of your data and you can demand to receive your data from us in a structured, accessible and machine-readable format.
Furthermore, you can withdraw consent you have given to our processing of your person-related data at any time and with effect for the future. This also applies if you gave your consent before 25th May 2018. This does not apply to storage and processing of data that is necessary for legal reasons.
You also have the right to contact a regulatory authority in order to complain if you are of the opinion that we have violated valid legislation in the processing of your person-related data.
Changes to this data protection declaration
Changes to our offer of information services as well as changes to the law and regulations from authorities can make it necessary to update this data protection declaration.
Under observation of the respectively valid provisions of the data protection legislation, we reserve the right to change or make additions to this data protection declaration at any time.
Questions on data protection at emlix
If you have questions or comments regarding this data protection declaration, or on the theme of data protection in general, or if you want to make use of your rights to refusal or withdrawal, it is sufficient to send an E-mail to firstname.lastname@example.org. You can also contact us by post at the above address.