Responsible according to the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) as well as all other data protection legislation is:

emlix GmbH
Gothaer Platz 3
37083 Göttingen

Telephone: +49 (0)551 / 30664 -0
E-mail: datenschutz@emlix.com

In principle, we process the person-related data of our users only when this is necessary in order to provide our website, contents, products and services. Data processing takes place only with the consent of the user.

An exception is made in such cases in which obtaining consent in advance is not possible for valid reasons and the processing of the data is allowed according to the provisions of legislation.

emlix protects your person-related data. We have set up suitable technical and administrative security measures according to the current standard of technology to protect person-related data from loss or destruction as well as the access and use or manipulation by unauthorized persons. For example, data is transmitted and stored in encrypted form when it is sent to us via the internet.

We also demand that our suppliers and service partners also protect the stored data from unauthorized access or use.

The collection and processing of data and information has the purpose of enabling communication and the initiation of contact with the users of our website, interested parties, customers, partners, suppliers and job applicants. This relates in particular to the initiation, performance, support and maintenance of business relationships.

In this connection, we process person-related data for the following purposes: making available of information about our services and products as well as supplementary services; market analyses; marketing campaigns; initiation, performance, invoicing and booking of contractual business relationships; support and maintenance activities; guaranteeing the protection of our services and products; determination and elimination of fraud and security risks; clarification and solving of (legal) conflicts with the enforcement of valid contracts and the securing and defence of legal entitlements.

We process person-related data according to the GDPR after receiving your consent for the fulfilment of pre-contractual measures and contractual obligations, for marketing purposes and to comply with legal regulations such as notification obligations, and also for the protection of legitimate interests of ours or third parties in the context of the consideration of interests according to the GDPR. This includes, for example, the guaranteeing of our IT security, measures for customer loyalty and measures for building security (e.g. access controls).

Person-related data is stored and processed by us for the time period necessary to achieve the purpose of the processing or when this is a legal requirement. As a rule, this is the duration of contract fulfilment or contract initiation.

Furthermore, we are subject to obligations for the storage of person-related data for specific storage periods derived from trade and tax legislation according to general fiscal law (Abgabenordnung, AO), the German Commercial Code (Handelsgesetzbuch, HGB) as well as storage periods derived from other legislation.

Data from job applications is stored for a maximum of six months. Data from the video surveillance in the entry areas of our offices is deleted automatically after seven days.

Automated decisions or profiling are not carried out by emlix.

When you call up our website under https://www.emlix.com data is automatically sent from your internet browser to our web server: date and time, information on the browser in use, browser settings, the operating system in use, the quantity of data transferred as well as the access status (file transferred, file not found etc.). In addition, your IP address is transmitted. All the data is stored in a so-called log-file on our web server.

If you call up documents (for example in PDF format) on our website, our web server automatically stores the date and file name of the download in addition to the visit data.

For making contact directly, we offer a contact form on our website. When using this form, you have to enter the following data: name, company, E-mail address and your message. On our contact form, entries that we need for processing are marked as mandatory fields. Other entries are optional.

When our website is called up, cookies are transmitted. These are small text files, which are stored on the computer of the user. Through the cookie ID contained in them, the browser can be identified.

Cookies are a necessary precondition for some, more user-friendly, services of our website. As a user, you can deactivate the storage of cookies in your browser and delete cookies that have already been transmitted. Furthermore, you can configure your browser so that you are notified when a website attempts to set a cookie.

When you use our website, a cookie is set via your browser in order to collect and analyse statistical data about the use of our website. Our web analysis tool collects and stores data for the purpose of optimizing our website marketing.

In the context of the analysis of the user data from our website we obtain information on person-related data such as IP address, date and time, information on the browser in use, browser settings, the operating system in use, the most recently visited website (origin or referrer URL), the volume of data transferred as well as the access status (file transmitted, file not found etc.) of the user.

This enables us to obtain information about the origin of the users and their movements through our website. Using this data, pseudonymized user profiles and reports are created in order to understand the activity on our website. This data is stored by us. It is not passed on to third parties.

We do not combine the information obtained in this way with person-related data or with other data. The web analysis tool is operated only on our server and log-files sensitive to data protection legislation are only stored on our server.

As a user, you can permanently refuse the placement of cookies by our website through appropriate settings in your browser. Furthermore, a cookie that has already been placed can be deleted at any time using the settings in your browser or alternative software.

We place advertisements in the Google search services using Google Ads. The company operating Google Ads is Google Inc. If you access our website via a Google advertisement, a conversion cookie is transmitted.

With the help of this cookie, we and Google can determine whether users have accessed our website directly via an Ads advertisement. This information is transmitted to servers of Google in the USA, where it is stored. A conversion cookie loses its validity automatically after 30 days. It does not serve to identify the user.

You can find the data protection provisions of Google at www.google.de/intl/de/policies/privacy/. You can refuse the use of interest-related advertisements by Google. To do this, please access the link support.google.com/ads/answer/2662922 and make the necessary settings there.

On our website we use the maps service Google Maps API (operator: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

In order to use this service, data can be transmitted to, and stored on, a Google server in the USA. This data includes both the information about your visit to our website and your IP address. We have no influence on the data transfer.

We use Google Maps to present the places mentioned on our website to visitors in a helpful way. According to Art. 6 para. 1 lit. f GDPR this is a legitimate interest.

Further information on data collection by Google can be found here: policies.google.com/privacy.

On our website we use social media plug-ins from ShareThis (operator: ShareThis Inc., 3000 El Camino Real, 5 Palo Alto Square, Suite 150, Palo Alto, CA 94306, USA). With the plug-ins, users can share content in social networks. The plug-ins can be identified by the logo of the respective network.

ShareThis collects data on the surfing and sharing behaviour of users on websites with social media plug-ins. This data is used in order to address users with targeted online advertising. After collection of the data, it is stored for targeted advertising for up to 13 months and a maximum of 48 months for analytical evaluation. ShareThis does not use the data to identify individual persons. Further information on data collection by ShareThis and your rights can be found at: sharethis.com/de/privacy/.

This includes plug-ins for the following social networks:

• LinkedIn (operator: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
• Twitter (operator: Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA)
• Xing (operator: XING SE, Dammtorstraße 30, 20354 Hamburg, Germany)

If you are registered with one of the social networks listed above and you use the plug-in, information about your visit to our website can be connected with your user account. If you do not want this information to be connected with your account, you must log out of the respective social network before visiting our website.

If you share content using the plug-in, information on this is also transmitted to the respective network. The shared contribution will be published on the platform and shown to your contacts.

We have no influence on data collection by the social networks. Further details on data collection and on your rights can be found on the following pages:

• LinkedIn: www.linkedin.com/legal/privacy-policy
• Twitter: twitter.com/privacy
• Xing: privacy.xing.com/de/datenschutzerklaerung

The information offered on our website possibly includes content linked with the websites of third parties, thereby referencing them. At the time these references (links) were set up, we could not identify any infringements of valid legislation on these pages. We have no control of, no influence on and no access to content, cookies or other functions of these third parties. As a user, you can contact these third parties directly and view their data protection declarations.

For the processing of inquiries by letter, fax, E-mail or telephone regarding our services and products as well as the provision of support services, we record the information that we require for the processing: name and business contact data as well as the inquiry itself.

In order to perform our contractual obligations and our services for customers and partners as well as when working together with our suppliers, we record the information that we require for the processing: name and business contact data, position, information on the services performed as well as the invoicing data.

For visits to our business premises we record the information that is necessary for the visit: name and business contact data, position and information on the visit. For the protection of people and property, we use video surveillance in the access areas of our business premises.

The use of our development services and other services requires that you are registered as a user within the framework of a current business relationship. With the registration you will be asked to provide the following data: first name, surname, E-mail address and SSH-key. When logging in as a registered user, access data (login name, time) and your IP-address are recorded in the protocol file(s) on our server.

For the processing of applications provided by post or E-mail we receive person-related data from you. We store only the information that we need for the completion of the application procedure: this may include name, address and contact data, information on education and professional qualifications, further training and other information that we have received from you in connection with your application.

If we conclude an employment contract with an applicant, we record the data that we require for the fulfilment of the employment relationship. If no employment contract is concluded, applications are deleted two months after the rejection is communicated. If those responsible for processing have a legitimate interest in not deleting the application, then deletion does not take place immediately. A legitimate interest could, for example, be an obligation to provide evidence in a court case in relation to the General Equal Opportunities Act (Allgemeines Gleichbehandlungsgesetz, AGG).

For our online meetings, online workshops and online seminars we use the conference software "GoToMeeting" (LogMeIn, Inc., 320 Summer Street, Boston, MA 02210, USA).

You can find the data protection declaration for our web conferences here.

We do not sell any person-related data, nor do we transfer it to third parties for the purpose of marketing or advertising.

The transmission of person-related data takes place to service providers used by us (contracted processors). This can include, for example, computing centre operators, credit institutes, tax accountants, financial and payroll bookkeepers, lawyers and other service providers.

The security of the transmitted person-related data is guaranteed through the conclusion of agreements on contracted data processing under observation of the valid provisions of the data protection legislation. We only transfer data to other third parties when this is necessary for the purpose of data processing and you have given your consent to this transfer of data.

We can often only provide our services and products in cooperation with other companies and service providers. For this purpose, in the context of the initiation or performance of business it is necessary that all participating partners have the same level of information and knowledge.

We therefore transfer information and contact data to partner companies and suppliers, under observation of the data protection legislation and the confidentiality agreements concluded, when in individual cases this is necessary within the framework of the initiation of business or the carrying out of a business relationship.

Furthermore, we pass on person-related data when we are obligated to do so by law, judicial or criminal investigations or a court order.

We transmit person-related data to states outside the EU only in exceptional cases and under observation of the respective legal provisions and ensure appropriate protection of the person-related data according to the level of protection in Germany. This applies, for example, to the use of Google Ads (conversion cookies).

Every person affected by the processing of person-related data has rights that have been allocated by legislative authorities: you can demand information about your person-related data processed by us; demand the correction of incorrect data; demand the completion of incomplete data; demand the deletion of your data (right to be forgotten); under certain conditions you can demand a limitation of the processing of your data and you can demand to receive your data from us in a structured, accessible and machine-readable format.

Furthermore, you can withdraw consent you have given to our processing of your person-related data at any time and with effect for the future. This also applies if you gave your consent before 25th May 2018. This does not apply to storage and processing of data that is necessary for legal reasons.

You also have the right to contact a regulatory authority in order to complain if you are of the opinion that we have violated valid legislation in the processing of your person-related data.

Changes to our offer of information and services as well as changes to the law and regulations from authorities can make it necessary to update this data protection declaration.

Under observation of the respectively valid provisions of the data protection legislation, we reserve the right to change or make additions to this data protection declaration at any time.

If you have questions or comments regarding this data protection declaration, or on the theme of data protection in general, or if you want to make use of your rights to refusal or withdrawal, it is sufficient to send an E-mail to datenschutz [at] emlix.com. You can also contact us by post at the above address.