Data Protection Statement in accordance with Art. 13 (4) GDPR

Name of the controller

Wilde Beissel von Schmidt GmbH
registered at Berlin-Charlottenburg Local Court
HRB 96319 B

 

Managing directors

Barbara Wilde, Marein Beissel and Silvia Schmidt

 

Address of the controller

Marienburger Str. 30a, 10405 Berlin

Tel.: +49 (0)30 400569-10
Fax: +49 (0)30 400569-20
E-Mail: info@wbvs-berlin.de

 

Data protection officer

Winfried Hofmann, Lorop GmbH

Address: Landgrafenstr. 16, D-10787 Berlin

Tel.: +49 (0)30 3309626-0
Fax: +49 (0)30 3309626-29
E-Mail: hofmann@lorop.de

Purpose of the collection, storage, processing or use of data

Data are collected, processed and used for the following designated purposes:
– customer management,
– staff management,
– management of staff, and
– management of data originating from external service-providers.

 

Data are processed on the basis of Art. 6 (1) (a)-(c):

– consent,
– performance of a contract, and
– compliance with a legal obligation.

 

Data recipients or categories of recipients

1. Public authorities receiving data on the basis of statutory provisions (existence of priority legal provisions), such as social insurance institutions and tax authorities.
2. Internal units involved in performing the respective business processes, such as bookkeeping, invoicing and computing.
3. External sub-contractors in accordance with Art. 28 of the General Data Protection Regulation (GDPR) (Data processor).
4. External agencies entrusted with the performance of the purposes of data collection, storage, processing or use.

 

Planned transmission to third countries

No transmission to third countries is planned.

 

Standard periods for the erasure of the data

Differing periods apply to storage. Data that are of fiscal relevance are for instance normally stored for ten years, whilst other data are kept in accordance with commercial law, as a rule for six years. In the absence of a legal storage regulation, the data are erased or destroyed if they are no longer required to achieve the company’s purposes.

There is a right to have the controllers grant access to information, or to rectify or erase the personal data in question (Art. 15, 16 and 17 GDPR). Data subjects can revoke their consent at any time without this affecting the lawfulness of the processing that was carried out on the basis of consent prior to revocation.

 

Data protection

We, Wilde Beissel von Schmidt GmbH, take the protection of your personal data very seriously, and comply strictly with the provisions of the laws on data protection. As a rule, it is possible to use our website without providing any personal data. Where personal data are collected on our website (such as name, postal or e-mail addresses), this is always voluntary where possible. Under no circumstances will the data collected be sold or passed on to third parties for other reasons.

The following declaration provides you with an overview of how we guarantee this protection and what kinds of data are collected for what purpose.

Rights of data subjects and users

The following rights apply to data subjects:

a) Right to confirmation and information (Art. 15 GDPR)

Data subjects shall have the right to obtain confirmation from the person responsible as to whether his/her personal data is being processed. For this purpose, data subjects may contact employees of Wilde Beissel von Schmidt GmbH at any time.

b) Right to information

In addition to such confirmation, data subjects also have the right to obtain information on their personal data processed and to request the following information:

  • The purpose of the processing
  • The categories of personal data that is being processed
  • The recipients or categories of recipients to whom the personal data has been or will be disclosed, especially with regard to recipients in third countries or international organisations
  • If possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
  • The existence of a right to correction or deletion of the personal data concerning him/her or of right to having the processing limited by the controller or a right to object to this processing, taking legal restrictions into account to which Wilde Beissel von Schmidt GmbH is subject.
  • The existence of a right of complaint to a supervisory authority
  • If the personal data are not collected from the data subject: all available information on the data’s’ source
  • The existence of automated decision-making, including profiling, in accordance with Art. 22 Paragraph 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

In addition, data subjects have the right to be informed if personal data are transmitted to a third country or an international organisation and what suitable guarantees are, in accordance with Art. 46 GDPR, used in the context of a transmission.
Furthermore, a copy of the personal data processed can be requested from the person responsible.

You can approach an employee of Wilde Beissel von Schmidt GmbH at any time to exercise your right to information.

c) Right to correction (Art. 16 GDPR)

Under Art. 16 GDPR, data subjects have the right to demand that the person responsible corrects incorrect personal data relating to them. This also includes the completion of incomplete data.

You can approach an employee of Wilde Beissel von Schmidt GmbH at any time to exercise your right to completion.

d) Right to deletion / Right to be forgotten (Art. 17 GDPR)

Data subjects shall have the right to demand immediate deletion of their personal data from the person responsible. The person responsible must comply with this request if one the following reasons applies in accordance with Art. 16 GDPR:

  • The personal data are no longer required for the purposes they have been collected or processed for.
  • The data subject withdraws their consent on which the processing was based in accordance with Art. 6 (1) (a) or Art. 9 (2) (a) and there is no other legal basis for the processing.
  • The data subject objects to the processing in accordance with Art. 21 (1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in accordance with Art. 21 (2).
  • The personal data was processed illegally.
  • The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
  • The personal data were collected in relation to information society services offered in accordance with Art. 8 (1).

If processing is necessary

  • to exercise the right of freedom of expression and information,
  • to fulfill a legal obligation,
  • for reasons of public interest in the field of public health – or for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes,
  • to assert, exercise or defend legal claims,

this requirement does not apply.

If the personal data have been made public by the data controller and our company as data controller is obliged to delete the personal data pursuant to Art. 17 (1) GDPR, we will take reasonable measures, including technical measures, taking into account implementation costs and available technology, to inform other data controllers processing the published personal data that the data subject has requested these other data controllers to delete all links to these personal data or copies or replications of these personal data, unless the processing is necessary.

If you as the person concerned wish to have your personal data deleted under the described conditions, we will comply with this request without delay. Please contact an employee of Wilde Beissel von Schmidt GmbH for this purpose.

e) Right to restrict processing (Art. 18 GDPR)

Under Art. 18 of the GDPR, data subjects have the right to request the controller to restrict processing if one of the following conditions is met:

  • The accuracy of the personal data is disputed by the data subject. In that case, the processing must be stopped for a period of time which allows the controller to verify the accuracy of the personal data.
  • The processing is unlawful. The data subject refuses to have his personal data deleted and instead requests that the use of his personal data be restricted.
  • The personal data are no longer needed by the controller for the purposes of the processing. However, the data subject needs them in order to assert, exercise or defend legal claims.
  • The data subject has lodged an objection to the processing, but it is not yet clear whether the controller’s legitimate reasons outweigh those of the data subject.

You are welcome to contact an employee of Wilde Beissel von Schmidt GmbH if one of these conditions is met and you as a data subject request the restriction of the processing of your personal data.

f) Right to data transferability (Art. 20 GDPR)

Data subjects shall have the right to obtain the personal data concerning them which they have supplied to the controller in a standard, structured and machine-readable format. Moreover, data subjects shall have the right to have such data communicated to other controllers without the hindrance of the controller to whom the personal data has been made available, if such processing is based on consent and if it is carried out by means of automated procedures. This shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
In addition, the data subject has the right to obtain that personal data be transferred directly from one controller to another, insofar as this is technically feasible.

g) Right of objection (Art. 21 GDPR)

Data subjects shall have the right to object at any time, on the grounds relating to their particular situation, to the processing of personal data concerning them carried out pursuant to Article 6(1)(e) or (f) GDPR, including profiling based on these provisions. The controller no longer processes the personal data unless he or she can demonstrate compelling legitimate reasons for doing so which outweigh the interests, rights and freedoms of the data subject, or unless the processing is carried out in order to assert, exercise or defend legal claims.

Where personal data are processed for the purpose of direct marketing, the data subject shall have the right to object at any time to the processing of personal data relating to him/her for the purpose of such marketing, including profiling, insofar as it relates to such direct marketing.

Data subjects must be informed of these rights at the latest at the time of the first communication. This is done by means of this data protection declaration, as well as by a separately provided initial information.

According to Art. 21(6) of the GDPR, data subjects also have the right to object, on grounds relating to their particular situation, to the processing of personal data concerning them for the purposes of scientific or historical research or for statistical purposes, as referred to in Art. 89(1), except where such processing is necessary for the fulfilment of a task carried out in the public interest.

You can approach an employee of Wilde Beissel von Schmidt GmbH at any time to exercise your right of objection.

h) Automated decisions in individual cases including profiling (Art. 22 GDPR)

Under Art. 22(1) GDPR, data subjects have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects vis-à-vis them or significantly affects them in a similar way. This does not apply in the following situations:

  • The decision is necessary for the conclusion or fulfilment of a contract between the data subject and the data controller.
  • The decision is authorised by Union law or the law of the Member States to which the person responsible is subject. Such legislation must contain appropriate measures to safeguard the rights and freedoms and legitimate interests of the persons concerned.
  • The decision is made with the explicit consent of the person concerned.

Should the decision

  • be necessary for the conclusion or fulfilment of a contract between the data subject and the controller or
  • be made with the explicit consent of the person concerned, Wilde Beissel von Schmidt GmbH will take reasonable measures to safeguard the rights and freedoms as well as the legitimate interests of the person concerned, including at least the right to obtain the intervention of the person responsible, to express his or her point of view and to challenge the decision.

Data subjects can approach an employee of Wilde Beissel von Schmidt GmbH at any time to assert rights with regard to automated decisions.

Data processing on this website

 

Privacy Policy for Google Fonts

For our internet presence we use Google Fonts to display the fonts. To enable the display of the fonts from our website, a connection to the Google server in the USA or in other countries is established when our website is accessed.
This is a service provided by Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to only as “Google”. Google guarantees that the data protection requirements of the EU will also be observed when processing data in the USA through the certification according to the EU-US Privacy Shield.
The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the optimisation and economic operation of our Internet presence.
Through the connection to Google established when you access our website, Google can determine from which website your request has been sent and to which IP address the font is to be sent.
Google offers further information, in particular on the possibilities of preventing the use of the data, under https://adssettings.google.com/authenticated or https://policies.google.com/privacy.

 

Contact possibilities via our website

Due to legal requirements, our website contains some information for fast and direct electronic contact and communication with our company. This also includes a general address for so-called electronic mail (e-mail address). When contacting us by e-mail or via a contact form, the personal data transmitted by the person concerned is automatically stored for the purpose of processing or further contacting the person concerned. This data is not passed on to third parties. The legal basis for this processing is provided by Art. 6(1)(B) GDPR.
Provided that there are no legal retention periods to prevent deletion, such as in the case of subsequent contract processing, your data will be deleted if your request has been finally answered.

 

Data protection for applications

We offer you different ways to submit your application to us. Applicant and application data may be collected and processed electronically by us for the purpose of processing your application. This is the case, for example, if you send us your application documents by e-mail or submit data to us via a web form on our website. Based on Art. 88 GDPR, concretisation clauses of the BDSG are used as the legal basis. The legal basis for this processing is § 26 para. 1 sentence 1 BDSG.

If, after the application procedure, an employment contract is subsequently concluded between the controller and the applicant, the data transmitted will be stored for the purposes of the management of the employment relationship and the normal organisational and administrative process. Naturally, further legal regulations are observed. The legal basis for this is also § 26 para. 1 sentence 1 BDSG in conjunction with Art. 88 para. 1 GDPR.
If no contract of employment is concluded after the application procedure and the application is rejected by the person responsible, the data transmitted will be automatically deleted 6 months after notification of the rejection, provided that no other legitimate interest of the person responsible or other legal bases oppose deletion. For example, due to the duty of proof under the General Equal Treatment Act (AGG), longer storage of up to four months or until the conclusion of legal proceedings may be necessary.

The legal basis in this case is Art. 6(1)(f) GDPR and Art. 24(1)(2) BDSG. Our legitimate interest lies in the legal defence or enforcement.
Applicants can also give their explicit consent to the storage of their data for a longer period of time, so that their data can be further processed, for example in a database of applicants or interests, based on their consent. In this case, Art. 6 (1) (a) GDPR is the legal basis. Under Art. 7 (3) GDPR, applicants or data subjects may revoke this consent at any time with effect for the future.

 

Further information

Your trust is important to us. We would therefore like to be available to you at all times to answer your questions regarding the processing of your personal data. If you have any questions which this data protection statement did not answer, or if you would like to receive more detailed information on any point, please feel free to approach our data protection officer at any time.

Privacy policy on the use and application of Facebook

 

Plugins provided by the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA, are integrated into our site. You can identify the Facebook plugin by the Facebook logo or the “Like” button on our site. You will find an overview of Facebook plugins here: http://developers.facebook.com/docs/plugins/. If you visit our pages, a direct link is established via the plugin between your browser and Facebook’s server. This means that Facebook is informed that you have visited our site with your IP address. If you click on the Facebook “Like” button while you are logged on to your Facebook account, you can link the content of our page to your Facebook profile. This enables Facebook to trace your visit to our site to your user account. We would like to point out that we, the page providers, are not informed of the content of the information that is transmitted, or of what use Facebook makes of it. You will find more information on this by consulting Facebook’s privacy policy at http://de-de.facebook.com/policy.php. If you do not want Facebook to be able to trace your visit to our website to your Facebook user account, you should log out of your Facebook user account.

 

Privacy policy on the use and application of Instagram

 

The data controller has integrated components of the Instagram service on this website. Instagram is a service that qualifies as an audiovisual platform and allows users to share photos and videos and also to disseminate such data in other social networks.

The operating company of the Instagram services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.

Each time the data subject accesses any of the individual pages of this Internet site operated by the data controller and on which an Instagram component (Insta button) has been integrated, the Internet browser on the data subject’s information technology system is automatically prompted by the relevant Instagram component to download a representation of the relevant component of Instagram. As part of this technical process, Instagram is informed which specific subpage of our website is visited by the person concerned.

If the person concerned is logged in at the same time at Instagram, Instagram recognizes which specific subpage the person concerned is visiting each time the person concerned accesses our website and for the entire duration of their stay on our website. This information is collected by the Instagram component and assigned by Instagram to the respective Instagram account of the person concerned. If the person concerned clicks on one of the Instagram buttons integrated on our website, the data and information transmitted with it is assigned to the personal Instagram user account of the person concerned and stored and processed by Instagram.
Instagram will receive information through the Instagram component that the data subject has visited our website whenever the data subject is logged in to Instagram at the same time as accessing our website, regardless of whether the data subject clicks on the Instagram component or not. If the person concerned does not want this information to be sent to Instagram, he/she can prevent it from being sent by logging out of his/her Instagram account before accessing our website.
Further information and Instagram’s applicable privacy policy can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

 

Privacy policy on the use and application of LinkedIn

 

The data controller has integrated components of LinkedIn Corporation on this website. LinkedIn is an Internet-based social network that allows users to connect with existing business contacts and to make new business contacts. Over 400 million registered users use LinkedIn in more than 200 countries. This makes LinkedIn currently the largest platform for business contacts and one of the most visited websites in the world.
The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. For data protection matters outside the USA, LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.
Whenever our website is accessed, which is equipped with a LinkedIn component (LinkedIn plug-in), this component causes the browser used by the person concerned to download a corresponding representation of the LinkedIn component. Further information about LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. This technical process allows LinkedIn to know which specific page of our website is visited by the data subject.
If the person concerned is also logged on to LinkedIn, LinkedIn will recognise which specific subpage of our website the person concerned is visiting each time the person concerned accesses our website and for the entire duration of their stay on our website. This information is collected by the LinkedIn component and assigned by LinkedIn to the LinkedIn account of the person concerned. If the person concerned clicks on a LinkedIn button integrated on our website, LinkedIn assigns this information to the personal LinkedIn user account of the person concerned and stores this personal data.
LinkedIn receives information via the LinkedIn component that the person concerned has visited our website, if the person concerned is logged on to LinkedIn at the same time when he or she visits our website; this occurs regardless of whether the person concerned clicks on the LinkedIn component or not. If the data subject does not want this information to be sent to LinkedIn, he/she can prevent it from being sent by logging out of his/her LinkedIn account before accessing our website.
LinkedIn provides the ability to unsubscribe from email messages, SMS messages, and targeted ads, as well as manage ad setting under https://www.linkedin.com/psettings/guest-controls. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame who may set cookies. Such cookies can be rejected at https://www.linkedin.com/legal/cookie-policy. LinkedIn’s current privacy policy is available at https://www.linkedin.com/legal/privacy-policy. LinkedIn’s cookie policy is available at https://www.linkedin.com/legal/cookie-policy.

 

Privacy policy on the use and application of Xing

 

The data controller has integrated components of Xing on this website. Xing is an Internet-based social network that enables users to connect with existing business contacts and to make new business contacts. Individual users can create a personal profile of themselves on Xing. Companies can, for example, create company profiles or publish job offers on Xing.
The operating company of Xing is XING SE, Dammtorstraße 30, 20354 Hamburg, Deutschland.
Each time the data subject accesses any of the individual pages of this Internet site operated by the data controller and on which a Xing component (Xing plug-in) has been integrated, the Internet browser on the data subject’s information technology system is automatically prompted by the relevant Xing component to download a representation of the relevant component of Xing. Further information on the Xing plug-ins can be found at https://dev.xing.com/plugins. As part of this technical process, Xing is informed which specific subpage of our website is visited by the person concerned.
If the person concerned is logged on to Xing at the same time, Xing recognizes which specific subpage of our website the person concerned is visiting each time the person concerned accesses our website and for the entire duration of their stay on our website. This information is collected by the Xing component and assigned by Xing to the respective Xing account of the person concerned. If the person concerned clicks one of the Xing buttons integrated on our website, for example the “Share” button, Xing assigns this information to the personal Xing user account of the person concerned and stores this personal data.
Xing will receive information through the Xing component that the data subject has visited our website whenever the data subject is logged on to Xing at the same time as accessing our website, regardless of whether the data subject clicks on the Xing component or not. If the person concerned does not want this information to be sent to Xing, he/she can prevent it from being sent by logging out of his/her Xing account before accessing our website.
The data protection regulations published by Xing, which can be accessed at https://www.xing.com/privacy, provide information about the collection, processing and use of personal data by Xing. Xing has also published data protection information for the XING Share button at https://www.xing.com/app/share?op=data_protection.

Data Protection