Data Protection and Privacy Policy

for Website Visitors

Data Protection Declaration for Website Visitors

Constares GmbH pays great importance to data protection. Your personal data is collected and processed in compliance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR). We collect and process your personal data in order to be able to offer you this website. This statement describes how and for what purpose your personal data is collected and used and what options you have in connection with your data.

By using this website, you consent to the collection, use and transfer of your information in accordance with this Privacy Policy. If you wish to object to the collection, processing or use of your data by us in accordance with this data protection declaration as a whole or for individual measures, you can address your objection to the person responsible.

1 Responsible body and person

Responsible for the collection, processing and use of your personal data in terms of General Data Protection Regulation GDPR is

Constares GmbH and Constares Financial GmbH & Co. KG

Elsenheimerstr. 63

80687 München

Phone: 49 89 125 039 830

Fax: 49 89 125 039 839

Email:    info@constares.de

Managing Director: Christian Limmer

Contact to data protection controller: datenschutz@constares.de

1.2 General information

Types of data processed:

• Contact information (e.g. e-mail, telephone numbers);
• Content data (e.g. text input, photographs, videos);
• Usage data (e.g. visited websites, interest in content, access times)
• Meta/communication data (e.g. device information, IP addresses)

Categories of persons concerned

Visitors and users of the online offer. In the following, we will also summarize the persons concerned as "users".

Purpose of processing

• Making available the online offer, its functions and contents
• Answering contact inquiries and communication with users
• Security measures
• Range measurement/marketing

Definitions used

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more special factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

"Processing" means any operation carried out with or without the aid of automated procedures or any such series of operations in connection with personal data. The term goes a long way and covers practically every handling of data.

“Responsible person" means the natural or legal person, authority, institution or other body that alone or together with others decides on the purposes and means of processing personal data.

Business processing

Additionally we process

• Applicant data within the application process as well as selection procedure and/or registration in our applicant database (e.g. curriculum vitae, certificates, etc.)
• contract data from our customers (e.g. subject matter of the contract, term, customer category, payment data)

of our customers, prospective customers, business partners, applicants and candidates for the purpose of providing contractual services, general services and customer care.

Hosting

The hosting services we use are providing the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online offering.

Here we or our hosting provider process master data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this website on the basis of our legitimate interests in an efficient and secure provision of this online offer in accordance with Art. 6 Para. 1 lit. f GDPR in conjunction with. Art. 28 GDPR (contractual data processing agreement).

2 General use of this website

2.1 Access data

Constares collects information about you when you use this website. We automatically collect information about your usage behavior and interaction with us and record data about your computer or mobile device. We collect, store and use data about every access to our online offer (so-called server log files). The access data includes name and URL of the accessed file, date and time of access, transferred data volume, notification of successful access (HTTP response code), browser type and browser version, operating system, referrer URL (i.e. the previously visited page), IP address and the requesting provider.

We use this log data without allocation to your person or other profiling for statistical evaluations for the purpose of operation, security and optimization of our online offer, but also for anonymous recording of the number of visitors to our website (traffic) and the extent and type of use of our website and services. We reserve the right to check the log data subsequently if there is a justified suspicion of illegal use based on concrete evidence. We store IP addresses in the log files for a limited period of time if this is necessary for security purposes or for the provision or billing of a service, e.g. if you use one of our offers. We also store IP addresses if we have a concrete suspicion of a criminal offence in connection with the use of our website. In addition, we store the date of your last visit as part of your account (e.g. when registering, logging in, clicking on links, etc.).

2.2 Contact via e-mail and web form

If you contact us (e.g. via contact form or e-mail), we store your data given for processing the enquiry and in the event that follow-up questions arise. We only store and use further personal data if you give your consent or if this is legally permissible without special consent.

2.3 Online presence in social media

We maintain online presences within social networks and platforms in order to communicate with active customers, interested parties, users and applicants and to inform them there about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.

Unless otherwise stated in our privacy policy, we process the data of users who communicate with us within social networks and platforms, e.g. write articles on our online presences or send us messages.

Integration of third-party services and content

Within our online offer, based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO), we use third-party content or service offerings to incorporate their content and services, such as videos or fonts (hereinafter uniformly referred to as "Content").

This always implies that the third party providers of this content use the IP address of the users, since without the IP address they could not send the content to their browser. The IP address is therefore required for the display of this content. We make every effort to use only those contents whose respective providers use the IP address only for the delivery of the contents. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visiting time and other information about the use of our online offer, as well as may be linked to such information from other sources.

Typekit fonts from Adobe

On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) we use external typekit fonts from Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland. Adobe is certified under the Privacy Shield Agreement, which thereby provides a guarantee of compliance with European data protection laws.

(https://www.privacyshield.gov/participant?id=a2zt0000000TNo9AAG&status=Active ).

XING

Within our online offering functions of the "XING" service (XING AG, Dammtorstraße 29 - 32, 20354 Hamburg) are offered. When you access this website, your browser is used to establish a short-term connection to XING AG servers. XING does not store any personal data about you when you access this website. In particular, XING does not store any IP addresses. There is also no evaluation of your usage behavior via the use of cookies in this context. If you are a member of the Xing platform, Xing can assign the call of the above contents and functions to the profiles of the users there. Privacy Policy of Xing:

https://privacy.xing.com/de/datenschutzerklaerung .

LinkedIn

Within our online offering functions of the LinkedIn service (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) are included. This may include, for example, content such as images, videos or texts and buttons with which users can express their appreciation of the content, subscribe to the authors of the content or our contributions. If the users are members of the LinkedIn platform, LinkedIn can assign the call of the above contents and functions to the profiles of the users there. Privacy Policy of LinkedIn:

https://www.linkedin.com/legal/privacy-policy . LinkedIn is certified under the Privacy Shield Agreement, which thereby provides a guarantee of compliance with European data protection laws. (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active ).

Privacy Policy Declaration: https://www.linkedin.com/legal/privacy-policy?_l=de_DE  

Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

2.4 Newsletter

Newsletter dispatch service providers

The newsletter is sent out by the dispatch service "Belsignum (belmail)" (Belsignum UG, Carl-von-Linde-Str. 40, 85716 Unterschleißheim www.belsignum.com/). If you register for our free newsletter, the data requested from you for this purpose, i.e. your e-mail address and - optionally - your first and last name, will be transmitted to Belsignum. At the same time, the IP address of the Internet connection from which you access our website and the date and time of your registration are stored. As part of the registration process, we will obtain your consent to the sending of the newsletter, describe the content in detail and refer to this data protection declaration. The data collected is used exclusively for sending the newsletter - it will therefore not be passed on to third parties. The legal basis for this is Art. 6 para. 1 lit. a) GDPR.

You may revoke your consent to receive the newsletter at any time with effect for the future pursuant to Art. 7 para. 3 GDPR. All you have to do is inform us of your revocation or click the unsubscribe link contained in each newsletter.

The dispatch service provider can use the recipient's data in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. to technically optimize the dispatch and presentation of the newsletter or for statistical purposes. However, the dispatch service does not use the data of our newsletter recipients to contact them directly or to pass on the data to third parties.

Measurement of success

The newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a dispatch service provider, from whose server. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected.

This information is used to technically improve the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. The statistical collections also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our endeavor, nor, if used, that of the dispatching service provider, to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users.

2.5 Legal bases and storage period

The legal basis for data processing in accordance with the above paragraphs is Art 6 para. 1 letter f) GDPR. Our interests in data processing are in particular to ensure the operation and security of the website, to investigate the manner in which visitors use the website, and to simplify the use of the website. 

Unless specifically stated, we only store personal data for as long as is necessary to fulfil the purposes pursued.

3 Your rights as a data subject

According to the applicable laws, you have various rights regarding your personal data. If you wish to assert these rights, please direct your request to the website operator by e-mail or by postal mail, clearly identifying yourself (see section 1). As the person concerned, you have the following rights:

3.1 Right to information

You have the right to receive confirmation from us at any time as to whether we are processing personal data relating to you. If this is the case, you have the right to receive from us free of charge information about the personal data stored about you together with a copy of this data. Furthermore, you have the following rights:

• The processing purposes
• The categories of personal data being processed
• The recipients or categories of recipients to whom the personal data have been or are still being disclosed, in particular recipients in third countries or international organizations
• If possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
• The right to have your personal data corrected or deleted
• The right to restrict processing  by the data protection controller
• The right to object to such processing
• The right of appeal to a supervisory authority
• The right to receive all available information about the origin of the data if the personal data is not collected from you
• Information about the existence of automated decision-making, including profiling in accordance with Article 22(1) and (4) GDPR, and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for you.

When personal data are transferred to a third country or an international organization, you have the right to be informed of the appropriate guarantees under Article 46 GDPR in relation to the transfer.

3.2 Right to correction

You have the right to request us to correct any inaccurate personal data concerning you without delay. Taking into account the purposes, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.

3.3 Right to cancellation ("Right to be forgotten")

You have the right to request us to delete personal data concerning you immediately and we are obliged to delete personal data immediately if one of the following reasons applies:

• The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
• You revoke your consent on which the processing was based pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there is no other legal basis for the processing.
• You file an objection to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing (e.g. statutory retention periods), or you file an objection to the processing pursuant to Art. 21 para. 2 GDPR.
• The personal data have been processed unlawfully.
• The deletion of personal data is necessary to fulfil a legal obligation under European Union law or the law of the Member States to which we are subject.
• The personal data was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.

If we have made personal data public and we are obliged to delete it, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform those responsible for data processing who process the personal data that they have requested the deletion of all links to this personal data or of copies or replications of this personal data.

3.4 Right to limitation of processing

You have the right to request us to restrict processing if one of the following conditions is met:

• The accuracy of the personal data is disputed by you for a period of time that enables us to verify the accuracy of the personal data
• The processing is unlawful and you refused the personal data to be deleted and instead requested that the use of the personal data should be restricted
• The personal data is no longer needed for the purposes of processing, but you need the data to assert, exercise or defend legal claims
• You have entered an objection to the processing pursuant to Art. 21 para. 1 GDPR, as long as it is not yet clear whether the justified reasons of our company outweigh yours.

3.5 Right to Data Transfer

You have the right to receive the personal data concerning you that you have provided to us in a structured, current and machine-readable format, and you have the right to transmit this data to another person in charge without our interference, provided that

• Processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPRor on a contract pursuant to Article 6(1)(b) GDPR, and
• Processing is carried out using automated methods.

When exercising your right to data transferability pursuant to para. 1, you have the right to obtain that the personal data be transferred directly by us to another person responsible, so far as this is technically feasible.

3.6 Right of objection

You have the right to object at any time to the processing of personal data concerning you on the basis of Article 6(1)(e) or (f) GDPR for reasons arising from your particular situation; this also applies to profiling based on these provisions. We no longer process personal data unless we can prove compelling grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If we process personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, so far as it is associated with such direct marketing.

You have the right to object to the processing of personal data concerning you, for scientific or historical research purposes or for statistical purposes pursuant to Art. 9 para. 1 GDPR, for reasons arising from your particular situation, unless the processing is necessary for the performance of a task in the public interest.

3.7 Automated decisions including profiling

You have the right not to be subject to a decision based exclusively on automated processing - including profiling - that has legal effect against you or significantly impairs you in a similar manner.´

3.8 Right to revoke consent under data protection law

You have the right to revoke your consent to the processing of personal data at any time.

3.9 Right of appeal to a supervisory authority

You have the right of appeal to a supervisory authority, in particular in the Member State where you are staying, working or suspected of having infringed the law, if you believe that the processing of personal data concerning you is unlawful.

4 Data Security

We make every effort to ensure the security of your personal data in accordance with the applicable data protection laws and technical possibilities. 

Your personal data will be transmitted encrypted. We use the SSL (Secure Socket Layer) coding system, but point out that data transfer over the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of data against access by third parties is not possible.

To secure your data, we maintain technical and organizational security measures which we constantly adapt to the state of the art. 

Furthermore, we do not guarantee that our offer will be available at certain times; disruptions, interruptions or failures cannot be ruled out. The servers we use receive careful and regular back-ups.

5 Automated decision making

An automated decision making based on the collected personal data does not take place.

6 Disclosure of data to third parties, no data transfer to non-EU/EEA countries

In principle, we only use your personal data within our company.

If and to the extent that we involve third parties within the scope of the fulfilment of contracts, these personal data are only provided to the extent to which the transfer is necessary for the corresponding service.

In the event that we outsource certain parts of data processing ("contractual data processing agreement "), we contractually bind our contractors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject.

Data transfer to places or persons outside the EU and outside the cases mentioned in this declaration does not take place and is not planned.

7 Changes to the data protection declaration

Constares GmbH and Constares Financial GmbH & Co. KG reserves the right to change the data protection declaration in order to adapt it to changed legal situations or to changes in the service and data processing. However, this only applies with regard to declarations on data processing. If user consents are required or components of the data protection declaration contain provisions of the contractual relationship with the users, the changes will only be made with the users' consent.

Users are asked to inform themselves regularly about the contents of the data protection declaration. You can save and print out this data protection declaration at any time.

Munich, June 2018