This privacy notice informs you about our handling of your personal data. We would like to present you with an overview of this processing to ensure that it is transparent and verifiable. . In order to ensure fair processing, this privacy notice contains general information about our processing of your personal data and information about your rights in accordance with the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
We will also inform you in detail about:
I. General information
II. Data processing on our website
III. Data processing on our social media sites
IV. Further data processing
Janz Tec AG, Im Dörener Feld 8, 33100 Paderborn, Germany (hereinafter referred to as “we” or “us”) is responsible for the data processing.
I. General information
If you have any questions or suggestions regarding this information, or if you want to contact us to assert your rights, please address your query to
Janz Tec AG
Im Dörener Feld 8
Phone: +49 52 51 / 15 50 0
2. Legal basis
We process personal data taking the relevant data protection provisions into account, in particular those of the GDPR and BDSG (Federal Data Protection Act). Data processing conducted by us is only done on the basis of a legal permit. We only process personal data with your consent (Art. 6 para. 1 sentence 1 a) GDPR) to fulfil a contract to which you are a party, or in order to take steps at your request prior to entering into a contract (Art. 6 para. 1 sentence 1 b) GDPR), to comply with a legal obligation (Art. 6 para.1 sentence 1 c) GDPR) or when processing is necessary to maintain the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms which require protection of personal data (Art. 6 para. 1 sentence 1 f) GDPR).
3. Duration of storage
Unless the following information specifies otherwise, we shall only store your personal data as long as is necessary for achieving the processing purpose or for the performance of our contractual or legal obligations. Legal storage obligations may in particular arise from commercial or tax-related regulations.
4. Recipient of the data
We make use of commissioned service providers for individual processing operations. This includes, for example, hosting, maintenance and support of IT systems, marketing measures or destruction of files and data carriers. These service providers will only process the personal data following explicit instructions and are contractually obligated to guarantee the implementation of sufficient technical and organisational data protection measures. In addition, we may transfer personal data of our customers to parties such as postal and delivery services, payment and information services, banks, tax consultants/auditors or the tax authorities.
5. Data transfer to third countries
Our data processing operations may involve the transfer of certain personal data to third countries, i.e. countries where the GDPR is not applicable law. Such a transfer takes place in a permissible manner if the European Commission has determined that an adequate level of data protection is required in such a third country. If such an adequacy decision by the European Commission does not exist, a transfer of personal data to a third country will only take place if appropriate safeguards pursuant to Article 46 of the GDPR are in place or if one of the conditions of Article 49 of the GDPR is met. Unless otherwise stated below, we use the EU standard data protection clauses as appropriate safeguards for the transfer of personal data to third countries. You have the possibility to obtain a copy of these EU standard data protection clauses or to inspect them. To do so, please contact us at the address given under Contact. If you consent to the transfer of personal data to third countries, the transfer is made on the legal basis of Art. 49 (1) a GDPR.
6. Processing in the exercise of your rights pursuant to Art. 15 to 22 GDPR
If you exercise your rights pursuant to Art. 12 to 22 GDPR, we will process the personal data transmitted for the purpose of implementing these rights by us and to be able to provide proof of this. For the purpose of providing information and preparing such information, we will process stored data only for this purpose and for purposes of data protection control and otherwise restrict processing in accordance with Art. 18 GDPR.
These processing operations are based on the legal basis of Art. 6 Para. 1 letter c) GDPR in connection with Art. 15 to 22 GDPR and § 34 para. 2 BDSG.
7. Your rights
As an affected person, you have the right to assert your rights as an affected person vis-à-vis our company. You have the following rights in particular:
- In accordance with Art. 15 GDPR and § 34 BDSG, you have the right to demand information on whether we process your personal data, and if so, to what extent.
- You have the right, in accordance with Art. 16 GDPR, to demand the rectification of your personal data.
- You have the right, in accordance with Art. 17 GDPR and § 35 BDSG, to demand the deletion of your personal data.
- You have the right, in accordance with Art. 18 GDPR, to demand the limitation of the processing of your personal data.
- You have the right, in accordance with Art. 20 GDPR, to receive the data concerning your person which you have provided us with, in a structured, commonly used and machine-readable format, and to transmit this personal data to another controller.
- You can withdraw granted consent in accordance with Art. 7 para. 3 GDPR. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- WIf you are of the opinion that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.
8. Right to object
As stipulated in Art. 21 GDPR, you have the right to object to any processing which arises from the legal basis in Art. 6 para. 1 sentence 1 e) or f) GDPR.If we process personal data for direct marketing purposes, you can object to this processing in accordance with Art. 21 para. 2 and para. 3 GDPR.
9. Contact details data protection officer
Herting Oberbeck Datenschutz GmbH
Hallerstraße 76, 20146 Hamburg
II. Data processing on our website
When using the website, we collect information that you provide yourself. In addition, certain information about your use of the website is automatically collected during your visit to the website. In data protection law, the IP address is generally also considered a personal date. An IP address is assigned to every device connected to the internet by the internet provider so that it can send and receive data.
1. Processing of server log files
In case of a purely informative use of our website, general information which is transmitted by your browser to our server is automatically (hence not via registration) stored. By default, this includes: type of browser/version, operating system used, accessed page, previously accessed page (referrer URL), IP address, date and time of the server query and HTTP status code.
The processing is necessary for the purposes of pursuing our legitimate interests and is based on the legal foundation of Art. 6 para. 1 sentence 1 f) GDPR. This processing serves the technical administration and security of our website. The stored data is deleted when there are no specific indications that prompt us to suspect, on reasonable grounds, any illegal activity which requires the further review and processing of the information for this reason. We will not be able to identify you as a data subject from the information we hold. Therefore Art. 15 to 22 GDPR do not apply pursuant to Art. 11 para. 2 GDPR, unless you provide additional information to enable identification in order to exercise the rights set out in these articles.
2. Contact form
Our website contains a contact form which you can use to send us messages. The transfer of your personal data in these messages is encrypted. All data fields designated as mandatory fields are required to process your request. Your request cannot be processed if you do not provide all the necessary information. The disclosure of other personal data is voluntary. Alternatively, you can send us a message via the contact email address.
The legal basis for the data processing is provided in Art. 6 para. 1 sentence 1 b) GDPR.
3. White Paper
You also have the option of receiving white papers on various specialist IT issues via our website. We collect the personal data available from the respective form in order to provide you with a white paper. The legal basis for the data processing is provided in Art. 6 para. 1 sentence 1 b) GDPR.
4. Support Platform
We offer a support platform through which our customers can submit support requests. Personalized access data (e-mail address and password) are required for use. Further personal data may be processed within the scope of use. The data will only be processed for the purpose of providing the service. The processing is based on the legal basis of Art. 6 Para. 1 letter b) GDPR.
Our website also provides the option of subscribing to our newsletter. Once you subscribe, we will regularly provide you with news on our current offers. Subscribing to the newsletter requires a valid email address. If you subscribe to our newsletter on our website, we will process personal data such as your email address and possibly your name for dispatching purposes. We also track your reading behaviour and the access rates of our newsletter. Here, we analyse how often you accessed the newsletter and which links were clicked. The legal basis for this processing is provided in Art. 6 para. 1 sentence 1 a) GDPR. You can withdraw your consent at any time by unsubscribing from our newsletter.
To verify the email address, you will first receive a registration email which you must confirm via a link (double opt-in). When subscribing to the newsletter, we also store the IP address, as well as the date and time of the registration. Processing of this data is required to prove that consent has been issued. The legal basis arises from our legal obligation to document your consent (Art. 6 para. 1 sentence 1 c) in conjunction with Art. 7 para. 1 GDPR).
7. Google AdWords Conversion Tracking
We use the online advertising programme Google AdWords by Google Ireland Limited, (Irland/EU) to run advertisements with Google. If you access our website via a Google advertisement, Google will set a cookie on your end device (“conversion cookie”). Each AdWords customer is assigned a different conversion cookie so that the cookies cannot be tracked via the websites of other AdWords customers. The information obtained through the cookie is used to compile conversion statistics. We use this to determine the total number of users who clicked one of our Google advertisements. However, we do not receive any information which can be used to personally identify the user.
Insofar as personal data is processed in this context, this is based on your consent as the legal basis (Art. 6 (1) a) GDPR). You have the right to withdraw your consent at any time with effect for the future by adjusting the settings on our Consent banner. You can open the Consent Management Tool by calling up “Cookie Settings” in the footer (baseboard) of the website. The withdrawal of your consent does not affect the lawfulness of the processing carried out on the basis of your consent until the withdrawal.
8. Google Analytics
We make use of Google Universal Analytics. This enables us to assign interaction data from different devices and from different sessions to a unique user ID. This enables us to contextualize individual user actions and analyze long-term relations.
Data on user actions is stored for a period of 14 months, after which it is automatically deleted. Deletion of data for which the storage period has expired automatically takes place once a month.
We only use Google Analytics with IP anonymization enabled, which means that Google will truncate the IP address of users within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to and truncated by Google servers in the United States. The IP address transmitted by your browser is not merged with other Google data.
We also use Google Analytics (remarketing) advertising features. This feature, combined with the multi-device features of Google AdWords and Google DoubleClick, allows us to display advertisements in a more targeted manner and present users with ads relevant to their specific interests. The remarketing function displays ads and products that have been found to be of interest to users on other websites in the Google network. This function allows us to link advertising target groups created via Google Analytics Remarketing with the multi-device functions of Google AdWords and Google DoubleClick. This way, interest-related, personalized advertising messages that have been adapted to you on the basis of your previous usage and surfing behavior on one terminal (e.g. mobile phone) can also be displayed on another of your terminals (e.g. Tablet or PC).
If you have given your consent, Google will link your web and app browser history to your Google Account for this purpose. This allows the same personalized advertising to be displayed on any device you sign in to with your Google Account. The aggregation of the data collected in your Google Account is based solely on your consent, which you may give to or withdraw from Google. (Art. 6 para. 1 letter a) GDPR).
Google Analytics collects data for advertising purposes for these linked services. To support the remarketing feature, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data. This is used to define and create target groups for multi-device advertising. Google cookies are used to collect additional access data for advertising purposes and identifiers.
The legal basis for the data processing in connection with the Google Analytics service by us is your consent (Art. 6 (1) a) GDPR). You have the right to withdraw your consent at any time with future effect by adjusting the settings on our Consent banner. You can open the Consent Management Tool by calling up “Cookie Settings” in the footer (baseboard) of the website. The withdrawal of your consent does not affect the lawfulness of the processing carried out on the basis of your consent until the withdrawal.
9. Google reCAPTCHA
We use the reCAPTCHA service of Google Ireland Limited (Ireland/EU) when registering for the corporate customer portal. For such integration, processing of your IP address is technically necessary so that the content can be sent to your browser. Therefore, your IP address is transmitted to Google Ireland. In addition, Google Ireland collects further data, e.g., about your browser and your click patterns. For security reasons, we use the service to check whether form entries are submitted by a natural person. Thus, automated access attempts and attacks can be detected and warded off. We are required by law to take technically and commercially reasonable measures to ensure the security of the portal. The legal basis is Art. 6 (1) lit. c GDPR in conjunction with Art. 32 GDPR and s. 19 (4) Telecommunications and Telemedia Data Protection Act (TTDSG).
III. Data processing on our social media sites
We are represented on several social media platforms with a company profile. Through this, we would like to offer further opportunities to obtain information about our company and to interact. Our company has company profiles on the following social media platforms:
- Facebook und Instagram
When you visit or interact with our profiles on social media platforms, personal data may be processed. The information associated with a social media profile used also regularly constitute as personal data. This also includes messages and statements made using the profile. In addition, certain information is often automatically collected during your visit of social media platforms, which may also be considered as personal data.
1. Visit a social media site
a. Facebook and Instagram
When you visit our Facebook or Instagram page, through which we present our company or individual products from our range, certain information about you is processed. Meta Platforms Ireland Limited (Ireland/EU – “Meta”) is solely responsible for this processing of personal data. Further information about the processing of personal data by Meta can be found at https://www.facebook.com/privacy/explanation. Meta offers the possibility to object to certain data processing; information and opt-out options in this regard can be found at https://www.facebook.com/settings?tab=ads.
LinkedIn Ireland Unlimited Company (Ireland/EU – “LinkedIn”) is the sole responsible party for the processing of personal data when you visit our LinkedIn page. You can obtain further information about the processing of personal data by LinkedIn at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
When you visit, follow, or engage with our LinkedIn company page, LinkedIn processes personal data to provide us with anonymized statistics and insights. This provides us with insights about the types of actions people take on our site (known as Page Insights). For this purpose, LinkedIn processes in particular information that you already provided to LinkedIn in your profile, such as information on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you are interacting with our LinkedIn company page, e.g., whether you are a follower of our LinkedIn company page. With Page Insights, LinkedIn does not provide us with any personal data about you. We only have access to the summarized Page Insights. It is also not possible to draw conclusions about individual members from the information of the Page Insights. This processing of personal data in the context of Page Insights is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our LinkedIn company page and to improve our company page based on these findings. The legal basis for this processing is Art. 6 (1) lit. GDPR. We have entered into a joint controller agreement with LinkedIn. This agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. Thereafter, the following applies:
- LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see at dataprotection.ie) or any other supervisory authority.
For the processing of personal data when visiting our Twitter profile, Twitter Inc. (USA) is the sole responsible party. Further information about the processing of personal data by Twitter Inc. can be found at https://twitter.com/de/privacy.
For the processing of personal data when visiting our Xing profile, New Work SE (Germany/EU) is the sole responsible party. Further information about the processing of personal data by New Work SE can be found at https://privacy.xing.com/de/datenschutzerklaerung.
For the processing of personal data when visiting our YouTube channel, Google Ireland Limited (Ireland/EU) us the sole responsible party. Further information about the processing of personal data by YouTube or Google Ireland Limited can be found at https://policies.google.com/privacy.
2. Comments and Direct Messages
We also process information that you have provided to us via our company page on the respective social media platform. Such information may be the username used, contact details or a message to us. These processing operations are carried out by us as the sole data controller. We process this data based on our legitimate interest to get in contact with requesting persons. The legal basis for data processing is Art. 6 (1) lit. f GDPR. Further data processing may take place if you have consented (Art. 6 (1) lit. a GDPR) or if this is necessary for the fulfillment of a legal obligation. (Art. 6 (1) lit. c GDPR).
IV. Further data processing
1. Contractual relations
For the establishment or implementation of the contractual relationship with our customers, the processing of the personal, contract and payment data provided to us is regularly necessary. The legal basis for this processing is Art. 6 Para. 1 letter b) GDPR. In addition, we process customer and prospect data for evaluation and marketing purposes. This processing takes place on the legal basis of Art. 6 Para. 1 letter f) GDPR and serves our interest in further developing our services and to inform you specifically about offers from Janz Tec AG. Further data processing can take place with your comsent (Art. 6 para. 1 letter a) GDPR) or if this serves to fulfil a legal obligation (Art. 6 para. 1 letter c) GDPR).
A transfer of your personal data cannot be excluded when using the services Confluence and Jira (provided by Atlassian Pty. Ltd. based in Australia and Atlassian Inc. based in the USA). For more information, please see “Data transfers to third countries”.
2. Employment Applications
When you apply to us for employment, we only process application data for purposes related to your interest in current or future employment at our company and the processing of your employment application. Your application will only be processed and taken note of by the respective contact persons. All employees entrusted with data processing are obligated to maintain confidentiality of your personal data.
Should we not be able to offer you employment, we shall store your application data for up to six months after a respective rejection in order to be able to answer questions arising in relation to your application and rejection. This shall not apply in the event that legal provisions prevent deletion, when further storage is required for providing proof or when you have explicitly consented to a longer storage period.
The legal basis for the data processing is provided in § 26 para. 1 sentence 1 BDSG. Should we store your application data for a period exceeding six months and you have provided explicit consent, we wish to point out that you can withdraw this consent at any time in accordance with Art. 7 para. 3 GDPR. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.