PRIVACY POLICY

With this Data Privacy Policy we want to inform you about how we process personal data in connection with this website. The protection of your privacy is of utmost importance to us. Therefore, compliance with the legal requirements, including data protection, is a matter of course for us.

Contact

Smart Digital GmbH – A Credera Company
Weilimdorfer Str. 74/1
70839 Gerlingen, Germany
[email protected]
CEO: Thomas Vogt

Data Protection Officer

For all questions and concerns regarding the security of your data you can contact us at [email protected].

If you have a particularly sensitive concern, please contact our Data Protection Officer by post as communication by e-mail can always have security gaps. Please indicate in your inquiry that your request involves the company Smart Digital GmbH.

External Data Protection Officer EU and UK

ePrivacy GmbH
represented by Prof. Dr. Christoph Bauer
Burchardstr. 14
20095 Hamburg

UK Representative Article 27 UK GDPR
If the data processing is subject to the UK GDPR and a UK Representative is required, this is:

DAS Europe Ltd
90-100 Southwark St
London, SE1 0SW

Personal data

Personal data is all information about personal and factual circumstances of an identified or identifiable person.

This includes the following categories of personal data that we process:

  • Contact and address information, if you provide us with your contact information (name, your address or other mailing address, telephone number, or your e-mail address)
  • Your correspondence with us
  • Information that you have submitted to us in the course of an application
  • Information about your request
  • Online identifiers (e.g. your IP address, browser type and version, the operating system used, the referrer URL, the file name, the access status, the amount of data transferred, the date and time of the server request)
  • Log files with information about your visit to our website
  • Social media identifiers

Legal basis

The processing of your data takes place on the following legal basis:

  • Regarding data that you enter in forms, etc. or regarding plugins that you activate with your consent, Art. 6 para. 1 letter a) GDPR
  • Regarding services that you use, to initiate or implement a contract with you, Art. 6 para. 1 lit. b) GDPR –
  • In all other respects to implement our legitimate corporate interests, in particular with regard to statistical data and online identifiers, on the basis of legitimate interests, Art. 6 para. 1 lit. f) GDPR (see below)

Legitimate interests

When processing your data, we pursue the following legitimate interests:

  •  Improvement of our offer
  • Protection against misuse
  • Statistics
  • Marketing
  • Storing our correspondence with you

Intended purposes

We process your data for the following purposes:

  • If you want us to contact you
  • When concluding contracts with you
  • For advertising purposes
  • For quality assurance
  • For our statistics

Personal data is only collected by us if and to the extent and for the purpose for which you provide us with the data of your own accord, e.g. when contacting us via an online form.

We use and store your personal data in the context of our services for the following purposes only if you have expressly given us your consent to do so:

  • Applicant management via our applicant management system Recruitee

We process your data only for the purpose of processing your application. The legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. In the event of a successful application, the data provided by you may be further processed by us for the purposes of the employment relationship.
If we are unable to offer you a position or if you withdraw your application, we will store your data for a maximum of 6 months after the end of the application process in order to comply with the obligation to be able to provide evidence as required by the General Act on Equal Treatment (AGG).

Data transfer to recipients outside the European Economic Area

Data is transferred to countries outside the European Economic Area (EEA). We only transfer personal data to third countries where the EU Commission has confirmed an adequate level of protection or where we can ensure the careful handling of personal data through contractual agreements or other appropriate guarantees, such as certification or proven compliance with international security standards.

  • USA (EU standard contractual clauses and additional security measures)

Log files

In order to ensure the technical functionality and presentation of our site, to clarify security incidents and to monitor technical faults or attacks, we collect the standard data required for this. You can use all areas of our website that do not require access authorization without having to disclose personal data.
When you access our site, so-called log files (activity protocols) are automatically transferred to our servers. As a rule, this will not be personal data and this information will not be mixed with other data processed by us.
Log files

  • Date and time of the website visit
  • Version of the HTTP protocol
  • Type and version of the browser used
  • Type of operating system
  • Requested files
  • Information about retrieved files and transferred data volume
  • Anonymized IP address
  • Error messages
  • Activities on our website and accessed pages
  • Amount of transferred data
  • Source reference from which website you came to us
  • Status code of a request
  • Starting point of a request
  • Access log file
  • FTP log file

Duration of storage

We store your data,

  • if you have consented to the processing, but only until you revoke your consent,
  • if we need the data for the execution of a contract, but only as long as the contractual relationship with you exists or legal retention periods need to be observed,
  • if we use the data on the basis of a legitimate interest, but only for as long as your interest in deletion or anonymization does not prevail,
  • to comply with legal retention periods, e.g. commercial or tax retention obligations (e.g. German Commercial Code, German Tax Code) until the end of these retention periods.

Data protection

We have taken extensive technical and organizational measures to protect your data against possible risks, such as unauthorized access or admission, unauthorized disclosure, modification or distribution, as well as against loss, destruction or misuse.
In order to protect your personal data from unauthorized access by third parties during transmission, we secure data transmissions using SSL encryption where necessary. This is a standardized encryption method for online services, especially for the web.

Cookies

General information about cookies
A cookie is a text file with an identification number which, when the website is used, is transmitted to the user’s computer together with the other data actually requested and is stored there. The file is stored there for later access and is used to authenticate the user. Since cookies are only simple files and not executable programs, they pose no danger to the computer.

Depending on the settings selected by the user in his Internet browser, the browser automatically accepts cookies. However, this setting can be changed and the storage of cookies deactivated or set in such a way that the user is notified as soon as a cookie is set. If the use of cookies is deactivated, some functions of the website may not be available or may only be available to a limited extent. You can prevent the setting of cookies by our website at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies.

Already active cookies can be deleted at any time via an Internet browser or other software programs. We may work together with advertising partners who help us to make our Internet offer more interesting for you. For this purpose, cookies from partner companies may also be stored on your hard drive when you visit our website (third-party cookies).

[cookie_popup_content]

We need the cookies for the following purposes:
[cookie_audit]

Third-party services

As a matter of principle, we will only transfer your personal data to third parties if this is necessary to fulfill our contractual or legal obligations and to provide our services. When processing your data, we work with the following service providers who have access to your data:

  • Providers of web analytics tools
  • Providers of web hosting and web development services
  • Service providers for IT development services
  • Email and newsletter providers
  • CRM system service providers
  • Cloud services
  • Providers of application management software

We have carefully selected these service providers and committed them to confidentiality and compliance with legal requirements.
We are legally obligated to transmit data to governmental authorities, e.g. tax authorities, supervisory authorities and law enforcement agencies.

Web analysis

We use – like almost every website operator – analysis tools in the form of tracking software to determine the frequency of use and the number of users of our website.

Hubspot

We use HubSpot services for our

  • E-mail marketing activities (newsletters and automated mailings, e.g. to inform about updates)
  • Social media reporting (e.g. LinkedIn)
  • Reporting (e.g. traffic sources, accesses, etc.)
  • Contact management (e.g. user segmentation & CRM)
  • Provision of websites/landing pages and contact forms

HubSpot is a software company from the USA with a branch in Ireland: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. This allows us to effectively manage and control our e-mail marketing and contact management. Therefore, we process your first and last name and your e-mail address.

More information about HubSpot’s data protection regulations.
More information from HubSpot regarding EU data protection regulations.

YouTube

Social media plugins of the provider YouTube, which belongs to Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland (“Google”), are integrated on our website. When you visit our website, a connection is established with the YouTube servers. For this, we use the “Privacy-Enhanced Mode” provided by YouTube. According to YouTube, for example, the information that you have visited our website with your IP address is only transmitted to YouTube when you interact with the plugin (e.g. click on an embedded video). If you are logged in to YouTube, YouTube can associate your visit to our website with your user account. If you interact with an embedded video, for example, YouTube will assign it to your profile and save it. We have no influence on the scope and content of the data collected by YouTube.

Google Data Privacy Policy:  https://policies.google.com/privacy?hl=de

To prevent the assignment of the collected data to your profile, you must log out of your account.

reCAPTCHA

We use the reCaptcha service of Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland. The service determines whether the input into an Internet form is done by a bot or other automated processing or by a human. Your IP address, shortened for anonymization, and data required for reCaptcha are transmitted to Google, without being merged with other Google data.

To view the Google data protection regulations:
https://policies.google.com/privacy?hl=de

Recruitee

We offer you the opportunity to apply to us via our application portal.
For the organization and processing of the application process we use the services of Recruitee B.V., Johan Huizingalaan 763, (1066 VH) Amsterdam, The Netherlands (hereinafter referred to as „Recruitee“). If you click on “JOIN OUR TEAM” or on our job advertisements on our website, you will be redirected automatically to the Recruitee website.
When you visit the Recruitee website, Recruitee automatically collects personal access data. This includes the requesting device, the web browser used, the operating system, the IP address, the website from which you came and your behavior on the Recruitee website. If you decide to submit an application, the data you enter there will also be transmitted to Recruitee. For more information about how Recruitee protects your personal data, please see the Recruitee privacy policy under

https://recruitee.com/de/privacy

Indeed

You can also apply to us via Indeed.
In order to enable the “Apply via Indeed” functionalities, your personal usage data must be processed by Indeed Ireland Operations Limited, 124 St Stephen’s Green, Dublin 2, Ireland (here “Indeed”).
When you apply for any of our vacancies through the Indeed portal, Indeed collects your CV and other application documents and information that you provide on a voluntary basis. This data is made available to us for verification. This allows you to share with us the information Indeed holds about you and, for example, provide us with your CV stored by Indeed. You can view Indeed’s terms of use here:
https://de.indeed.com/legal and Indeed’s Privacy Policy here: https://hrtechprivacy.com/de/brands/about-indeed#privacypolicy.
To make this feature available to you, we have included the “Apply via Indeed” button on our Recruitee website. Even if you don’t use this feature, Indeed will still process personal information because your IP address is already transmitted to Indeed when the button is displayed. Indeed may also use cookies.

Social media plugins with Shariff

To protect your data in the best possible way, we use the Shariff data protection solution developed by the computer magazine c’t for the integrated social media plugins on our website.
The plugins provided by social networks generally collect and transmit your personal data even if you merely visit a website with integrated social media plugins and do not interact with the service. A user account with the networks is not necessary for this. However, if you have one and are logged in, the services can assign your visit to the user account.
The integration of Shariff prevents your data from being collected by social networks via the integrated plugins when you visit our website. Only when you actively interact with a social media plugin, such as by clicking a “Like” or “Share” button, a connection to the social network server will be established. This allows you to continue to use the buttons as usual.
You can find further information under:
https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz

and under

https://www.heise.de

Data subject rights

As a data subject, you have the following rights:

  • To request information about the processing of your data and to receive a copy of your personal data. For example, you can request information about the purposes of the processing, the categories of personal data that are processed, the recipients of the data (if a transfer takes place), the duration of storage and the criteria for determining the duration;
  • To obtain your personal data in a structured, commonly used and machine-readable format or to transfer the data to another person responsible;
  • To correct your data. If your personal data is incomplete, you have the right to complete the data, taking into account the purposes of processing;
  • To have your data deleted or blocked;
  • To have the processing restricted;
  • To object to the processing of your data;
  • To revoke your consent to the processing of your data for the future, and
  • to complain to the competent supervisory authority about unlawful data processing.

Requirement or obligation to provide data
Unless this is explicitly stated at the time of collection, the provision of data is not necessary or obligatory.

Whistleblower system

Our internal whistleblowing system gives employees, suppliers and business partners the opportunity to point out grievances without having to come forward themselves. This concerns in particular the following issues within the company:
• Crimes or misconduct.
• Serious and flagrant violations of applicable law and/or international agreements.
• Serious threats or endangerments to the public interest of which the whistleblowers have personal knowledge.
• Breach of any code of conduct or policy of the Company.
• Dangers to the health of employees.
You do not have to provide any personal data about yourself. However, depending on the content of your contribution, your report may contain personal data of third parties. Data that is irrelevant or immaterial to the report will not be processed in the subsequent investigation of the incident. You can remain anonymous if you do not disclose any personal data about yourself.

Legal basis for the processing
The processing of the data serves the fulfilment of a legal obligation, Art. 6 (1) sentence 1 lit. c DSGVO, which follows from the so-called Whistleblower Directive (Directive (EU) 2019/1937 on the protection of persons who report infringements of Union law) and national laws of the EU Member States based on this. The data processing is also carried out in the legitimate interest of the company to be informed about unlawful and reportable events and to be able to clarify them internally, Art. 6 para. 1 p. 1 lit. f DSGVO. The reports are checked and answered within the legally specified deadlines. The deletion of the data takes place no later than 3 years after the conclusion of the proceedings, provided that there are no retention obligations as a result of any subsequent legal proceedings.

Data recipient
The data collected is forwarded to persons in the company responsible for processing reports and may also be made available to other third parties (lawyers, experts and auditors) for analysis and investigation purposes. If necessary, authorities and courts may also be involved.
The management receives an annual summary report on the number and type of reports for inclusion in the report pursuant to the Supply Chain Due Diligence Act. CONFDNT ensures that the protection of the person making the report is guaranteed.
In addition, your data is transferred to the service company CONFDNT, which supports the operation of the website and the associated processes, within the scope of order processing pursuant to Art. 28 DSGVO. The service company works strictly according to instructions and has been contractually obligated accordingly.

Transfer of data to countries outside the European Union
The data collected may be made available to recipients outside the European Union on a case-by-case basis to the extent that this is strictly necessary to process the notifications received, in particular to determine the materiality of the infringements. Prior to the transfer of personal data, all measures necessary to ensure that the level of protection of natural persons guaranteed by the GDPR is not undermined shall be taken.

Last update of this Data Privacy Policy

09 February 2023
We reserve the right to change this Data Privacy Policy at any time with effect for the future.