General information on data protection – basic statement and general information
We are very pleased that you are interested in Cilian’s website – and thus in the company. The protection of your private rights and freedoms is important to us; we only use your data for the purposes intended. Since it is important to us that you know at all times to what extent we collect, use and, if necessary, pass your data onto third parties, we will subsequently inform you in detail about the processing of your personal data (collected via our website).
In principle, you can use our pages without providing any data; if there are exceptions for selected services, we will explain these in the following chapters. We will not process data without a legal basis without your informed consent.
When processing personal data, we strictly adhere to the requirements of the EU Data Protection Regulation (GDPR) and, if necessary, other data protection regulations.
Definition of terms (according to GDPR)
To ensure the requirement for an easily understandable and legible form of the data protection declaration, we refer to the generally applicable term standards of the GDPR, which we reproduce below in accordance with the wording of the GDPR:
Personal data refers to all information relating to an identified or identifiable natural person (also “data subject”); a natural person is regarded as identifiable, if he/she can be directly or indirectly identified, especially by means of association with an identifier such as a name, with an identification number, with location data, with an online ID or with one or several special features reflecting the physical, physiological, genetic, psychic, economic, cultural or social identity of that natural person;
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing means marking stored personal data to restrict its future processing.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without additional information, provided that this additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data is not an identified or an identifiable natural person.
The data collector is a natural or legal person, public authority, agency or other body, which either alone or with others, determines purposes and means of processing of personal data; where purposes and means of such processing are determined by European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by EU or Member State law
The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
The recipient is a person, public authority, agency or other body to which personal data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under EU law or the law of the Member States under a particular investigation mandate shall not be considered recipients; the processing of such data by the said authorities shall be carried out in accordance with the applicable data protection rules in accordance with the purposes of the processing.
A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
The data subject’s agreement will be voluntary each time for the particular case, in an informed and unequivocal manner, in the form of a statement or other clear affirmative act indicating the data subject’s consent to the processing of personal data concerning him/her.
Name and Address of the data controller
Chief Executive Officer
Tel.: +49 251 620 31-0
Name and address of the data protection officer (to always be contacted first)
Jörg ter Beek
Cortina Consult GmbH
Tel.: (02 51) 20 80 16 28
If you have any questions about the processing of your personal data, if you wish to assert your rights as a data subject (e.g. the right to be informed, correct, block or delete data) or if you wish to withdraw your consent, please contact our data protection officer directly.
Collection of general data and information
As soon as you visit our website, our web server collects some general data and technical information – as shown in the following table:
|browser types and versions used
|correct display of page contents
|operating system used, origin of visitors (referrer, e.g. Google), subpages clicked on
|optimisation of our website content and our advertising
|date and time of access to the website as well as the visitor’s IP address and internet service provider
|ensuring the permanent functionality of our IT systems (for the operation of the website) and preventing misuse
|other security data and information in the event of attacks
|providing relevant information to law enforcement agencies in the event of a cyber attack
This data is collected and stored anonymously; we do not intend to make any conclusions about the person concerned.
You can also contact us via the e-mail addresses provided on our website. Personal data is only collected if you voluntarily provide it to us within the framework of your e-mail or form contact. We use the data you provide without your express permission solely to fulfil and process your contact inquiry. This is not passed on to third parties or, if so, only takes place on the basis of your inquiry.
Deletion or blocking of personal data
We store your personal data only for the time required to fulfil the specified purpose. Your data will be deleted immediately after the expiry of the purpose and storage periods, if any. If deletion is not possible, the data will be blocked instead.
The rights of data subjects
Chapter III of the EU Data Protection Regulation (GDPR) provides for extensive rights for data subjects, which we will explain to you below in relation to data processing on our website:The right to be informed
If we collect personal data from you or have it collected and process it, you have the right to receive information stored by us about your person free of charge at any time. This specification applies in particular to the following data processing details:
- The purpose of the processing operation
- Categories of data
- If necessary, recipient or categories of recipients
- If necessary, the planned storage duration or the criteria for determining this duration
- Information on the respective right to correction, deletion, restriction or objection
- Existence of a right of appeal to a supervisory authority
- If necessary, origin of the data (if not collected from you)
- If necessary, existence of automated decision making including profiling, and including meaningful information about the logic involved, the scope and the expected effects
- If necessary, (planned) transfer to a third country or international organisation
If you wish to exercise your right to information, please contact our data protection officer using the contact details provided.
The right of rectification
If we collect personal data from you or have it collected and process it-and such data is incorrect-, you have the right to request the immediate correction or, if necessary, completion of incorrect or incomplete data concerning you.
If you wish to exercise your right to correction, please contact our data protection officer using the contact details provided.
Right to deletion (right to be forgotten)
If we collect personal data from you or have it collected and process it, you have the right to request the deletion of your data, provided that the processing is no longer necessary and one of the following conditions is fulfilled:
- Expiry of the purpose of processing
- Withdrawal of your consent and the absence of any other legal basis for processing
- Opposition to processing without an important reason to the contrary
- Illegal processing
- Required to fulfil a legal obligation
- Data collection in accordance with Art. 8 para. 1 GDPR
As part of the deletion request, we may pass on your request to those third parties to whom your data was previously transferred.
If you wish to exercise your right of deletion, please contact our data protection officer using the contact details provided.
The right to restriction of processing
If we collect personal data from you or have it collected and process it, you have the right to demand restriction of the data processing, provided that one of the following conditions is fulfilled:
- You dispute the accuracy of your data (restriction may be made on our site for the duration of the verification)
- In the event of unlawful processing and provided that the data is not to be deleted, deletion shall be replaced by restriction of processing
- If the processing purposes expire, at the same time you need your data to assert, exercise or defend legal claims
- After your objection pursuant to Art. 21 para. 1 GDPR and for the duration of the examination, whether our justified reasons outweigh yours.
If you wish to exercise your right of restriction, please contact our data protection officer using the contact details provided.
The right to data portability
If we collect personal data from you or have it collected and process it, you have the right to receive the personal data concerning you from us in a structured, common and machine-readable format. As long as it is technically possible and the rights and freedoms of other persons are not affected, we will – at your request – transfer your data to another recipient (data controller).
If you wish to exercise your right to data portability, please contact our data protection officer using the contact details provided.
Right to object
If we collect personal data from you or have it collected and process it (on the basis of Art. 6 Para. 1(e) or (f) GDPR), you have the right to object to data processing (including profiling) at any time. In exceptional cases, the objection may be invalid, e.g. if we can prove compelling legitimate interests for processing that outweigh your interests, or processing serves to assert, exercise or defend legal claims. If we process your personal data for direct marketing purposes, you have the right to object to such processing at any time. This also applies to any profiling connected with such direct advertising. You also have the right to object to the processing of the data we hold about you, which is carried out by us for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR unless such processing is necessary to fulfil a task in the public interest.
If you wish to exercise your right of objection, please contact our data protection officer using the contact details provided.
Automated individual decision-making including profiling
If we collect personal data from you or have it collected and process it, you have the right not to be subject to decision based exclusively on automated processing – including profiling – which has a legal effect on you or significantly impairs you in a similar manner. Exceptions to this requirement apply if the decision to conclude or fulfil a contract between you and us is necessary or if you have expressly consented to the processing. In any event, we will take reasonable measures to protect your rights and freedoms and your legitimate interests, including at least the right on our part to obtain the intervention of a person to express our position and to challenge the decision.
If you wish to make use of rights relating to automated decisions, please contact our data protection officer using the contact details provided.
Right to withdraw consent under the data protection laws
If we collect personal data from you or have it collected and process it, you have the right to withdraw your consent to the processing of your personal data at any time.
If you wish to exercise your right to withdraw consent, please contact our data protection officer using the contact details provided.
Data protection in job applications and in the application procedure
On our website, we offer you the convenient opportunity to apply with the company for open advertised positions using the specially provided form. We use the personal data collected about you exclusively for the purpose of processing the application procedure. Alternatively, you can also apply to us via the e-mail address published in the job advertisement. If, at the end of the application process, we hire you as an employee, the purpose for processing the data concerned will change: in this case, it will in future be used to carry out and maintain the employment relationship. The personal data of applicants that we do not employ will be kept for possible legal claims (e.g. according to the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz – AGG)) for the legally necessary period (maximum 6 months) and subsequently destroyed or deleted immediately.
Information on data security
We secure our website and other systems via technical and organisational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons. However, despite regular checks, complete protection against all risks is not possible.
We process personal data according to the specifications of the GDPR, depending on the type and purpose of processing, as follows:
|Where allowed by law
|Specification of the GDPR
|Art. 6 para. 1(a)
|In performance of a contract
|Art. 6 para. 1(b)
|Implementation of pre-contractual measures
|Art. 6 para. 1(b)
|Fulfilment of legal obligations
|Art. 6 para. 1(c)
|Protection of vital interests
|Art. 6 para. 1(d)
|Safeguarding our legitimate interest
|Art. 6 para. 1(f)
Our legitimate interest
Our legitimate interest, as defined in Article 6 para. 1(f) GDPR, is based on the performance of our business activities to maintain our operability and to safeguard the employment of our employees.
The duration of the storage of personal data depends on the respective legal retention period after the purpose ceases to apply. After expiry of this period, we will delete the corresponding data if it is no longer necessary for the fulfilment or initiation of the contract.
Under certain conditions (e.g. due to legal or contractual regulations) you are obliged to provide us with your personal data. Examples of such processing are as follows:
|Nature and purpose of the processing
|Conclusion of a sales contract (e.g. your address)
|Fulfilment of the contractual obligation (e.g. delivery of the goods to your address)
|In the context of employees (e.g. transmission of data to the tax authorities)
|Compliance with legal requirements (e.g. tax regulations)
A violation (i.e. the failure to provide the required data) would mean that the respective data processing and consequently the corresponding contract could not be concluded with you. Upon request, we will inform you in individual cases before collecting your data as to whether the provision is required by law or contract, or necessary for concluding the contract, and what consequences this may have for you.
Existence of automated decision-making
We do not make use of automatic decision making and do not use any techniques to carry out profiling measures.