Data Protection

HRB 250155 B

Data Protection

 

We hereby inform you in accordance with the legal requirements of data protection law (especially in accordance with the BDSG new version and the European General Data Protection Regulation ‘GDPR’) about the nature, scope, and purpose of processing personal data by our company. This privacy policy also applies to our websites and social media profiles. For the definition of terms such as “personal data” or “processing,” we refer to Article 4 of the GDPR.

Name and contact details of the data controller

Our data controller (hereinafter “Controller”) as defined in Article 4, Clause 7 of the GDPR is:

sifamo GmbH
Uhlandstraße 165/166
10719 Berlin, Germany
Managing Director: Umair Zaffar
Commercial Register/No.: HRB 250155 B
Registration Court: Charlottenburg Local Court, Berlin
Email address: contact@sifamo.com

Types of data, purposes of processing, and categories of data subjects

Below, we inform you about the type, scope, and purpose of collecting, processing, and using personal data.

1. Types of data we process
Usage data (access times, visited websites, etc.), master data (name, address, etc.), contact data (phone number, email, fax, etc.), contract data (subject matter of the contract, duration, etc.), communication data (IP address, etc.),

2. Purposes of processing under Article 13(1)(c) of the GDPR
Contract processing, evidence purposes/evidence preservation, technical and economic optimization of the website, facilitating easy access to the website, fulfilling contractual obligations, contacting in case of legal objections by third parties, fulfilling legal retention obligations, optimizing and statistically evaluating our services, supporting commercial use of the website, improving user experience, making the website user-friendly, economical operation of advertising and website, marketing/sales/advertising, creating statistics, determining text copying probability, preventing SPAM and abuse, processing of job applications, customer service and customer care, handling contact inquiries, providing websites with functions and content, security measures, uninterrupted and secure operation of our website,

3. Categories of data subjects under Article 13(1)(e) of the GDPR
Visitors/users of the website, customers, interested parties, applicants, employees,

The data subjects are collectively referred to as “Users.”

Legal bases for processing personal data

Below, we inform you about the legal bases for processing personal data:

If we have obtained your consent for the processing of personal data, Article 6(1)(a) of the GDPR is the legal basis.
If processing is necessary for the performance of a contract or for the implementation of pre-contractual measures carried out at your request, Article 6(1)(b) of the GDPR is the legal basis.
If processing is necessary to fulfill a legal obligation to which we are subject (e.g., legal retention obligations), Article 6(1)(c) of the GDPR is the legal basis.
If processing is necessary to protect the vital interests of the data subject or another natural person, Article 6(1)(d) of the GDPR is the legal basis.
If processing is necessary to protect our or a third party’s legitimate interests, and your interests or fundamental rights and freedoms do not outweigh those interests, Article 6(1)(f) of the GDPR is the legal basis.

Disclosure of personal data to third parties and processors

We generally do not disclose data to third parties without your consent. If this does occur, it will be based on the legal bases mentioned above, such as the transfer of data to online payment providers for contract fulfillment or due to a court order or legal obligation to disclose data for the purpose of law enforcement, danger prevention, or the enforcement of intellectual property rights. We also use processors (external service providers, e.g., for web hosting of our websites and databases) for processing your data. When data is transferred to processors as part of an agreement on data processing, this is always done in accordance with Article 28 of the GDPR. We carefully select our processors, regularly check them, and have obtained the right to issue instructions regarding the data. In addition, processors must have taken appropriate technical and organizational measures and comply with data protection regulations according to the BDSG new version and the GDPR.

Data Transfer to Third Countries

The adoption of the European General Data Protection Regulation (GDPR) has established a unified framework for data protection in Europe. As a result, your data is primarily processed by companies to which the GDPR applies. However, if processing does occur by third-party services outside the European Union or the European Economic Area, they must meet the specific requirements of Articles 44 ff. of the GDPR. This means that processing takes place based on special guarantees, such as the officially recognized determination of a data protection level equivalent to that of the EU by the EU Commission or compliance with officially recognized special contractual obligations, known as “standard contractual clauses.” For US companies, compliance with the so-called “Privacy Shield,” the data protection agreement between the EU and the USA, meets these requirements.

Deletion of Data and Storage Duration

Unless expressly stated in this privacy policy, your personal data will be deleted or blocked as soon as the purpose of storage no longer applies, unless further retention is required for evidential purposes or is contrary to legal retention obligations. This includes, for example, commercial storage obligations for business letters under § 257(1) of the German Commercial Code (HGB) (6 years) and tax-related storage obligations under § 147(1) of the German Fiscal Code (AO) for documents (10 years). When the prescribed retention period expires, your data will be blocked or deleted, unless storage is still necessary for contract conclusion or performance.

Existence of Automated Decision-Making

We do not use automated decision-making or profiling.

Provision of Our Website and Creation of Log Files

If you use our website for informational purposes only (i.e., no registration or transmission of information), we only collect the personal data that your browser transmits to our server. When you want to view our website, we collect the following data:

– IP address;
– User’s internet service provider;
– Date and time of access;
– Browser type;
– Language and browser version;
– Content of the request;
– Timezone;
– Access status/HTTP status code;
– Data volume;
– Websites from which the request comes;
– Operating system.

These data serve the purpose of delivering our website to you in a user-friendly, functional, and secure manner, with its features and content, as well as optimizing it and performing statistical analysis.

The legal basis for this is our legitimate interest in data processing pursuant to Art. 6(1)(f) of the GDPR, which also underlies the purposes mentioned above.

For security reasons, we store this data in server log files for a retention period of 90 days. After this period, they are automatically deleted unless we need to retain them for evidential purposes in the event of attacks on the server infrastructure or other legal infringements.

    Cookies

    We use so-called “cookies” when you visit our website. Cookies are small text files that your internet browser stores on your computer. When you revisit our website, these cookies provide information to automatically recognize you. The information obtained in this manner is used to optimize our web services technically and economically and to provide you with easier and secure access to our website. When you visit our website, we inform you about the use of cookies for the purposes mentioned above and how you can object to or prevent their storage (“opt-out”) through a notice in our privacy policy. Our website uses session cookies, persistent cookies, and third-party cookies:

    • Session Cookies: We use cookies to recognize repeated use of an offering by the same user (e.g., when you log in to determine your login status). When you revisit our site, these cookies provide information to automatically recognize you. The information obtained in this manner is used to optimize our offerings and provide you with easier access to our site. When you close your browser or log out, the session cookies are deleted.

    • Persistent Cookies: These are automatically deleted after a specified duration, which may vary depending on the cookie. In your browser’s security settings, you can delete cookies at any time.

    • Third-Party Cookies: According to your preferences, you can configure your browser settings to reject third-party cookies or all cookies. However, we would like to point out that this may result in limitations in the functionality of this website. For more information about these cookies, please refer to the respective privacy policies of the third parties.

    The legal basis for this processing is Art. 6(1)(b) of the GDPR when cookies are set for contract initiation (e.g., for orders). Otherwise, we have a legitimate interest in the effective functionality of the website, making Art. 6(1)(f) of the GDPR the legal basis in this case.

    Objection and “Opt-Out”: You can generally prevent cookies from being stored on your hard drive by selecting “Do not accept cookies” in your browser settings. However, this may result in limitations in the functionality of our offers. You can object to the use of third-party cookies for advertising purposes via an “opt-out” on this American website (//optout.aboutads.info) or this European website (//www.youronlinechoices.com/de/praferenzmanagement/).

    Contact via Contact Form / Email / Fax / Post

    When you contact us via a contact form, fax, post, or email, your information is processed for the purpose of handling the contact request. The legal basis for processing the data is Art. 6(1)(a) of the GDPR if you have given your consent. The legal basis for processing the data transmitted in the course of a contact request, email, letter, or fax is Art. 6(1)(f) of the GDPR. The data controller has a legitimate interest in processing and storing the data in order to respond to user inquiries, for liability purposes, and to comply with any legal retention obligations for business letters. If the contact is aimed at concluding a contract, an additional legal basis for processing is Art. 6(1)(b) of the GDPR.

    We may store your information and contact request in our Customer Relationship Management system (“CRM system”) or a similar system. The data is deleted as soon as it is no longer necessary to achieve the purpose of its collection. For personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with you is concluded. The conversation is considered concluded when it can be inferred from the circumstances that the matter in question has been finally clarified. Requests from users who have an account or contract with us are stored for two years after the contract has ended. In the case of legal archiving obligations, deletion occurs after their expiration: end of commercial (6 years) and tax (10 years) retention obligations.

    You have the option to revoke your consent pursuant to Art. 6(1)(a) of the GDPR for the processing of personal data at any time. If you contact us via email, you can object to the storage of personal data at any time.

      Google Adsense

      We have integrated advertisements from the Google service “Adsense” (Google Ireland Limited, Registration Number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) on our website. The advertisements are marked with the “(i)” indication “Google Ads.” We have enabled personalized ads to show you more interesting advertisements that support the commercial use of our website, increase value for us, and enhance your user experience. With personalized advertising, we can reach users through Adsense based on their interests and demographic characteristics (e.g., “Sports Enthusiasts”).

      For these purposes, Google receives information that you have visited our website when you visit it. Google places a web beacon or cookie on your computer for this purpose. The full extent of data processing and storage duration is unknown to us. The data is also transferred to and analyzed in the United States. If you are logged into a Google account, Adsense can associate the data with your account. If you do not wish this to happen, you must log out of your Google account before visiting our website.

      Other information that may be used by Google for this purpose includes:

      – The type of websites you visit and mobile apps installed on your device.
      – Cookies in your browser and settings in your Google account.
      – Websites and apps you have visited.
      – Your activities on other devices.
      – Previous interactions with Google ads or advertising services.
      – Your Google account activities and information.

      When you click on an Adsense ad, Google processes the user’s IP address (usage data), with processing being pseudonymized (known as “advertising ID”) by shortening the IP address’s last two digits.

      Google does not link identifiers from cookies or similar technologies to special categories of personal data according to Art. 9 GDPR, such as ethnic origin, religion, sexual orientation, or health.

      It is possible that the above data may be shared with third parties, authorities, or Google partners. This website has also activated Google AdSense ads from third parties. The aforementioned data may be transferred to these third-party providers (listed at //support.google.com/dfp_sb/answer/94149).

      The legal basis for processing your data is Art. 6(1)(f) of the GDPR. Google is certified under the EU-US Privacy Shield: //www.privacyshield.gov/EU-US-Framework.

      You can object to or prevent the installation of cookies by Google Adsense in various ways:

      – You can block cookies, including third-party cookies, in your browser settings by selecting “Do not accept cookies.”
      – You can disable personalized ads at Google directly via the link //adssettings.google.com. Note that this setting only remains in effect until you delete your cookies. Instructions for disabling personalized advertising on mobile devices can be found here: //support.google.com/adsense/troubleshooter/1631343.
      – You can disable personalized ads from third-party providers participating in the “About Ads” self-regulation initiative via the link //optout.aboutads.info for US sites or for EU sites at //www.youronlinechoices.com/de/praferenzmanagement. This setting only remains in effect until you delete all your cookies.
      – You can permanently disable cookies for Chrome, Firefox, or Internet Explorer via a browser plugin at //support.google.com/ads/answer/7395996. This may result in not being able to fully use all features of our website.

      For more information about the use of Google cookies in ads and their ad technology, storage duration, anonymization, location data, operation, and your rights, refer to Google’s advertising privacy policy at //policies.google.com/technologies/ads.

      Google AdWords with Conversion Tracking

      We use the service “AdWords with Conversion Tracking” (Google Ireland Limited, Registration Number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) to draw attention to our website through ads on third-party websites. When you click on a Google ad from us, a cookie is stored in your browser that is valid for about 30 days. Afterward, when you visit our website, we and Google can evaluate whether you have visited our website and which page you visited. Google creates statistics based on this information. The full extent of data processing is unknown to us. The data is also transferred to and analyzed in the United States. If you are logged into a Google account, AdWords can associate the data with your account. To prevent this, you must log out of your Google account before visiting our website. This conversion tracking is for the purpose of analyzing, optimizing, and economically operating our advertising and website.

      The legal basis for processing your data is our legitimate interest in analyzing, optimizing, and economically operating our advertising and website under Art. 6(1)(f) of the GDPR. Google is certified under the EU-US Privacy Shield: //www.privacyshield.gov/EU-US-Framework.

      You can object to or prevent the installation of cookies by Google in various ways:

      – You can block cookies, including third-party cookies, in your browser settings by selecting “Do not accept cookies.”
      – You can disable conversion tracking at Google directly via the link //adssettings.google.com. This setting remains in effect until you delete your cookies.
      – You can disable personalized ads from third-party providers participating in the “About Ads” self-regulation initiative via the link //optout.aboutads.info for US sites or for EU sites at //www.youronlinechoices.com/de/praferenzmanagement. This setting remains in effect until you delete all your cookies.
      – You can permanently disable cookies for Chrome, Firefox, or Internet Explorer via a browser plugin at //support.google.com/ads/answer/7395996. This may result in not being able to fully use all features of our website.

      For more information about data usage in Google AdWords, visit //www.google.com/analytics/terms/de.html (Google Analytics terms), //support.google.com/analytics/answer/6004245?hl=de (Google Analytics privacy information), and Google’s privacy policy at //policies.google.com/privacy.

      Objection and “Opt-Out”: You can generally prevent cookies from being stored on your hard drive by selecting “Do not accept cookies” in your browser settings. However, this may result in limitations in the functionality of our offers. You can also prevent Google from collecting and processing data generated by the cookie and related to your use of the website by downloading and installing the browser plugin available at //tools.google.com/dlpage/gaoptout?hl=de. As an alternative to the browser plugin mentioned above, you can prevent the collection of data by Google Analytics by clicking on [insert the Analytics Opt-Out link for your website here]. This will set an “opt-out” cookie that prevents the collection of your data when you visit this website in the future. This cookie is only valid for our website and your current browser and will only remain in effect until you delete your cookies. In this case, you would need to set the cookie again.

      Cross-device user analysis can be disabled in your Google account under “My Data > Personal Data.”

      YouTube Videos

      We have embedded YouTube videos from youtube.com on our website using the embedded function, making them directly accessible on our site. YouTube is owned by Google Ireland Limited, Registration Number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland. We have integrated the videos in the so-called “extended data protection mode” without using cookies to track user behavior for personalized video playback. Instead, video recommendations are based on the currently played video. Videos played in the extended data protection mode within an embedded player do not affect the videos recommended to you on YouTube.

      When you start a video (by clicking on the video), YouTube receives information that you have accessed the corresponding page on our website. The collected data is transferred to the USA and stored there. This process occurs even without a user account at Google. If you are logged into your Google account, Google can associate the above data with your account. If you do not wish for this to happen, you must log out of your Google account. Google creates user profiles from such data and uses this information for advertising, market research, or the optimization of its websites.

      The legal basis for this data processing is our legitimate interest in data processing pursuant to Art. 6(1)(f) of the General Data Protection Regulation (GDPR). You have the right to object to the creation of user profiles with Google. Please contact Google directly for this by referring to the privacy policy provided below. You can also opt out of advertising cookies in your Google account: //adssettings.google.com/authenticated.

      For more information regarding the use of Google cookies, their advertising technologies, storage duration, anonymization, location data, functionality, and your rights, please refer to Google’s general privacy policy: //policies.google.com/privacy. Google is certified under the EU-US Privacy Shield (//www.privacyshield.gov/EU-US-Framework), which obliges it to comply with European data protection laws.

      Google ReCAPTCHA

      We have integrated the anti-spam function “reCAPTCHA” by “Google” (Google Ireland Limited, Registration Number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) on our website. By using “reCAPTCHA” in our forms, we can determine whether the input was made by a machine (robot) or a human being. When using the service, your IP address and possibly other necessary data may be transmitted to Google servers in the USA.

      The purpose of processing this data is to prevent spam and abuse, as well as our economic interest in optimizing our website.

      The legal basis for this is our legitimate interest in data processing pursuant to Art. 6(1)(f) of the General Data Protection Regulation (GDPR). Google is certified under the Privacy Shield agreement (//www.privacyshield.gov/EU-US-Framework), ensuring compliance with European data protection laws.

      For more information about Google ReCAPTCHA, please visit: //www.google.com/recaptcha/. You can also find information in Google’s privacy policy: //policies.google.com/privacy.

      Google Maps

      We have integrated maps from “Google Maps” (Google Ireland Limited, Registration Number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) on our website. This allows us to display the location of addresses and provide directions directly on our website using interactive maps, enabling you to use this tool.

      When you access our website with integrated Google Maps, a connection is established with Google servers in the USA. Your IP address and location may be transmitted to Google during this process. Additionally, Google receives information that you have accessed the respective page. This occurs even if you do not have a user account with Google. If you are logged into your Google account, Google can associate the above data with your account. If you do not wish for this to happen, you must log out of your Google account. Google creates user profiles from such data and uses this information for advertising, market research, or the optimization of its websites.

      The legal basis for this data processing is our legitimate interest in data processing pursuant to Art. 6(1)(f) of the General Data Protection Regulation (GDPR). You have the right to object to the creation of user profiles with Google. Please contact Google directly for this by referring to the privacy policy provided below. You can also opt out of advertising cookies in your Google account: //adssettings.google.com/authenticated.

      For more information regarding the use of Google Maps, their terms of use, and their privacy policy, please refer to the following links:

      Google Maps Terms of Use: //www.google.com/intl/de_de/help/terms_maps.html
      Google’s Advertising Privacy Policy: //policies.google.com/technologies/ads
      Google’s general privacy policy: //policies.google.com/privacy

      Google is certified under the EU-US Privacy Shield (//www.privacyshield.gov/EU-US-Framework), which obliges it to comply with European data protection laws.

      Presence on Social Media

      We maintain profiles or fan pages on social media platforms to communicate with users who are connected to and registered on these platforms, and to inform them about our products, offers, and services. The US-based providers are certified under the Privacy Shield framework, which obligates them to comply with European data protection regulations. When you use and visit our profile on a respective social network, the specific privacy policies and terms of use of that network apply.

      We process the data you send to us through these networks to communicate with you and respond to your messages on these platforms. The legal basis for processing personal data is our legitimate interest in communicating with users and our external representation for advertising purposes under Art. 6(1)(f) of the General Data Protection Regulation (GDPR). If you have given your consent to the responsible party of the social network to process your personal data, the legal basis is Art. 6(1)(a) and Art. 7 of the GDPR.

      You can find the privacy policies, options for obtaining information, and options for objecting (opt-out) for the respective social networks here:

      – Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland):
      Privacy Policy: //www.facebook.com/about/privacy/
      Opt-Out: //www.facebook.com/settings?tab=ads and //www.youronlinechoices.com
      Privacy Shield: //www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

      – Google+ (Google Ireland Limited, Registration Number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland):
      Privacy Policy: //policies.google.com/privacy
      Opt-Out: //adssettings.google.com/authenticated
      Privacy Shield: //www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

      – Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA):
      Privacy Policy: //twitter.com/de/privacy
      Opt-Out: //twitter.com/personalization
      Privacy Shield: //www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

      – XING (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany):
      Privacy Policy/Opt-Out: //privacy.xing.com/de/datenschutzerklaerung

      – LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland):
      Privacy Policy: //www.linkedin.com/legal/privacy-policy
      Cookie Policy and Opt-Out: //www.linkedin.com/legal/cookie-policy
      Privacy Shield of US company LinkedIn Inc.: //www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.

      Please note that these social networks may change their privacy policies and opt-out options over time. It is advisable to regularly review their policies and settings for the most up-to-date information.

       

      Social Media Plugins

      We use social media plugins from social networks on our website. We employ the so-called “Two-Click Solution” Shariff developed by c’t or heise.de. When you access our website, no personal data is transmitted to the providers of the plugins. Besides the logo or brand of the social network, you will find a switch that allows you to activate the plugin with a click. After activation, the social network provider receives information that you have visited our website and that your personal data has been transmitted to and stored by the plugin provider. These are known as third-party cookies. According to some providers like Facebook and XING, your IP is immediately anonymized after collection.

      The data collected about the user by the plugin provider is stored as user profiles. These profiles are used for advertising, market research, and/or the customized design of their website. This evaluation is carried out, in particular (also for users who are not logged in), to display targeted advertising and to inform other users of the social network about the activities of the user on our website. The user has the right to object to the creation of these user profiles, and to exercise this right, the user must contact the respective plugin provider.

      The legal basis for using the plugins is our legitimate interest in improving and optimizing our website by increasing our visibility through social networks and the possibility of interacting with you and other users through social networks, as per Article 6(1)(f) of the General Data Protection Regulation (GDPR).

      We have no influence on the data collected and the data processing activities. We also have no knowledge of the extent of data collection, the purposes of processing, and the storage periods. We do not have information on the deletion of data collected by the plugin provider. Regarding the purpose and scope of data collection and processing, we refer to the respective privacy policies of the social networks. You can also find information on your rights and privacy protection settings in these policies.

      Facebook

      We have integrated plugins from the social network Facebook.com (located in the EU: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on our website as part of the “Two-Click Solution” by Shariff. You can recognize these by the Facebook logo “f” or the addition “Like,” “Like,” or “Share.”

      When you deliberately activate the Facebook plugin, a connection is established between your browser and Facebook’s servers. Facebook receives information, including your IP, that you have visited our website and transmits this information to servers in the USA, where it is stored. If you are logged into Facebook, Facebook can associate this information with your account. When using the plugin’s functions, such as clicking the “Like” button, this information is also transmitted from your browser to Facebook’s servers in the USA, where it is stored and displayed in your Facebook profile and possibly to your friends.

      The purpose and scope of data collection and further processing and use of data by Facebook, as well as your rights and privacy protection options, can be found in Facebook’s privacy policy: //www.facebook.com/about/privacy/. Data collection for the “Like” button: //www.facebook.com/help/186325668085084. You can manage and object to the use of your profile data for advertising purposes on Facebook here: //www.facebook.com/ads/preferences/.

      If you log out of Facebook before visiting our website and delete your cookies, no data about your visit to our website will be associated with your Facebook profile when you activate the plugin.

      You can also prevent the loading of the Facebook plugin by using “Facebook Blocker” add-ons for your browser: Facebook Blocker for Firefox, Chrome, and Opera, or 1blocker for Safari, iPad, and iPhone.

      Facebook has submitted to the Privacy Shield, ensuring compliance with European data protection law: //www.privacyshield.gov/EU-US-Framework.

      XING

      We have integrated plugins from the social network XING (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) on our website as part of the “Two-Click Solution” by Shariff. You can recognize these by the Share button with the white XING logo and the “X” symbol on a green background.

      When you deliberately activate the XING Share button on our website, your browser establishes a connection with XING’s server. According to XING, no data about the visit is stored that would allow XING to directly identify individuals. XING does not store IP addresses from you and does not use cookies. When you click the Share button, you are redirected to XING’s homepage, where you can recommend our site if you are logged in, which serves the purpose of increasing our visibility and reach. XING’s privacy policy for the Share button can be found at //www.xing.com/app/share%3Fop%3Ddata_protection, and their general privacy policy is available at //privacy.xing.com/de/datenschutzerklaerung.

      If you log out of XING before visiting our website and delete your cookies, no data about your visit to our website will be associated with your XING profile when you activate the plugin.

      **Data Protection for Applications and in the Application Process

      Applications submitted electronically or by post to the responsible party are processed electronically or manually for the purpose of managing the application process.

      We expressly point out that application documents containing “special categories of personal data” according to Article 9 of the GDPR (e.g., a photo that provides information about your ethnic origin, religion, or marital status), with the exception of any potential indication of severe disability that you voluntarily disclose, are not desired. You should submit your application without this data, and it will not affect your chances as an applicant.

      The legal basis for processing is Article 6(1)(b) of the GDPR and § 26 of the German Federal Data Protection Act (BDSG) in its current version.

      If an employment relationship is established with the applicant after the application process is completed, the applicant’s data will be stored in compliance with relevant data protection regulations. If no position is offered to you after the application process is completed, your submitted application documents, including attachments, will be deleted six months after the rejection is sent to meet any legal requirements and obligations under the German General Equal Treatment Act (AGG).

      **Rights of the Data Subject**

      **Objection or Revocation of Data Processing:** If the processing is based on your consent according to Article 6(1)(a) or Article 7 of the GDPR, you have the right to revoke your consent at any time. Revoking your consent does not affect the lawfulness of the processing before the revocation.

      If we process your personal data based on legitimate interests according to Article 6(1)(f) of the GDPR, you have the right to object to the processing. This is the case if the processing is not necessary to fulfill a contract with you, as described in the following functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of a justified objection, we will review the situation and either discontinue or adjust the data processing or show you our compelling legitimate grounds for continuing the processing.

      You have the right to object to the processing of your personal data for advertising and data analysis purposes at any time. You can exercise your right to object free of charge. You can inform us of your advertising objection using the following contact details:

      sifamo GmbH Uhlandstraße 165/166 10719 Berlin, Germany Managing Director Umair Zaffar Commercial Register No.: HRB 250155 B Register Court: Berlin Charlottenburg Local Court Email: contact@sifamo.com

      **Right to Information:** You have the right to request confirmation from us whether personal data concerning you is being processed. If this is the case, you have the right to obtain information about your personal data stored by us under Article 15 of the GDPR. This includes information about the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period, the source of your data if it was not collected directly from you.

      **Right to Rectification:** You have the right to request the correction of incorrect or incomplete personal data concerning you in accordance with Article 16 of the GDPR.

      **Right to Erasure:** You have the right to request the erasure of your personal data stored by us in accordance with Article 17 of the GDPR unless legal or contractual retention periods or other legal obligations or rights to further storage conflict with this.

      **Right to Restriction of Processing:** You have the right to request the restriction of the processing of your personal data in accordance with Article 18 of the GDPR if one of the conditions set out in Article 18(1)(a) to (d) of the GDPR applies. This includes situations where you contest the accuracy of your personal data, the processing is unlawful, but you oppose erasure and request the restriction of processing instead, or we no longer need the personal data for the purposes of processing, but you require it for the establishment, exercise, or defense of legal claims.

      **Right to Data Portability:** You have the right to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format, and have the right to transmit this data to another controller without hindrance from us, where technically feasible, in accordance with Article 20 of the GDPR.

      **Right to Lodge a Complaint:** You have the right to lodge a complaint with a supervisory authority. You can typically do this by contacting the supervisory authority in your habitual residence, your place of work, or the place of an alleged infringement.

      **Data Security**

      To protect all personal data transmitted to us and to ensure that data protection regulations are observed both by us and by our external service providers, we have implemented appropriate technical and organizational security measures. Therefore, all data between your browser and our server is transmitted over a secure SSL connection.

      As of: February 26, 2019

       

      Get in touch.

      We appreciate your inquiry and will respond as soon as possible!