General Privacy Policy (Last revision on: 16 March, 2023)

A. Scope

This data protection information applies to visitors to our website, and to customers, interested individuals and applicants.

B. Controller

Generally speaking, the controller is sesamsec GmbH, Finsterbachstraße 1, 86504 Merching, Deutschland. The companies of the Elatec Group are joint controllers pursuant to Art. 26 of the GDPR for processing in the context of joint customer data management and applicant management. The Group consists of: ELATEC GmbH (Zeppelinstr. 1, 82178 Puchheim), Elatec Systems GmbH (Schwieberdinger Str. 44, 71636 Ludwigsburg) and sesamsec GmbH (Finsterbachstr. 1, 86504 Merching). The single point of contact for data subject enquiries and requests is ELATEC GmbH, Zeppelinstr. 1, 82178 Puchheim, Germany, Phone: +49 (0)89 552 9961 0, Fax: +49 (0)89 552 9961 129, Email: info-rfid@elatec.com for the joint controllers.

You can reach our data protection officer and the joint controllers’ joint data protection officer as follows: Email: datenschutz@hjp.de,  Phone: +49 (0)6841 9816 0, Fax: +49 (0)6841 9816 29. Our data protection officer will offer you quick and easy assistance if you have any questions or wish to assert your rights as a data subject.

C. Visitors to our website

C. Visitors to our website

The following policy relates to data processing in the context of our website. Even though we have taken organisational and technical measures to ensure that our website is protected as consistently as possible, the occurrence of a security vulnerability in electronic communication channels cannot, of course, be completely ruled out. This is why visitors to the website are also free to obtain information about us or to send information to us by other means.

We process the usage and communication data generated by your visit to our website for the purpose of presenting this website. Any use beyond this does not take place. Additional processing operations may be carried out by the integrated third-party services that we use to improve this website’s presentation or functionality.

1. Nature and scope of data processed
In principle, usage data (e.g. web pages visited, access times) and communication data (e.g. browser information, IP addresses) and processed.

2. Browser and server data

Please note that your browser transfers information to us when you simply use the website. The purpose of this transfer is to technically enable you to visit the website. The data is required to process the information request. In this respect, the nature of the information transferred also depends on your settings and technical specifications. This is why the following data may be collected when you access our website:

  • IP address
  • Time of access
  • Page accessed or name of the file accessed (URL)
  • Status information (e.g. error codes)
  • The amount of data transferred
  • Browser information (web browser used, operating system, language setting, etc.)

The data is used for statistical and security-related purposes. This data is not disclosed to third parties. This website itself does not use any techniques aimed at evaluating individual users’ access behaviour. Personal usage profiles are not created. The data is stored for the specified purposes for a maximum of 7 days.

3. Cookies
Cookies are stored on your computer when you use our website. The legal basis for use is Section 15 (1) of the German Telemedia Act and Section 15 (3) of the German Telemedia Act in compliance with Art. 6 (1) (f) of the GDPR. Cookies are small text files that are stored on your hard drive by the browser you use and through which the party that sets the cookie receives certain information. Cookies are a technical means of ensuring that the website works and of improving the user experience. They are used so that information can be stored across several pages, for example. We use cookies for the following purposes:

  • Storing user settings.

We use the following types of cookies:

  • Transient cookies (temporary use)
  • Persistent cookies (time-limited use).

The latter may be used by third-party providers. The cookies serve our interest in ensuring that our website is easy to use and in improving our website.

The transient cookies are deleted when you close the browser. Persistent cookies are automatically deleted after a specified period of time, which can vary depending on the cookie in question. The deletion periods correspond to the specifications of the third-party provider in question.

You can delete the cookies at any time in your browser’s security settings. You can also make settings in your browser so that it rejects certain or all cookies. However, we would like to point out that, if you do so, this may restrict the website’s functionality. We store cookie-related information separately from any other data that may be provided to us. This data is explicitly not linked to your other data.

4. Categories of data subject

Visitors to the website are affected by data processing carried out by our website.

5. Purpose of processing

  • Providing an online presence
  • Ensuring user interactability
  • Security measures

6. Duration of storage

The criterion for the duration of personal data storage is the respective legal retention period and the purpose of processing. Once the period has elapsed, the corresponding data is routinely deleted if it is no longer required to achieve the purpose of processing.

The specific storage periods are indicated within this policy for the individual data processing operations.

7. Legal basis

Several provisions set out in the GDPR that provide express permission can be considered legal bases: First of all, Art. 6 (1) (a) of the GDPR serves as the basis for processing operations where your consent is obtained for the processing operation. Should your consent extend to processing by the above-mentioned Group, this shall also apply to future members of the Group that are affiliated with a member of the Group by means of a majority shareholding. For such processing operations that are necessary for the implementation of pre-contractual measures (e.g. in cases of enquiries about our services), processing is based on Art. 6 (1) (b) of the GDPR. In the case of the fulfilment of tax obligations, processing is based on Art. 6 (1) (c) of the GDPR. In the case of this website, data processing is predominantly based on Art. 6 (1) (f) of the GDPR. This basis for permission applies if processing is necessary to safeguard a legitimate interest belonging to the controller or a third party, provided that the data subject’s interests, fundamental rights and fundamental freedoms are not overridden.

The specific interests are reflected in each case at the point of the processing operation.

8. Technical security measures

We maintain up-to-date technical and organizational measures to ensure data security, particularly to protect your personal data from risks during data transfer operations and from third-party access. They will be adapted accordingly in line with the state of the art.

9. Third-party providers

If we allow third parties to participate in processing, this is done exclusively based on a legal standard of permission and in compliance with the legal provisions. This standard of permission may be your consent, a legal obligation or our legitimate interests.

10. Hosting

The hosting services we use are for the provision of the following services: Infrastructure and platform services, software tools, computing capacity, storage space and maintenance services that we require for the purpose of operating this website.

The hosting provider processes the usage data based on our legitimate interest in effectively and securely providing this website pursuant to Art. 6 (1) (f) of the GDPR.

Usage data includes the data described under ‘Nature and scope of data processed’. This data is deleted after seven days.

11. Links to other websites

Our website contains links to third-party websites. This privacy policy applies only to content on our website and does not cover third-party websites linked to this site. We do not have any influence over the legality of the contents of these sites or over how they handle personal data. If you have any questions about the content or data protection practices of such third-party providers, please contact the provider in question.

12. Plugins
a) Cookiebot

This website uses a cookie consent banner incorporating technology from Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter referred to as ‘Cookiebot’) to obtain effective user consent for cookies and cookie-based applications that require consent.

The integration of a corresponding JavaScript code means users are shown a banner where they can consent to certain cookies and/or cookie-based applications by ticking the corresponding checkboxes when they access the page. In this case, the banner blocks the setting of all cookies that require consent until the user in question gives corresponding consent by ticking the corresponding checkbox. This ensures that such cookies are only set on the user’s terminal device in question if they have given their consent. For the cookie consent banner to be able to clearly assign page views to individual users and to individually collect, log and store for the duration of a session the consent settings that the user made, the cookie consent banner collects and transfers to and stores on Cookiebot servers certain user information (including the IP address) when our website is accessed.

These data processing operations are carried out pursuant to Art. 6 (1) (f) of the GDPR based on our legitimate interest in ensuring legally compliant, user-specific and user-friendly consent management for cookies and therefore in designing our website in a legally compliant manner. Another legal basis for the described data processing operations is Art. 6 (1) (c) of the GDPR. As the controller, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on respective user consent.

We have entered into a processing agreement with Cookiebot, where applicable, by which we obligate Cookiebot to protect data belonging to visitors to our website and not to disclose the same to third parties. For more information about how Cookiebot uses data, please refer to the Cookiebot privacy policy at https://www.cookiebot.com/en/privacy-policy/ .

b) Google Remarketing
We use the Google Remarketing application provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The purpose of this application is to display our ads based on the user’s interests to the user after their visit to our website during their further use of the internet within the Google advertising network. Use is solely for the purpose that coincides with our interests. The user’s interaction on our website is analysed (e.g. which offers the user was interested in) for this purpose. Remarketing is carried out by means of cookies stored in the browser, through which Google records and evaluates users’ usage behaviour when visiting various websites and anonymised data. This allows Google to determine the previous visit to our website. The legal basis for this, and particularly for setting cookies, is Art. 6 (1) (a) of the GDPR. The user’s data may be transferred to the USA. According to its own statements, Google does not combine the data collected in the context of remarketing with your personal data that Google may store. In particular, pseudonymisation is used in remarketing according to Google.

c) Google APIs
We use Google APIs provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The service’s privacy policy is available at: https://policies.google.com/privacy, An option to control the provider’s processing of your data is available at: https://adssettings.google.com/authenticated. This makes our website more resistant to bottlenecks in the available bandwidth and gives our visitors a fast and reliable connection to our website. When you access a page, your browser loads the required files (particularly web fonts) using the content delivery network (CDN) into your browser cache via the address so it can display texts and fonts correctly. The service allows the operator to gain knowledge that our website was accessed with your IP address. Use of the CDN is in the interest of creating a uniform and appealing website design, as well as ensuring a fast and reliable connection to our website. The basis for authorisation is Art. 6 (1) (f) of the GDPR. It cannot be ruled out in this respect that data will also be transferred to other servers. Google LLC ensures and provides adequate safeguards to comply with European data protection law.

d) Gstatic
We use a web service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The service’s privacy policy is available at: https://policies.google.com/privacy . An option to control the provider’s processing of your data is available at: https://adssettings.google.com/authenticated . The legal basis for data processing is Art. 6 (1) (a) and (f) of the GDPR. The legitimate interest lies in the website working faultlessly and in continuously improving and optimising our website, as well as operating our website in an economically sensible way. Use is solely for the purpose that coincides with our interests. You will find more information about how the transferred data is handled in the indicated Google privacy policy. A option to control the provider’s processing of your data is available at: https://adssettings.google.com/authenticated . During processing, it cannot be ruled out that data will also be transferred to other servers. Google LLC ensures and provides adequate safeguards to comply with European data protection law.

e) Matomo web analytics service

This web site uses the Matomo web analytics service to evaluate user access to the site. The legal basis for use of the service is provided by article 6 subsection 1 line 1(f) of the GDPR. The specific purpose of use is to improve our web site and tailor it to your needs on the basis of data collected anonymously. Information gathered in this way is exclusively stored on our servers in Germany.

For the purposes of evaluation, the aforementioned cookies will be stored on your computer. You may prevent the storage of some or all cookies by adjusting your browser settings; as a consequence of this, however, the functionality of the web site may be impaired. If your consent is not granted, we will only save anonymized data by way of Matomo. The IP addresses will be anonymized (IP masking), making their allocation to individual users impossible. Neither will cookies be stored on your computer. This processing is based on our legitimate interest in optimizing our website for our outward representation and the security-related logging of compiled user visits to detect anomalies. Data will not be used for any other purposes. The anonymous data collection will moreover prevent the tracking of users across various websites, or within the same website over several days. So-called user profiles cannot be created as a result.

You can also stop the anonymous data collection. If you click the following link, your data will not be added to the anonymous statistics: https://authentication.matomo.cloud/index.php?module=CoreAdminHome&action=optOut

The Matomo platform is an open-source project. To view the third-party provider’s data privacy policy, please visit https://matomo.org/privacy-policy/. Additional information can be found on the data privacy page of the cloud service provider at https://matomo.org/matomo-cloud-privacy-policy/ on the servers of which the service is hosted.

f) Jquery
Our website uses JavaScript code from the website www.jquery.com provided by JSFoundation, Inc., Attn.: Privacy Office, 1 Letterman Drive, San Francisco, CA 94129, USA. jQuery (also known as ‘jQuery Core’) is a free JavaScript library that provides functions for DOM navigation and manipulation. The jQuery base library consists of a JavaScript file that contains all the basic DOM, event, effect and Ajax functions. This service is used to improve the website’s visual design, functionality and faster availability. For more information, please refer to the JS Foundation’s privacy policy at https://js.foundation/about/governance/privacy-policy. JSFoundation, Inc. ensures and provides adequate safeguards to comply with European data protection law.

g) Unpkg

The unpkg web service provided by Npm, Inc., 1999 Harrison Street #1150, Oakland, CA 94612, United States of America (hereinafter referred to as ‘unpkg’), is reloaded on our website. unpkg is used as a content delivery network (CDN). With the CDN, contents of this website (such as scripts and stylesheets) are delivered faster using a network of regionally distributed servers. Your browser must establish a connection to the unpkg servers for this purpose. unpkg thereby receives information that this website has been accessed using your IP address. If the files in question have already been loaded from the CDN on another page, your browser will usually automatically fall back on the cached copy instead. If you have enabled JavaScript in your browser and have not installed a JavaScript blocker, your browser will transfer personal data to unpkg as appropriate. This processing is carried out pursuant to Art. 6 (1) (f) of the GDPR based on the legitimate interest in providing and optimising this website in a swift and secure manner. You will find more information about how the transferred data is handled in unpkg’s privacy policy at www.npmjs.com/policies/privacy. unpkg ensures and provides adequate safeguards to comply with European data protection law. You can prevent unpkg from collecting and processing your data by disabling the execution of script codes in your browser or by installing a script blocker in your browser.

h) BootstrapCDN/jsdelivr
We use BootstrapCDN to load CSS files, JavaScript, fonts or images from its server. This makes our website more resistant to bottlenecks in the available bandwidth and gives our visitors a fast and reliable connection to our website. When you access a page, your browser loads the required files (particularly web fonts) using the content delivery network (CDN) into your browser cache via the address so it can display texts and fonts correctly. The service allows the operator to gain knowledge that our website was accessed with your IP address. Use of the CDN is in the interest of creating a uniform and appealing website design, as well as ensuring a fast and reliable connection to our website. The basis for authorisation is Art. 6 (1) (f) of the GDPR. More information and the operator’s privacy policy can be found at: https://www.bootstrapcdn.com/privacy-policy.

i) Amazon AWS/Cloudfront
We use Amazon Web Services (AWS) / Cloudfront to have program code and storage space readily available. AWS are services provided by Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, USA. This makes our website more resistant to bottlenecks in the available bandwidth and gives our visitors a fast and reliable connection to our website. The legal basis for use is Art. 6 (1), sentence 1, (f) of the GDPR. When you access a page, your browser loads the required files. AWS is a US cloud computing provider that was established in 2006 as a subsidiary of the online mail order company Amazon.com. The service’s privacy policy can be found at https://aws.amazon.com/privacy/?nc1=f_pr  Amazon Web Services, Inc. ensures and provides adequate safeguards to comply with European data protection law.

j) BITE
We use a service provided by the provider BITE GmbH, Magirus-Deutz-Strasse 12, 89077 Ulm (hereinafter referred to as ‘BITE’) on our website to implement the application process.

The information provided by cookies concerning use of the website is transferred to BITE servers to implement the service. BITE may also transfer this information to third parties if doing so is stipulated by law or if third parties process this data on BITE’s behalf. As a provider, BITE warrants that it provides its services only by means of its own server structures within the Federal Republic of Germany. The purpose of the transfer is to ensure that the application process runs smoothly and to provide better functionality and faster availability of a corresponding website. The legal basis for personal data processing is our legitimate interest in processing according to Art. 6 (1) (f) of the GDPR. Our legitimate interest is based on the fact that we would like to provide a modern, encrypted and convenient application system. Personal data is deleted once the purpose has been fulfilled.

You will find more information about how the transferred data is handled in BITE’s privacy policy at https://www.b-ite.de/legal-notice.html.

k) HubSpot
We use the HubSpot service for various purposes. HubSpot is a US-based software company with a subsidiary in Ireland: HubSpot, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500 (hereinafter referred to as ‘Hubspot’).

Hubspot is an integrated software solution that covers various aspects of our online marketing activities. These aspects include: Email marketing, social media publishing and reporting, reporting, contact management (e.g. user segmentation and CRM), landing pages and contact forms. Hubspot allows visitors to our website to learn more about our company, download content and provide their contact information and other demographic information. This information, and the content of our website, is stored on servers belonging to HubSpot, our software partner. We may use it to contact visitors to our website and to determine which of our company’s services are of interest to them. All the information we collect is subject to this privacy policy. We use all the information collected for the sole purpose of optimising our marketing measures. Additionally, we may also use Hubspot to provide contact forms.

The following data may be collected and processed using Hubspot as part of our efforts to optimise our marketing measures: Geographic location, browser type, navigation information, referral URL, performance data, information about how often the application is used, mobile app data, login credentials for the HubSpot subscription service, files viewed locally, domain names, pages viewed, aggregated usage, operating system version, internet service provider, IP address, device identifier, duration of visit, where the application was downloaded from, operating system, events occurring within the application, access times, clickstream data, device model and device version

Data processing is carried out according to Art. 6 (1) (f) of the GDPR based on our legitimate interest in swiftly and securely providing and optimising our website. Another legal basis for the described data processing operations is your consent according to Art. 6 (1) (a) of the GDPR, which can be revoked at any time. The personal data will be retained for as long as necessary to fulfil the purpose of processing. The data is deleted as soon as it is no longer needed to fulfil the purpose. In the context of processing via HubSpot, data may be transferred to the USA. Hubspot ensures and provides adequate safeguards to comply with European data protection law

You will find more information about HubSpot’s privacy policy at https://legal.hubspot.com/privacy-policy  HubSpot’s information regarding EU data protection regulations can be viewed at https://legal.hubspot.com/security  For more information about the cookies that HubSpot uses, please visit https://knowledge.hubspot.com/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser and https://knowledge.hubspot.com/account/hubspot-cookie-security-and-privacy.

l) Wistia
We have integrated components provided by the operating company Wistia Inc., 17 Tudor Street, Cambridge, MA 02139, USA, on our website.

Wistia stores IP addresses that are necessary for accessing and delivering videos and a player from video providers. Furthermore, anonymised data concerning access and how long the delivered content is viewed for is stored with the help of cookies. The integration requires Wistia to be able to identify users’ IP addresses. The IP address is required so that content can be sent to the user’s browser. If you access an individual page on our website that a Wistia component (video) is located on, your internet browser will be prompted by the component to download a corresponding illustration of the component. So Wistia knows which specific pages you have visited on our website. If you are logged into Wistia at the same time, the video provider can track which of the pages on our website featuring a video you have navigated to. If you do not want information to be transferred to video providers, log out of the video provider before accessing our website. The purpose is to integrate videos on our website in a user-oriented and optimum way. The legal basis for data processing is Art. 6 (1) (f) of the GDPR based on our legitimate interest in fulfilling this purpose. You can find further details and data protection information about Wistia at: http://wistia.com/privacy.

m)  LinkedIn Insight Tag und LinkedIn Analytics
Subject to your consent, the LinkedIn Insight Tag on this website is used with the LinkedIn Analytics function for retargeting and tracking purposes, and for remarketing too. The LinkedIn Insight Tag and LinkedIn Analytics are operated by the LinkedIn Corporation, 1000 W. 2029 Stierlin Court, Mountain View, CA 94043, USA. LinkedIn ensures and provides adequate safeguards to comply with European data protection law. The controller responsible for personal data processing when a data subject lives outside the USA or Canada is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

We use the LinkedIn Insight Tag and LinkedIn Analytics to target marketing advertising to visitors to this website based on their previous use of this website as soon as they visit the LinkedIn social network. A direct connection to LinkedIn servers is established using the LinkedIn Insight Tag when visitors visit this website. This sends the information that a visitor has accessed this website to the LinkedIn server. LinkedIn processes this information and can assign it to a visitor’s personal LinkedIn user account. With the help of the LinkedIn Insight Tag, we also want to make sure that our LinkedIn ads match users’ potential interests and are not annoying. The LinkedIn Insight Tag also allows us to track the effectiveness of LinkedIn ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a LinkedIn ad (‘conversion’). Furthermore, when using the LinkedIn Insight Tag, we use the additional enhanced advertising function for tracking purposes. Here, data such as users’ telephone numbers, email addresses or Facebook IDs are transferred to LinkedIn (in encrypted form) to form target groups. You can find more information about the ‘enhanced advertising’ at https://business.linkedin.com/de-de/marketing-solutions/native-advertising/lead-gen-ads.

The legal basis for use of the LinkedIn Insight Tag is Art. 6 (1) (f) of the GDPR. We have a legitimate interest with regard to marketing purposes, as this promotes the placement of more relevant ads. You can disable the LinkedIn Insight Tag here at any time when you are logged into LinkedIn: https://www.linkedin.com/psettings/enhanced-advertising  The legal basis for processing data collected in connection with LinkedIn Analytics is your consent pursuant to Art. 6 (1) (a) of the GDPR. Art. 6 (1) (f) of the GDPR. We only use LinkedIn Analytics tracking if you explicitly allow this.

For general information about how LinkedIn collects, processes and protects data, please see LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy  LinkedIn processes data in the context of LinkedIn’s data use policy. Accordingly, general information about displaying LinkedIn ads and specific information and details on the LinkedIn Insight Tag and how it works are available at https://business.linkedin.com/marketing-solutions/native-advertising/lead-gen-ads  Information about setting cookies can be found in the cookie policy at https://www.linkedin.com/legal/cookie_policy  You can find an opt-out option here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out  You have the right on grounds relating to your particular situation to object to such processing at any time. To exercise this right, you can disable the use of tracking cookies at any time in this website’s tracking cookie settings.

n) Social Plugins – Links
Our site contains links to our pages on social media sites. No data is transferred to the platforms yet when the corresponding links are displayed. Should you wish to visit any of these sites, please note that, by doing so, you are leaving the scope of this privacy policy with respect to platform operation.

o) Newsletter
With your consent, you can subscribe to our newsletter, which we use to inform you of our current interesting offers and events concerning our company. The goods and services advertised correspond to our product portfolio.

We use the ‘double opt-in procedure’ for subscription to our newsletter. This means that, once you have subscribed, we send an email to the specified email address requesting your confirmation that you would like to be sent the newsletter. If you do not confirm your subscription, your information will be blocked and will ultimately be automatically deleted. Additionally, we store the IP addresses you use and the times of subscription and confirmation. The purpose of this procedure is to prove your subscription and, if necessary, to resolve potential misuse of your personal data (Art. 6 (1) (f) of the GDPR).

Only your email address is mandatory for sending the newsletter. Any other, separately marked data that may be provided is voluntary and used to address you personally. If you do not want to provide your name, you can also enter a pseudonym. Following your confirmation, we store your email address for the purpose of sending the newsletter. The legal basis is Art. 6 (1), sentence 1 (a) of the GDPR.

You can revoke your consent to receiving the newsletter and unsubscribe from it at any time. You can confirm your revocation by clicking on the link provided in every newsletter email, using our website or by emailing or sending a message to the contact details provided in the legal notice

We would like to point out that we evaluate your user behaviour when we send the newsletter. For the purpose of this evaluation, the sent emails include ‘web beacons’, ‘tracking pixels’ and single-pixel image files that are stored on our website. To carry out the evaluations, we link the aforementioned data and the web beacons to your email address and an individual ID. We use the data obtained in this way to create a user profile so we can tailor the newsletter to your individual interests. We record when you read our newsletters and which links you click on in them, and infer your personal interests from this. We link this data to actions you perform on our website.

You can object to this tracking at any time by clicking on the separate link provided in each email or by informing us by means of another contact channel. The information is stored for as long as you are subscribed to the newsletter. After unsubscribing, we store the data for purely statistical purposes and in an anonymous format. Such tracking is also not possible if you have disabled automatic image display in your email program by default. In this case, the newsletter will not be displayed to you in full and you may be unable to use all the functions. The aforementioned tracking takes place if you opt to display the images manually.

p) Downloading technical documentation and software
You can use our contact forms and the request forms to send a message to our specialist departments or to request a whitepaper. They are primarily used to contact interested individuals with regard to our products and services. Please note that your message cannot be assigned to a specific recipient at first; instead, it will be distributed to the contacts in our company by the designated office. If you would like to address your request directly to a specific contact, without receiving information from other contacts in our company, we kindly ask that you send us your request over the telephone or by post, naming the specific contact.

The only mandatory information for sending the contact forms or request forms is your email address or your full name and the company name. Any other, separately marked data that may be provided is voluntary and used to address you personally. If you do not want to provide your name, you can also enter a pseudonym.

We delete requests as soon as they are no longer required and there is no further legal obligation to retain them. We regularly review the necessity; furthermore, the legal archiving obligations that may particularly arise from tax law or commercial law apply.

q) Contact form / request form

You can use our contact forms and the request forms to send a message to our specialist departments or to request a whitepaper. They are primarily used to contact interested individuals with regard to our products and services. Please note that your message cannot be assigned to a specific recipient at first; instead, it will be distributed to the contacts in our company by the designated office. If you would like to address your request directly to a specific contact, without receiving information from other contacts in our company, we kindly ask that you send us your request over the telephone or by post, naming the specific contact.

The only mandatory information for sending the contact forms or request forms is your email address or your full name and the company name. Any other, separately marked data that may be provided is voluntary and used to address you personally. If you do not want to provide your name, you can also enter a pseudonym.

We delete requests as soon as they are no longer required and there is no further legal obligation to retain them. We regularly review the necessity; furthermore, the legal archiving obligations that may particularly arise from tax law or commercial law apply.

r) Registration with Facebook Connect
Instead of registering directly on this website, you can register with Facebook Connect. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

If you choose to register with Facebook Connect and click on the ‘Login with Facebook’ / ‘Connect with Facebook’ button, you will be automatically redirected to Facebook’s platform. You can log in there with your user credentials. This will link your Facebook profile to this website or our services. This link gives us access to your data that is stored on Facebook. This mainly includes the following: Facebook name, Facebook profile and cover picture, Facebook cover picture, email address stored on Facebook, Facebook ID, Facebook friends lists, Facebook likes, date of birth, gender, country, language

This data is used to set up, provide and personalise your account. Registration with Facebook Connect and the associated data processing operations are based on your consent (Art. 6 (1) (a) of the GDPR). You may revoke this consent at any time with effect for the future.

Insofar as personal data is collected on our website using the tool described here and forwarded to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are joint controllers who are responsible for this data processing operation (Art. 26 of the GDPR). The joint responsibility is limited exclusively to collecting the data and transferring it to Facebook. Data processing by Facebook that takes place once we have forwarded the data does not fall under our joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. You can find the text of the agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for implementing the tool on our website in a privacy-safe manner. Facebook is responsible for the data security of Facebook products. You can assert your rights as a data subject (e.g. access requests) regarding the data that Facebook processes directly with Facebook. If you assert your rights as a data subject with us, we are obligated to forward them to Facebook.

Data transfer to the USA is based on the European Commission’s standard contractual clauses. Facebook ensures and provides adequate safeguards to comply with European data protection law. Details are available here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://en-gb.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php

For more information, please see the Facebook Terms of Service and the Facebook Privacy Policy. You will find them at: https://en-gb.facebook.com/about/privacy/ and https://en-gb.facebook.com/legal/terms/

s) JIRA ticketing software

We make use of the JIRA application of Atlassian. Pty Ltd, Level 6, 341 George Street, Sydney NSW 2000, Australia. This web application is aimed at error management, troubleshooting and operational project management Our web site provides an access form for the creation of tickets which can subsequently be managed by the relevant departments. Usage is based on consent to the processing of an enquiry. Data transfers to the hoster are based on standard contractual clauses of the EU Commission. For more information on the Atlassian hoster, please visit www.atlassian.com/trust/privacy or www.atlassian.com/trust/privacy/country/europe-and-gdpr.

D. Applicants

1. Purposes and legal basis of processing your application data

We process personal data about you for the purpose of your application for employment, insofar as doing so is necessary for the decision to establish an employment relationship with us. The relevant legal basis is Section 26 (1) in conjunction with (8), sentence 2 of the German Federal Data Protection Act (BDSG), insofar as personal data about you is processed for the purpose of your application for employment, provided that doing so is necessary for the decision on the establishment of an employment relationship with us. Furthermore, personal data about you may be processed insofar as doing so is necessary to defend established legal claims against us arising from the application process. The legal basis for data processing is Art. 6, (1), sentence 1, (f) of the GDPR. The legitimate interest results from the procedural steps associated with the purpose and is, for example, a burden of proof in proceedings under the German General Act on Equal Treatment (AGG).

Insofar as an employment relationship is established, the respective joint controller company is entitled pursuant to Section 26 (1) of the German Federal Data Protection Act to further process the personal data already received from you for the purposes of the employment relationship if doing so is necessary for implementing or terminating the employment relationship or for exercising or fulfilling the rights and obligations arising from the employee interests group resulting from a law or a collective agreement, a works agreement or a service agreement (collective agreement).

2. Processed categories of personal data
sesamsec processes your personal data in connection with the contractual relationship. This also applies to data belonging to interested individuals who are informed of potential services. In terms of categories of personal data, this may be general information (e.g. name, address and contact details), contract-related communications or past contract history.

3. Sources of processed data
The data is usually collected directly from you. This happens, for example, when you hand over your business card or give us your name and contact details. Indirect collection takes place in cases where customers’ personal data is transferred to us by third parties. This is the case, for example, when a contact at a company that is our customer is appointed by the customer company. In individual cases, job-related information that you have made publicly available may also be processed, as it can be accessed using the likes of a profile on a professional social networking site or the company website. Should you disclose data from third parties to us, please ensure that you have the permissions to disclose the data and that the necessary consents for processing by us under this policy have been obtained from the data subject. 

4. Categories of recipients

The Elatec Group manages the customer data in the context of joint responsibility within the Elatec Group. It may transfer your personal data to its affiliated companies under Art. 4 (19) of the GDPR, insofar as doing so is permissible in the context of the purposes and legal bases set out above. Personal data is also processed on our behalf based on contracts pursuant to Art. 28 of the GDPR, particularly by host providers or providers of CRM systems.

Your data will be forwarded within the Elatec Group’s organisation to the Sales department and the departments entrusted with processing the contractual relationship.

5. Erasure of your data

sesamsec stores your personal data for as long as it is required by law or for as long as there is a statutory retention period. Inactive customer or prospect accounts are regularly deleted from the system. If the data cannot be erased due to conflicting legal retention requirements, it will be blocked instead. In a first stage, blocking can also be carried out by means of work instructions that prohibit employees’ access to and use of the data.

6. Application form

You can submit an application to us using the application form. This forms part of our online application process, which is encrypted and convenient in this modern format. The personal data you provide for this purpose will be distributed to the appropriate contacts in our company (i.e. to the employees who are responsible for preparing and carrying out the application process).

Mandatory data for sending the application form that we receive from you is the data that you enter online in the application form on the application platform and the files that you upload (such as your cover letter, passport photo, CV, certificates, etc.).

We process your personal data for the purpose of initiating an employment relationship. The legal basis for processing in this regard is derived from Section 26 of the German Federal Data Protection Act. To provide the application form, we use the external service provider BITE GmbH, Magirus-Deutz-Strasse 12, 89077 Ulm, which supports us in operating the application portal strictly pursuant to instructions and with which separate contracts for commissioned data processing have been concluded. Data is not transferred to third countries.

If we are unable to make you a job offer, if you reject a job offer or if you withdraw your application, we reserve the right to retain the data you have provided based on our legitimate interests (Art. 6 (1) (f) of the GDPR) for up to six months from the end of the application process (rejection or withdrawal of the application). The data is then deleted and the physical application documents are destroyed. Retention particularly serves as evidence in the event of a legal dispute. If it is evident that the data will be required after the six-month period has elapsed (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for continued retention no longer applies. Retention for a longer period of time lasting up to 12 months in our talent pool may also take place if you have given your consent (Art. 6 (1) (a) of the GDPR) by ticking the corresponding box in the application form or by other means or if legal retention requirements prevent erasure.

 

7. Data transfer to a third country

Transfer to a third country may take place in the case of support requests depending on country-specific customer requirements. Likewise, in the context of processors, ensuring the necessary safeguards for transfer to a third country.

E. Customers and interested individuals

We process personal data in the context of customer relationships insofar as doing so is necessary for the conclusion, performance or preparation of a contract. The relevant legal basis is Art. 6 (1) (a) of the GDPR, insofar as sesamsec carries out processing operations for which it obtains consent for a specific processing purpose. If personal data processing is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, processing is based on Art. 6 (1) (b) of the GDPR. This also applies to such processing operations that are necessary for the implementation of pre-contractual measures (e.g. in the case of (prospective) customer enquiries about our products or services). If our company is subject to a legal obligation by which personal data processing becomes necessary (e.g. for the fulfilment of tax obligations), processing is based on Art. 6 (1) (c) of the GDPR. Processing operations may also be based on the permission basis set out in Art. 6 (1) (f) of the GDPR. This is possible in the case of processing operations where processing is necessary to protect a legitimate interest belonging to sesamsec or a third party, provided that the data subject’s interests, fundamental rights and fundamental freedoms are not overridden.

When you contact us (e.g. using the contact form, by email, over the telephone or using social media), the user’s details are processed pursuant to Art. 6 (1) (b) of the GDPR for the purpose of dealing with and handling the contact request. Users’ details may be stored in a customer relationship management system (‘CRM system’) or similar communication organisation system. Processing in the context of CRM is the joint responsibility of the Elatec Group.

1. Processed categories of personal data

sesamsec processes your personal data in connection with the contractual relationship. This also applies to data belonging to interested individuals who are informed of potential services. In terms of categories of personal data, this may be general information (e.g. name, address and contact details), contract-related communications or past contract history.

2. Sources of processed data

The data is usually collected directly from you. This happens, for example, when you hand over your business card or give us your name and contact details. Indirect collection takes place in cases where customers’ personal data is transferred to us by third parties. This is the case, for example, when a contact at a company that is our customer is appointed by the customer company. In individual cases, job-related information that you have made publicly available may also be processed, as it can be accessed using the likes of a profile on a professional social networking site or the company website. Should you disclose data from third parties to us, please ensure that you have the permissions to disclose the data and that the necessary consents for processing by us under this policy have been obtained from the data subject.

3. Categories of recipients

The Elatec Group manages the customer data in the context of joint responsibility within the Elatec Group. It may transfer your personal data to its affiliated companies under Art. 4 (19) of the GDPR, insofar as doing so is permissible in the context of the purposes and legal bases set out above. Personal data is also processed on our behalf based on contracts pursuant to Art. 28 of the GDPR, particularly by host providers or providers of CRM systems.

Your data will be forwarded within the Elatec Group’s organisation to the Sales department and the departments entrusted with processing the contractual relationship.

4. Erasure of your data

sesamsec stores your personal data for as long as it is required by law or for as long as there is a statutory retention period. Inactive customer or prospect accounts are regularly deleted from the system. If the data cannot be erased due to conflicting legal retention requirements, it will be blocked instead. In a first stage, blocking can also be carried out by means of work instructions that prohibit employees’ access to and use of the data.

5. Data transfer to a third country

Transfer to a third country may take place in the case of support requests depending on country-specific customer requirements. Likewise, in the context of processors, ensuring the necessary safeguards for transfer to a third country.

6. Newsletter

We use the ‘double opt-in procedure’ for subscription to our newsletter. This means that, once you have subscribed, we send an email to the specified email address requesting your confirmation that you would like to be sent the newsletter. If you do not confirm your subscription, your information will be blocked and will ultimately be automatically deleted. Additionally, we store the IP addresses you use and the times of subscription and confirmation. The purpose of this procedure is to prove your subscription and, if necessary, to resolve potential misuse of your personal data (Art. 6 (1) (f) of the GDPR). Following your confirmation, we store your email address for the purpose of sending the newsletter. The legal basis is Art. 6 (1), sentence 1 (a) of the GDPR. You can revoke your consent to receiving the newsletter and unsubscribe from it at any time. You can confirm your revocation by clicking on the link provided in every newsletter email, using our website or by emailing or sending a message to the contact details provided in the legal notice. We would like to point out that we evaluate your user behaviour when we send the newsletter. For the purpose of this evaluation, the sent emails include ‘web beacons’, ‘tracking pixels’ and single-pixel image files that are stored on our website. To carry out the evaluations, we link the aforementioned data and the web beacons to your email address and an individual ID. We use the data obtained in this way to create a user profile so we can tailor the newsletter to your individual interests. We record when you read our newsletters and which links you click on in them, and infer your personal interests from this. We link this data to actions you perform on our website.

7. Miscellaneous processing for advertising purposes

We use your data to inform you of the products and services that we in the Elatec Group offer. Our marketing may include measures such as the use of data for advertising purposes, data storage, address matching, selection measures or advertising scoring. Targeting is directed to the contact details available to us and may include targeting by electronic communication (including social media), post and telephone, as well as personal contact. 

F. Contact the data protection officer

You are welcome to contact our data protection officer for all questions related to personal data processing and exercising your rights under the GDPR using the following details: datenschutz@hjp.de  Phone: +49 (0)6841 9816 0, Fax: +49 (0)6841 9816 29

G. Your rights as a data subject

You have the right to receive (free of charge, at any time and without any need to state reasons) information about data concerning you that we have stored, as well as about the origin, recipients or categories of recipients to whom this data is disclosed and the purpose of the storage. You can have the data that we collect about you rectified or erased, restrict processing of the same and exercise your right to data portability at any time. Furthermore, you also have the opportunity to exercise your right to object.

Rectification, erasure or restriction of processing: You have the right to request that sesamsec immediately rectify inaccurate personal data concerning you. Taking into account the purposes of processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to object: Insofar as personal data concerning you is processed based on Art. 6 (1) (f) of the GDPR, you have the right to object to the processing of this data at any time on grounds relating to your particular situation. We no longer process this personal data unless sesamsec can demonstrate compelling and legitimate grounds for processing that override your interests, rights and freedoms, or if processing serves to establish, exercise or defend legal claims.

Right to object: If processing is based on your consent, you have the right at any time to revoke your consent, without such revocation having any impact on the lawfulness of processing carried out based on consent until the same is revoked. You can contact us or our data protection officer at any time using the above-mentioned details for this purpose.

Right to erasure: You have the right to request that sesamsec immediately erase personal data concerning you, and sesamsec is obligated to immediately erase personal data where one of the following grounds applies:

  • The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
  • You object to the processing and there are no other overriding legitimate grounds for the processing.
  • The personal data has to be erased for compliance with a legal obligation under Union or member state law that we are subject to. This will not apply where processing is necessary for compliance with a legal obligation that requires processing under the law of the European Union or the member states that we are subject to.

Right to restriction of processing: You have the right to request that sesamsec restrict processing where one of the following prerequisites applies:

  • You dispute the accuracy of the personal data for a period of time enabling us to verify the accuracy of the personal data.
  • Processing is unlawful and you refuse erasure of the personal data and instead request that use of your personal data be restricted.
  • sesamsec no longer needs the personal data for the purposes of processing, but you need it to establish, exercise or defend legal claims, or you have objected to the processing until it has been determined whether our legitimate grounds override yours.
  • If processing was restricted, such personal data may – with the exception of storage – only be processed with your consent, for establishing, exercising or defending legal claims, for the protection of rights of another natural or legal person, or for reasons of important public interest of the Union or of a member state.
  • If you have obtained a restriction on processing pursuant to the above list, we will inform you before the restriction is lifted.

Right to lodge complaints: Regardless of another administrative or judicial legal remedy, you have the right to lodge complaints with a supervisory authority, particularly in the member state where your place of residence, your workplace or the place of the suspected violation is located if you believe that the processing of the personal data concerning you is in violation of the GDPR. You can also contact the Elatec Group’s data protection officer. You can reach them on the following details: datenschutz@hjp.de, Phone: +49 (0)6841 9816 0, Fax: +49 (0)6841 9816 29

H. Need to provide personal data

The provision of personal data is neither legally nor contractually required, nor are you obligated to provide the personal data. However, the provision of personal data is necessary for concluding a contract with us. So, unless you provide us with personal data, we will not enter into a contractual relationship with you. If a contract has not been concluded yet, we follow the principle of collecting as little data as possible. Nevertheless, a minimum amount of contact data is necessary so we can provide you with the information you require about our products and services and so we can provide our service.

I. No automated decision-making

No automated decision-making takes place on a case-by-case basis under Art. 22 of the GDPR.

Get in touch with us