Data Protection
General Information
Thank you for visiting our website and for your interest in our company. We strive to offer you the best possible service; this also includes continuous optimizing of our Internet presence and, especially the protection of your personal data.
Please find below information about how we handle your personal data in accordance with the General Data Protection Regulation (“GDPR”).
Definitions
First, we will give you an overview of the terms used in this privacy policy:
1. "personal data" is all information that relates to an identified or identifiable natural person, such as names, addresses, telephone numbers or email addresses that express the identity of a person.
2. "processing" means any manual or automated process in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation, modification, reading, querying, use, disclosure Transmission, distribution or provision, comparison, linking, restriction, deletion or destruction.
3. "profiling" refers to any type of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, To analyze or predict the health, personal preferences, interests, reliability, behavior, whereabouts or relocation of this natural person.
4. "controller" is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data.
5. "processor" is a natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible.
6. "recipient" is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not.
7. "third party" is a natural or legal person, authority, institution or other body apart from the data subject, the person responsible, the processor and the persons who are authorized to process the personal data under the direct responsibility of the person responsible or the processor.
Controller/ Data Protection Officer
1. Skytanking Holding GmbH, Raboisen 6, 20095 Hamburg, info@skytanking.com is responsible for the data collection and processing described below. In the following, the controller is also referred to as "we".
2. Our company data protection officer will be pleased to provide you with further information or respond to any feedback concerning data protection. You can contact our data protection officer at
dataprotectionofficer@skytanking.com
or at our postal address with the addition “the data protection officer”.
Processing personal data
1. Usage Data
Whenever you visit our websites, for statistical purposes our web server will temporarily store in a log so-called usage data” to allow us to improve the quality of our websites. This data set comprises:
- The name and address of the requested content,
- The date and time of the request,
- The data volume transmitted,
- The access status (file transmitted, file not found),
- The description of the type of web browser and operating system used,
- The referral-link, which shows from which site you accessed our website,
- The requesting computer’s IP address
We will store the IP address transmitted by your web browser for a period of seven days strictly for the purpose of being able to recognize, limit and rectify any attacks on our websites. After expiry of this period, we will erase or anonymize the IP address. The legal basis for this is Art. 6 Para. 1 lit. f GDPR.
Online Job Applications
We process your personal data in accordance with the applicable data protection provisions, based on section 26 of the BDSG-neu [Federal Data Protection Act– Revised]. We process the data you relinquish to us in connection with your online application exclusively for the purpose of selecting from among the candidates. No data processing for other purposes will take place.
You yourself determine the scope of the data you would like to communicate to us in connection with your online application. Online applications are transmitted to our HR department and processed by HR as rapidly as possible. The data are transmitted in encrypted form. As a rule, applications are forwarded to the heads of the responsible specialist units of our company. Other than that, no sharing of your data takes place. Your details will be treated by us as confidential. If your application proves unsuccessful, your documents will be deleted on the expiry of 6 months.
If you wish us to have regard to your application in connection with other or future job vacancies, please do include a note on your application to this effect. Your data will then be processed in compliance with article 6, section 1 (a) of the General Data Protection Regulation. In this case, your application will be deleted after two years.
Use of Cookies
Matomo
We use the web analysis tool Matomo (formerly Piwik) to design our webpages according to your needs. Matomo creates usage profiles on the basis of anonymous usage data. Further information regarding the data protection regulations can be found at https://matomo.org/privacy. We use cookies in order to do so. This enables to record. the data used by your device in relation to the usage profile. The processing is carried out on the basis of Article 6, Paragraph 1, Sentence 1, Letter a) GDPR, if you gave us your consent.
You can revoke your consent by clicking here and choosing the respective option.
The usage profile made by Matomo contains:
- Anonymized IP address by deleting the last 2 Bytes (e.g. 198.51.0.0 instead of 198.51.100.54)
- Pseudo-anonymized approximate location/region (based on the anonymized IP address)
- Date and time
- Title of the accessed site
- URL of the accessed site
- URL of the previously accessed site (if permitted)
- Screen resolution
- Local time
- Data clicked and downloaded
- External links
- Duration of the page load
- Country, region, city (with low accuracy due to IP addresses)
- Main language of the browser
- Used browser
- Interaction with forms (but not their content)
- Operating system
- Browser-Plugins
The mentioned usage profiles will only be stored pseudonymized. This way we are able to recognize returning visitors, to count them as such and measure the reach and interest in our website. 4. Google Maps
We are using the service of Google Maps on this website. A service of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001 (“Google”). This allows us to show you interactive maps on the website and enable you to conveniently use the map function.
By accessing the website, Google will receive the information that you accessed the subpage of our website. Further, data named under usage data in this declaration will be transmitted. This happens irrespective of whether Google provides a user account which you are logged in to or if no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be assigned to your profile on Google, you must log out before activating the button. Google stores your data as a usage profile and uses it for advertising, market research and / or needs-based design of its website. You have the right to object to the creation of these user profiles, although you must contact Google to exercise this right.
However, within our embedded configuration no consolidation of data with your Google account will take place, so that the data Google receives from you will be restricted to the minimum necessary in order to provide the maps.
We would like to point out that when using Google Maps personal data can be processed in the USA. In the opinion of the European Court of Justice, however, the USA does not have a level of protection that is essentially equivalent to the GDPR. In addition, the legal protection options guaranteed to EU citizens by the Charter of Fundamental Rights of the European Union are not given to the same extent in the USA. This applies in particular to the possibility of legal protection against the processing of personal data. There is a risk that your data will be processed by US authorities for control and monitoring purposes without you being given the right to redress. For this reason, the transfer of your personal data to the USA takes place exclusively on the basis of your consent to the transfer of your personal data to a third country in accordance with Art. 49 Paragraph 1 lit a) GDPR. Further information on the purpose and scope of data collection and how it is perceived by receiving the plug-in can be found in Google’s privacy policy. There you will also find further information on your rights in this regard and setting options to protect your rights: http://www.google.de/intl/de/policies/privacy.
Embedded YouTube Videos
YouTube videos are embedded in a few subpages of our website. Accessing these subpages results in reloading contents from YouTube. YouTube will receive your personal data (e.g. IP address, usage data) within this frame, which is technically necessary to access the content. This happens irrespective of whether YouTube provides a user account which you are logged in to or if no user account exists. If you are logged in to YouTube, your data will be assigned directly to your account. If you do not wish to be assigned to your profile on YouTube, you must log out before activating the button. YouTube stores your data as a usage profile and uses it for advertising, market research and / or needs-based design of its website. You have the right to object to the creation of these user profiles, although you must contact YouTube to exercise this right. We would like to point out that YouTube LLC stores the data of its users (e.g. personal information, IP address) in accordance with its own data usage guidelines and uses it for business purposes. We do not have any influence regarding the further processing of YouTube. However, when embedding the videos, we made sure to activate the extended data protection mode being offered by YouTube.
The legal basis for the use of Google Analytics is the consent you have given in accordance with Art. 6 Paragraph 1 Clause 1 lit. a) GDPR.
We would like to point out that when using YouTube personal data can be processed in the USA. In the opinion of the European Court of Justice, however, the USA does not have a level of protection that is essentially equivalent to the GDPR. In addition, the legal protection options guaranteed to EU citizens by the Charter of Fundamental Rights of the European Union are not given to the same extent in the USA. This applies in particular to the possibility of legal protection against the processing of personal data. There is a risk that your data will be processed by US authorities for control and monitoring purposes without you being given the right to redress. For this reason, the transfer of your personal data to the USA takes place exclusively on the basis of your consent to the transfer of your personal data to a third country in accordance with Art. 49 Paragraph 1 lit a) GDPR.6. Social Media
Data Transfer to Third Parties
We will not pass on your personal data to third parties unless you agree to the transfer, there is a legal obligation to transfer it, this serves to fulfill a contract or we can rely on legitimate interests in an economic and effective operation with regard to this transfer our business operations.
Within the Skytanking Group, we exchange data on the basis of your expressly declared consent in accordance with Art. 6 Para. 1 lit. a GDPR or on the basis of our legitimate interest within the group of companies to transmit personal data for internal administrative purposes, in accordance with Art. 6 Para. 1 S. 1 lit. f. GDPR.
Within the framework of data processing on our behalf as defined by Art. 28 GDPR, we will transfer your data to service providers who assist us with the operation of our websites and the related processes. Our service providers are bound by strict instructions issued by us and subject to corresponding contractual obligations.
Processing and storage time of personal data
We process and store your personal data as long as it is necessary for the purposes for which it was collected or otherwise processed, in particular as long as it is necessary for the fulfillment of our contractual and legal obligations. It should be noted that the business relationship can be a long-term contractual relationship that extends over several years.
If you have applied to us, we will store your personal data as long as this is necessary for the decision on your application. If there is no employment relationship between you and us, we can also continue to store the personal data, insofar as this is necessary to defend against possible legal claims. In principle, the application documents are deleted six months after notification of the rejection decision, unless longer storage is required (e.g. because an employment relationship has been established or in the event of legal disputes) or you have given your consent.
Your Rights as a User
1. You, as a so-called data subject, have the following rights:
- the right to information according to Article 15 GDPR. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of the right to object, the origin of your data, if we have not collected it, as well as the existence of automated decision-making, including profiling;
- the right to rectification according to Article 16 GDPR;
- the right to erasure according to Article 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- the right to restriction of processing according to Article 18 GDPR, if you dispute the accuracy of the data, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR, Art. 18 GDPR;
- the right to object according to Article 21 GDPR and
- the right to data portability according to Article 20 GDPR. That is to say you can receive your personal data that you have provided to us in a structured, common and machine-readable format and to request the transfer to another person responsible
- the right to revoke your once given consent to us at any time, Article 7 Para. 3 GDPR. As a result, we are no longer allowed to continue the data processing based on this consent in the future; and
- in the case of an automated decision (profiling) the right to present one's own point of view and to contest the decision, Art. 22 Para. 3 GDPR;
- In addition, you have a right to lodge a complaint with a supervisory authority (Article 77 GDPR in conjunction with Sect. 19 BDSG).
Your rights to information and erasure are subject to limitations in accordance with Sect. 34 and 35 BDSG (German Federal Data Protection Act).
2. Right to Object (Art. 21 GDPR)
In case that data are gathered on the basis of Art. 6 Para. 1 lit. f (data processing for the purposes of legitimate interests) you have the right to object the processing at any time for reasons relating to your respective situation. If you do object, we will no longer process your personal data unless there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of any legal claims.
3. Right to Lodge a Complaint with a Supervisory Authority
According to Art. 77 GDPR you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of your personal data infringes data protection law regulations. You can assert this right in particular with a supervisory authority in the member state of your habitual residence; place of work or the place of the alleged infringement.
Data Security
We have implemented technical and organizational measures to ensure that your data are comprehensively protected against any undesired access. We use an encryption procedure on our sites. Your computer will use TLS encryption to transmit your data to our server via the Internet and vice versa. This is indicated by the locked padlock symbol in your browser status bar and the address line beginning with https:// .
Need to provide data
As part of the use of the website and its functions, you must provide us with the personal data required for the respective use and / or which we are legally obliged to collect, Art. 13 Para. 2 lit. e) GDPR. Without this data, it will usually not be possible to use the functions, request our services or contact us.
Automated decision making (including profiling)
When using our website, there is basically no fully automated decision-making (profiling) in accordance with Art. 22, Art. 13 Paragraph 2 lit. f), Art. 14 Paragraph 2 lit. g) GDPR. If we use this procedure in individual cases, we will inform you about this separately, provided this is required by law.
Topicality and changes to this privacy policy
This privacy policy is as of April 3, 2024. Due to the further development of our website and offers or due to changed legal or official requirements, it may be necessary to change this privacy policy. You can call up and print out the current data protection declaration at any time.