Highlight
Successful together – our valantic Team.
Meet the people who bring passion and accountability to driving success at valantic.
Get to know us
valantic CEC Deutschland GmbH Privacy Policy
In this privacy policy, we inform you about the scope of the processing of your personal data (hereinafter referred to as “data”).
1. Responsible for data processing
Responsible for data processing in accordance with the provisions of the General Data Protection Regulation (GDPR) is
valantic CEC Deutschland GmbH
Reichskanzler Müller Street 12-14
D-68165 Mannheim
E-mail: info@cec.valantic.com
2. Contact details of our data protection officer
Birgit Hellmann-Ploschke, LL.B.
valantic CEC Deutschland GmbH
Felix-Wankel-Strasse 16
40764 Langenfeld
E-mail: datenschutz@cec.valantic.com
3. General information on data processing
We process data as part of our business and website operations.
This also includes disclosure by transfer to third parties and, if applicable, to so-called third countries outside the European Union (“EU”) and the European Economic Area (“EEA”). Where we transfer data outside the EU or the EEA, we have marked this accordingly below.
4. Data processing
The individual data concerned, processing purposes, legal bases, recipients and, if applicable, transfers to third countries are listed below:
a) Making contact
If you contact us, we process the following data from you for the purpose of processing and handling your request: Name, contact details – if provided by you – and your message.
The legal basis for data processing is our obligation to fulfill the contract and/or to fulfill our pre-contractual obligations pursuant to Art. 6 para. 1 b) GDPR and/or our overriding legitimate interest in processing your request pursuant to Art. 6 para. 1 f) GDPR.
b) Establishing contact for applications
If you contact us to send us your application as an employee, e.g. by e-mail or via a contact form, the data you provide (e.g. name, e-mail address, desired place of work, etc.), your message and the application documents sent will be processed exclusively for the purpose of processing and handling your application request.
The legal basis for data processing is primarily § 26 BDSG. Accordingly, the processing of data required in connection with the decision on the establishment of an employment relationship is permitted.
Should the data be necessary for legal prosecution after completion of the application process, data processing may be carried out to safeguard our legitimate interests in accordance with Art. 6 para. 1 f) GDPR, namely to assert and/or defend against claims.
c) Contract processing and data management in the context of service provision
We process various data as part of the provision of our services and to initiate and process the existing contractual relationship between you and us.
If you have commissioned us to provide a service, we process your data (if provided: name, contact details, address) and all information necessary for the fulfillment of the contract exclusively for the purpose of processing and handling the contractual relationship.
This includes in particular our appropriate advice and support, correspondence with you, invoicing, fulfillment of our accounting and tax obligations.
The data is processed accordingly on the basis of Art. 6 para. 1 b) GDPR and to fulfill our legal obligations in accordance with Art. 6 para. 1 c) GDPR.
If this is necessary to process the order, your data will be passed on to third parties.
This includes, in particular, disclosure to supervisory authorities for the purpose of correspondence and for the assertion and defense of your rights.
We take all appropriate measures to only transfer personal data to the extent that this is necessary for the underlying purpose.
d) Use of the Microsoft Teams video conferencing system
Microsoft Teams is software from the company’s Microsoft 365 product range:
Microsoft Ireland Operations Limited
One Microsoft Place
South County Business Park Leopardstown
Dublin 18
D18 P521
Ireland
Through the video conferencing function of Microsoft Teams, we can provide employees, applicants, customers, business partners and interested parties with video and audio communication options via the Internet and enable them to conduct and participate in online events.
We process the following personal data as part of our online meetings and events using Microsoft Teams:
- Communication data (e.g. your email address, if you provide this personal data)
- Personal master data (if you provide this)
- Log files, protocol data
- Metadata (e.g. IP address, time of participation, etc.)
- Profile data (e.g. your user name, if you provide this yourself)
Microsoft Teams online meetings and events are not recorded by us unless we have obtained your consent in advance.
The chat content is logged when using Microsoft Teams. Files that users share in chats are stored in the OneDrive for Business account of the user who shared the file. The files that team members share in a channel are saved on the team’s SharePoint site.
In Teams meetings, all participants can set their own audio and video inputs. Unauthorized processing by other participants, e.g. by recording the meeting, cannot be definitively excluded or prevented by us.
Data processing with Microsoft 365 is carried out on our behalf on servers in data centers in the European Union. However, we cannot rule out the possibility that data may be routed via internet servers located outside the EU. This may be the case in particular if meeting participants are located in a third country.
For data transfers to the USA, Microsoft is certified under the EU-US Data Privacy Framework and is therefore covered by the EU adequacy decision.
In accordance with its privacy policy, Microsoft reserves the right to process customer data for its own legitimate business purposes. We have no influence on this data processing by Microsoft. To the extent that Microsoft Teams processes personal data in connection with its legitimate business purposes, Microsoft is an independent controller for these data processing activities and as such is responsible for compliance with all applicable data protection laws. If you require information about the processing by Microsoft, please refer to the relevant Microsoft statements: https://privacy.microsoft.com/de-de/privacystatement.
Insofar as personal data of employees is processed to establish, implement or terminate the employment relationship, Section 26 BDSG is the legal basis for data processing. Otherwise, data processing is carried out on the basis of legitimate interest in accordance with Art. 6 para. 1 f) GDPR. The purpose and legitimate interest of this data processing are If an online meeting or event is recorded with your prior consent, the data processing is carried out in accordance with Art. 6 para. 1 a) GDPR.
e) Participation in competitions
If you take part in a competition organized by us, we will process the data you provide: First name, last name, e-mail address, and – if provided by you -: address, company, telephone number for the purpose of participation or contacting you in the event of notification of a win. If you have been determined as the winner, we will ask for your surname, first name and address for the purpose of communicating the prize, unless this has already been done as part of your registration. In any case, we will inform you of your win in advance by e-mail.
We will send your surname, first name and address to the company responsible for delivering the prize.
The data processing is carried out to fulfill our obligations in the context of the prize draw in accordance with Art. 6 para. 1 b) GDPR.
f) Internet security services
We use the internet security services of Cloudflare, Inc, 101 Townsend Street, San Francisco, CA 94107, USA, for the security and protection of our online presence and in particular to defend against distributed denial-of-service (DDoS) attacks. Cloudflare processes the end users’ log data on our behalf: IP address, system configurations and information about the incoming and outgoing traffic of the websites, devices and applications of the website visitors and can also transmit this to the USA. The legal basis for data processing is our overriding legitimate interest in the continuous provision and security of our website in accordance with Art. 6 para. 1 f) GDPR.
Cloudflare is certified under the EU-US Data Privacy Framework for data transfers to the USA for the aforementioned purposes and is therefore covered by the EU adequacy decision.
5 Duration of data storage
We generally delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion will only be considered after the respective retention obligation has expired.
6 Your rights as a data subject
a) Information
On request, you can obtain information about all personal data that we have stored about you at any time and free of charge.
b) Correction, deletion, restriction of processing (blocking), objection
If you no longer agree to the storage of your personal data or if it has become incorrect, we will arrange for the deletion or blocking of your data or make the necessary corrections (insofar as this is possible under applicable law). The same applies if we are only to process data to a limited extent in future. You also have the right to object in cases where the processing of your data is necessary for the performance of a task carried out in the public interest or for the purposes of our legitimate interests and profiling based on those interests. You also have such a right to object in the case of data processing for the purpose of direct advertising.
c) Right to withdraw consent with effect for the future
You can withdraw your consent at any time with effect for the future. Your revocation does not affect the legality of the processing up to the time of revocation.
d) Data portability
If data processing is carried out on the basis of a contract, pre-contractual negotiations, consent or with the aid of automated procedures, you have the right to data portability. Upon request, we will provide you with your data in a commonly used, structured and machine-readable format so that you can transmit the data to another controller if you wish.
e) Restriction of processing
Data for which we are not able to identify the data subject, e.g. if it has been anonymized for analysis purposes, is not covered by the above rights. Information, deletion, blocking, correction or transfer to another company may be possible with regard to this data if you provide us with additional information that allows us to identify you.
f) Exercising your rights as a data subject and right to lodge a complaint
If you have any questions regarding the processing of your personal data, information, correction, blocking, objection or deletion of data or if you wish to transfer the data to another company, please contact datenschutz@cec.valantic.com.
You also have the option of complaining to a supervisory authority about your rights as a data subject.