With the following data protection information, we, ANALYZE HSE GmbH, Bayrische Str. 8, 01069 Dresden, as the controller within the meaning of the General Data Protection Regulation (GDPR), explain which personal data we process when you visit our website and use our online services. In addition, the Telecommunications Digital Services Act (TDDDG) applies to our site. We would like to point out that, by default, all data transmissions in connection with our website are carried out via an encrypted connection.
We reserve the right to occasionally update our privacy policy to ensure that it always complies with current legal requirements or to reflect changes to our services. We therefore recommend that you read the privacy policy regularly to stay informed about the protection of the personal data we process.
When you access our website, a range of technical data is logged. This general data and information is stored in the server’s log files. Your IP address, browser identification and domain, the name of the file accessed, the date and time of access, the amount of data transferred and the successful access are recorded in a log file. The processing of personal data is carried out for the purpose of providing the website as well as for troubleshooting and investigating misuse or fraud based on a legitimate interest pursuant to Art. 6 (1) (f) GDPR. In the case of data collection for the purpose of providing the website, the data is deleted when the user’s session ends and they close their browser. If the data is stored in log files, the log files are deleted after seven days at the latest. Storage beyond this period is possible in individual cases, e.g., in the event of an attack on our IT systems.
We use cookies on our website. Cookies enable us to optimize the information and offers on our website for the benefit of the user. Cookies enable us to recognize users of our website. The purpose of this recognition is to make it easier for users to use our website.
Cookies are used on our website in connection with the following services:
Based on your consent in accordance with Art. 6 (1) (a) GDPR and with regard to the setting of cookies in accordance with § 25 (1) TDDDG in conjunction with Art. 4 No. 11, Art. 7 GDPR, we use Google Analytics, a web analysis service provided by Google Ireland Limited (“Google”), using Google Tag Manager. For this purpose, a contract for order processing in accordance with Art. 28 GDPR has been concluded with Google. In accordance with Art. 49 (1) sentence 1 lit. a) GDPR, your declaration of consent expressly includes the possible worldwide transfer and processing of data by other companies within the Google LLC group. In this regard, we would like to expressly point out any risks, such as the more difficult enforcement of data protection rights of data subjects.
Google is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the US that is intended to ensure compliance with European data protection standards when data is processed in the US. Every company certified under the DPF undertakes to comply with these data protection standards. In addition, in the event of data transfer to the parent company Google LLC, based in the US, suitable guarantees for the protection of data subjects within the meaning of Art. 46 (1) GDPR are provided by the conclusion of standard data protection clauses in accordance with Art. 46 (2) (c) GDPR. In this regard, we would like to expressly point out any risks, such as the difficulty of enforcing data protection rights of data subjects.
We use the following cookies for Google Analytics:
Cookie | Purpose | Storage period |
_ga | Storing and counting page visits | 13 months |
_ga_7X9Z2MKJD0 | Storing and counting page visits | 13 months |
The cookies set by Google Analytics store your IP address, the date and time of your visit, the click path, device information including operating system, location information, pages visited, the so-called referrer URL, browser information including language settings and type, interaction data, user behavior, visited URL, the name of the host, and the cookie ID are processed on our behalf in order to evaluate the use of our online offering, compile reports on the activities within our online offering, and provide other services related to the use of our online offering. This also allows the creation of pseudonymized user profiles.
Tags can be integrated centrally via a user interface using Google Tag Manager. Tags are small pieces of code that can track activities. Script codes from other tools are integrated via Google Tag Manager. Tag Manager allows you to control when a specific tag is triggered.
Google Analytics is used exclusively with IP anonymization. All processed personal data is deleted or completely anonymized after 14 months. For more information about Google’s use of data, settings, and options for opting out, please refer to Google’s privacy policy and the settings for the display of advertisements by Google.
Based on your consent pursuant to Art. 6 (1) (a) GDPR and with regard to the setting of cookies pursuant to § 25 (1) TDDDG in conjunction with Art. 4 No. 11, Art. 7 GDPR, we use Google Maps, an online map provider from Google Ireland Limited (“Google”), to display our location and any directions. In accordance with Art. 49 (1) sentence 1 lit. a) GDPR, your declaration of consent also expressly includes the possible worldwide transfer and processing of data by other companies belonging to Google LLC. In this regard, we would like to expressly point out any risks, such as the more difficult enforcement of data protection rights of data subjects.
Google is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the US that is intended to ensure compliance with European data protection standards when processing data in the US. Every company certified under the DPF undertakes to comply with these data protection standards. In addition, in the event of data transfer to the parent company Google LLC, based in the US, the conclusion of standard data protection clauses in accordance with Art. 46 (2) (c) GDPR provides appropriate safeguards for the protection of data subjects within the meaning of Art. 46 (1) GDPR. In this regard, we would like to expressly point out to any risks, such as the difficulty of enforcing data protection rights of data subjects.
By integrating and using the map content, both usage data (e.g., access times, addresses entered for route planning, if applicable) and communication data (e.g., IP addresses) may be processed by Google. We have no influence on the further processing of personal data by Google. The cookies set by Google Maps to ensure functionality are deleted at the end of the session.
For the purpose and scope of data processing by Google, as well as your rights and settings options for protecting your privacy, please refer to Google’s privacy policy.
Based on your consent in accordance with Art. 6 (1) (a) GDPR and with regard to the setting of cookies in accordance with § 25 (1) TDDDG in conjunction with Art. 4 No. 11, Art. 7 GDPR, we use WP Statistics, an analysis tool for the statistical evaluation of visitor access. The provider is Veronalabs, Tatari 64, 10134, Tallinn, Estonia. WP Statistics enables us to analyze the use of our website. WP Statistics collects, among other things, log files (IP address, referrer, browser used, origin of the user, search engine used) and actions that website visitors have taken on the site (e.g., clicks and views). clicks and views). We use WP Statistics with anonymized IP. Your IP address is truncated so that it can no longer be directly assigned to you. The data collected with WP Statistics is stored exclusively on our own server. For more information, please refer to the provider’s privacy policy.
In addition, only strictly necessary cookies are used on our website in accordance with § 25 (2) No. 2 TDDDG:
Cookie (provider) | Purpose | Storage period |
borlabs-cookie | Ensuring that the website is provided in compliance with data protection regulations (storage of the end user’s consent status for cookies and similar services on the current domain selected in the consent management platform). | 1 month 29 days |
pll_language (Polylang) | Stores the current language of the page. | 1 year |
The subsequent processing of your personal data is based on our overriding legitimate interest pursuant to Art. 6 (1) (f) GDPR. Our legitimate interest here lies in ensuring user-friendliness, ensuring that the website is provided in compliance with data protection regulations, and ensuring the unrestricted technical functionality of the website.
This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. The Google Fonts are installed locally. There is no connection to Google servers. Google Fonts are used in the interest of a uniform and appealing presentation of our online offering. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. Further information on Google Fonts can be found in Google’s privacy policy.
With your consent, we use the YouTube embedding function on our website to display and play YouTube videos in accordance with Section 25 (1) TDDDG in conjunction with Art. 4 No. 11, Art. 7 GDPR. Any processing of your personal data associated with the integration is based on your consent in accordance with Art. 6 (1) (a) GDPR. In accordance with Art. 49 (1) sentence 1 (a) GDPR, your declaration of consent also expressly includes the possible worldwide transfer and processing of data by other companies within the Google LLC group. In this regard, we would like to expressly point out any risks, such as the extensive access rights of investigative authorities and the difficulty of enforcing data protection rights of data subjects.
Google is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the US that is intended to ensure compliance with European data protection standards when data is processed in the US. Every company certified under the DPF undertakes to comply with these data protection standards. In addition, in the event of data transfer to the parent company Google LLC, based in the US, the conclusion of standard data protection clauses in accordance with Art. 46 (2) (c) GDPR provides appropriate safeguards for the protection of data subjects within the meaning of Art. 46 (1) GDPR. In this regard, we would like to expressly point out any risks, such as the difficulty of enforcing data protection rights of data subjects.
When the video content is displayed, the user’s IP address and other browser-related information is transmitted to Google. By embedding the videos in extended data protection mode, no further personal data is processed. Only when you click on the video to view it will additional information be transmitted to Google so that the video content can be displayed. If you are logged in to YouTube as a user, Google will assign this information to your personal user accounts.
For the purpose and scope of data processing by Google, as well as your rights and settings options for protecting your privacy, please refer to Google’s privacy policy.
Our website has a contact form that can be used to contact us electronically. You can also contact us by email using the contact details provided in the legal notice. When you contact us, we process the personal data you provide, in particular your name, email address, and your request, in order to clarify your request and to prevent and investigate cases of abuse, as well as the IP address and time of use. The processing of the listed personal data is based on the legitimate interest in responding satisfactorily to contacts and inquiries in accordance with Art. 6 (1) (f) GDPR or, in the case of requests for quotations and contractual matters, on the basis of the contract or pre-contractual measures in accordance with Art. 6 (1) (b) GDPR.
The personal data you provide will be treated confidentially by us, will be used exclusively for the purpose of processing your request, and will not be passed on to third parties unless this is necessary in individual cases due to the nature of your request. Personal data will be deleted after your request has been finally clarified or if you object. The IP address logged by and the time of contact will be deleted after seven days. The deletion periods stated here only apply if there are no legal retention periods that prevent deletion.
In the context of user-side use of our presences on the social networks listed below, we would like to point out that users’ personal data may also be processed by the operators of social networks outside the European Union and outside the European Economic Area. This may result in risks for users, for example in terms of making it more difficult to enforce data protection rights. At the same time, however, we would like to point out that, if the operators of the social networks support this, agreements on joint responsibility in accordance with Art. 26 GDPR and standard data protection clauses in accordance with Art. 46 (2) (c) GDPR will be concluded.
Furthermore, we would like to point out that users’ personal data is generally also processed by the operators of social networks for their own market research and advertising purposes. Any usage profiles generated from usage behavior can be used to display interest-based advertisements outside of social networks. For this purpose, the operators of social networks usually store cookies on users’ computers so that device information, usage behavior, and interests of users can be processed even if the user does not have a profile on the respective network. For more information on this and on any options for objection, please refer to the data protection information and further notes of the respective social network operators, which we have linked for you below.
The following also applies to the processing of personal data:
Categories of data processed
The categories of data processed include inventory data (e.g., names), contact data (e.g., email addresses), content data (e.g., text entries), usage data (e.g., interest in content), and meta and communication data (e.g., device information and IP addresses).
Purpose and legal basis of processing
Data processing is carried out, insofar as it is our responsibility, for the purposes of providing information, communication, marketing, and measuring reach. The operation of social media presences is based on a legitimate interest pursuant to Art. 6 (1) (f) GDPR, whereby the respective interests arise from the aforementioned purposes.
Storage period
The data categories processed by us are stored solely within the respective social network. In most cases, we have no influence on the specific storage period, as this is determined by the providers of the social networks. Information on this can be found in the data protection information of the respective provider. If we can influence the storage period in individual cases, deletion takes place after the purpose has been fulfilled, in compliance with the statutory retention obligations.
Services and service providers used by us and network-specific information
Below, we provide information about the services and service providers we use, as well as network-specific information, naming the respective responsible bodies within the EU/EEA and those outside it. We do not transfer any data beyond this.
Information on data subject rights
With regard to the assertion of data subject rights, we would like to point out that, in order to obtain comprehensive measures, these should ideally be addressed directly to the respective operator of the social network. Only the operators have access to all of the users’ processed personal data and can therefore provide more comprehensive information and take any necessary measures. If you need help with this, you can of course contact the controller or the data protection officer at any time using the contact details above.
When you apply for a job with us, we process the information we receive from you during the application process, e.g., through your cover letter, resume, references, correspondence, telephone or verbal information, or when you use the contact form provided on our website. In addition to your contact details, information about your education, qualifications, work experience, and skills is particularly relevant to us.
Your data will initially be processed solely for the purpose of carrying out the application process. If your application is successful, it will become part of your personnel file and will be used for the purpose of implementing and terminating the employment relationship. It will then be deleted in accordance with the regulations applicable to personnel files. If you withdraw your application, we will of course delete your data. Please note that any false statements or omissions may result in rejection or subsequent contestation of the employment contract.
The legal basis for data processing in the application process and as part of the personnel file is Art. 6 (1) (b) GDPR and, if you have given your consent, for example by sending information that is not necessary for the application process, your consent in accordance with Art. 6 (1) (a) GDPR. You may also revoke your consent at any time with effect for the future. The data concerned will then be deleted immediately. In this case, please send your revocation to info@analyze-hse.de , stating your full name and email address. In cases provided for by law, the data may be blocked instead of deleted.
Please note that CVs, references, or other data you submit for application purposes may also contain special categories of personal data within the meaning of Art. 9 para. 1 GDPR. We do not generally require special categories of personal data for the application process. We ask you not to send us any such information in advance. If, in exceptional cases, such information is relevant to the application process, we will process it together with your other application data. This may, for example, concern information about a severe disability, which you can provide to us voluntarily and which we then have to process in order to fulfill our special obligations with regard to severely disabled persons. In these cases, the processing serves to exercise rights or fulfill legal obligations under labor law, social security law, and social protection law. The legal basis for data processing is Art. 9 (2) (b) GDPR in conjunction with § 26 (3) BDSG.
The transmitted data will be deleted if you withdraw your application (revocation must be sent to info@analyze-hse.de ) or if we are unable to offer you a position, at the earliest three months after the end of the application process. This does not apply if legal provisions prevent deletion or if further storage is necessary for the purpose of providing evidence or if you have consented to longer storage.
Our website contains links to other websites, known as external links. We have no influence over whether the operators of other websites comply with data protection regulations. Please note that by clicking on a link to another website, you are subject to different data protection regulations. We have no influence over data processing on those websites. External links are marked as such in accordance with Section 19 (3) TDDDG.
To provide the website, we use service providers who process personal data on behalf of the responsible body or through whom access to personal data cannot be ruled out. We have concluded contracts with all of these service providers for order processing in accordance with Art. 28 GDPR. In addition to the service providers already mentioned, these are ALL-INKL.COM – Neue Medien Münnich (hosting) and AZOORA, a brand of MW-ITD GmbH (technical support).
Data subjects may at any time request information about the personal data concerning them and, if necessary, request correction or deletion or restriction of processing, or object to processing. They also have the right to data portability. In addition, if data processing is carried out on the basis of consent, this consent may be revoked at any time for the future. To exercise your rights, please contact our data protection officer, the Dresden Institute for Data Protection, at zentrale@dids.de (further contact details at www.dids.de). In addition, pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority if you suspect that the processing of personal data is unlawful.
