Privacy Policy
The responsible body within the meaning of the data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:
gradient.Systemintegration GmbH
Weiherstraße 10
D-78224 Singen (Hohentwiel)
t +49 (7731) 7 97 72 - 0
f +49 (7731) 7 97 72 - 16
info@gradient.de
If you have any questions about data protection, please send us an e-mail or contact the Data Protection Officer in our organisation directly:
Holger Klaussner
Weiherstraße 10
D-78224 Singen (Hohentwiel)
datenschutz@gradient.de
1. General
1.1 Scope of the processing of personal data
Generally, we process the personal data of our users only to the extent necessary to provide a functional website and our content and services. The personal data of our users is processed regularly only with the users’ prior consent. An exception is made in cases where prior consent cannot be obtained for valid reasons and the processing of data is permitted by applicable statutory provisions.
1.2 Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject to process their personal data, Art. 6 para. 1 lit. a of the EU Data Protection Regulation (GDPR) serves as the legal basis.
Where processing of personal data is necessary for the performance of a contract to which the data subject is a part, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing steps which are necessary prior to entering into a contract.
Insofar as processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
If vital interests of the data subject or another natural person require the processing of personal data Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis.
1.3 Data deletion and storage period
The personal data of the data subject will be deleted or blocked das as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. Data will be blocked or deleted also in cases where a period of storage prescribed by the aforementioned norms expires, unless there is a need for further storage of the data for the purposes of concluding or performing a contract.
2. Provision of the website and generation of log files
2.1 Description and extent of data processing
Our website is hosted by a German provider (1&1 IONOS SE). We have concluded a data processing agreement with this provider in accordance with Art. 28 GDPR.
Every time a user accesses our website, our system automatically collects data and information from the computer system from which the website is accessed.
The following data is collected:
Storage of this data together with other personal data of this user (e.g. IP address) does not occur.
2.2 Legal basis for data processing
The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f GDPR.
2.3 Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For that purpose, the user’s IP address must remain stored for the duration of the session.
These purposes also describe our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.
2.4 Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collected for the purpose of providing our website, this occurs when the respective session ends.
2.5 Possibility of objection and disposal
The collection of data for the provision of our website and the storage of data in log files is absolutely necessary for the operation of our website. There is, therefore, no possibility of objection on the part of the user.
3. Use of cookies
3.1 Description and extent of data processing
Our website uses cookies. Cookies are text files stored in the internet browser or by the internet browser in the user’s computer system. When a user accesses a website, a cookie may be stored in the user’s operating system. This cookie contains a typical sequence of characters by which the browser can be uniquely identified when the same website is visited the next time.
We use cookies in order to make our website more user-friendly. Some elements of our website require the calling browser to also be identified after a change to another site takes place.
This website uses the following cookies:
|
Name |
Lifetime |
Purpose |
|
XSRF-TOKEN |
2 hours |
Is required to defend against XSRF attacks. |
|
laravel_session |
2 hours |
Contains session information and is required for the technical implementation of our website. |
The user data collected in this way is pseudonymized by technical precautions. Therefore, it is no longer possible to assign the data to the user accessing the website. The data is not stored together with other personal data of the user.
3.2 Legal basis for data processing
The legal bases for processing personal data using cookies is Art. 6 para. 1 lit. f GDPR.
3.3 Purpose of data processing
The purpose of using technically necessary cookies is to make the website easier to use. Some functions our website cannot be made available without the use of cookies. For this reason, it is necessary that the browser is also identifiable after a site change.
User data collected by cookies that are technically required will not be used to generate user profiles.
These purposes also describe our legitimate interest in the processing of personal data according Art. 6 para. 1 lit. f of the GDPR.
3.4 Storage duration, possibility of objection and disposal
Cookies are stored in the user’s computer and transferred to our system from there. The user has full control of the ways is which cookies are used. You can disable or restrict the transfer of cookies by changing the settings in your internet browser. Cookies already stored can be deleted at any time. This can be done automatically. If cookies are disabled for our website, the full use of all functions of our website may not be available.
4. Contact form and e-mail contact
4.1. Description and extent of data processing
A contact form is available on our website for users to contact us by electronic means. If a user makes use of this option, the data entered in the input mask will be transferred to us and stored. This data includes:
For the processing of this data, your consent will be obtained during the sending process and reference will be made to this privacy policy.
Alternatively, you can contact us using the e-mail address provided. In this case, the user’s personal data will be transferred with the e-mail.
In both cases, the data will be transferred to our e-mail provider:
Microsoft Ireland Operations, Ltd., Attn: Data Privacy, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA
The data will only be stored in servers in the EU and we have a processing contract with Microsoft.
In this context, the data will not be passed on to third parties, with the exception of Microsoft. The data will be used exclusively for processing the conversation.
4.2 Legal basis for data processing
The legal basis for processing the data is the user’s consent Art. 6 para. 1 lit. a GDPR.
The legal basis for processing the data, which are transmitted in the course of sending an e-mail, is Art. 6 para. 1 lit. f GDPR. If the e-mail is sent in connection with the aim of concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.
4.3 Purpose of data processing
The processing of personal data from the input mask serves only to process the establishment of contact. In the case of e-mail contact, this is also the necessary legitimate interest in processing the data.
The other personal data processed during the sending process is used to prevent abuse of the contact form and ensure the security of our IT systems.
4.4 Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected and no legal archiving obligations apply. For personal data from the input mask of the contact form and the data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be concluded from the circumstances that the matter in question has been finally clarified.
4.5 Possibility of objection and disposal
The user can withdraw his consent to the processing of personal data at any time. If a user contacts us by e-mail, he can object to the storage of personal data at any time. In such a case, the conversation cannot be continued.
In order to withdraw consent or object to the storage of personal data, please contact our Data Protection Officer. Contact details can be found at the beginning of this privacy policy.
All personal data which was stored in the course of establishing contact with us will be deleted.
5. Social Media
We offer an online service on the social media platform Facebook to provide information and contact users.
When visiting our Facebook page, cookies will be stored by Facebook in the user’s browser. These will be used, for example, to display personalised advertising to the user. User data may be processed outside the EU. We have no influence on the cookies set and the processed data.
Personal data processing is based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) in communicating with our customers and providing a diverse external presentation of our company. If applicable, the user has given his consent to Facebook for data processing. The legal basis for processing in this case is Art. 6 para. 1 lit. a GDPR.
Data is processed by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. The basis is the agreement on joint processing of personal data according to Art. 26 GDPR: https://www.facebook.com/legal/terms/page_controller_addendum
Facebook privacy policy: https://www.facebook.com/about/privacy/
It is possible to opt out under the following address: https://www.facebook.com/settings?tab=ads
6. Applicants
6.1 Description and extent of data processing
We offer current job vacancies on our website. Users can apply for these vacancies. For this purpose, you will be redirected to the website of our parent company DAVASO Holding GmbH. The user's personal data is collected and processed on our behalf by DAVASO Holding GmbH. We have concluded a data processing agreement in accordance with Art. 28 DSGVO for this purpose.
The following data is collected within the application process:
After having completed the data entry process, the user is asked to consent to the processing of this data.
6.2 Legal basis for data processing
a) To comply with (pre)contractual obligations (Art. 6 para. 1 b) GDPR in conjunction with Art. 88 GDPR and § 26 para. 1 (1) FDPA
As part of the application process, we process your personal data in accordance with the provisions of the GDPR and the Federal Data Protection Act (FDPA), according to which, among other things, personal data may be processed where a decision is required for employment-related purposes. Your personal data will be electronically stored and used solely for the purpose of the applicant selection process.
b) Based on your consent (Art. 6 para. 1 a) GDPR in conjunction with Art. 88 GDPR and § 26 para. 2 FDPA)
If you have granted consent to us processing your personal data for specific purposes (e.g. inclusion in the applicant pool), the lawfulness of this processing is based on your consent. Consent can be revoked at any time.
c) Within the framework of legitimate interests (Art. 6 para. 1 f) GDPR in conjunction with Art. 88 GDPR and § 26 para. 1 FDPA)
If necessary, we process your data beyond the actual fulfilment of the above purpose, to protect our legitimate interests or that of third parties (e.g. assertion of legal claims and defence in legal disputes, ensuring IT security).
6.3 Purpose of the data processing
Registration of the user/applicant is required for the fulfillment of a contract with the user or for the performance of pre-contractual measures.
Applicants’ data are collected, processed, stored and used by DAVASO Holding GmbH and Gradient Systemintegration GmbH solely for the purpose of processing applications. This data will not be passed on to third parties.
If your application is successful, the data and files you transmitted will continue to be used within the scope of the employment relationship, taking into account the provisions of data protection law. If your application for a job is not successful or if you have sent us a speculative application and we are unable to offer you a position, your application data will be deleted after 6 months, unless legal provisions prevent their deletion or further storage is necessary for evidence purposes.
6.4 Duration of storage
The application data will be deleted after 6 months provided they are no longer required to achieve the purpose for which they were collected.
This is the case for data collected during the application process for the fulfillment of a contract or for the implementation of pre-contractual measures when the data is no longer required for the implementation of the contract. Even after conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations.
6.5 Right to objection and erasure
As a user you may cancel the application at any time. The data stored about you can be changed at any time.
If you wish to withdraw your application or, during the application process, no longer agree with the storage of your application data, we will delete your data if you instruct us to do so. Please contact the Human Resources department of our data processor DAVASO Holding GmbH (karriere@davaso.de) in this regard. Please understand that if you delete your application data during the application process, we will not be able to process your application any further and the application process will end automatically.
If the data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.
7. External links
Our offer contains links to other websites. We do not have any influence on whether their operations comply with data protection regulations
8. Rights of the data subject
By contacting our Data Protection Officer using the details provided, you can exercise the following rights at any time:
If you have given us your consent, you can revoke this at any time with effect for the future.
9. Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a relevant supervisory authority at any time. Your local supervisory authority will vary according to the federal state where you live, your employment or the suspected violation. A list of the supervisory authorities (for the non-public sector) with addresses can be found at : https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html or https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
10. Data security
The TLS method is used to protect the transmitted data.
An encrypted connection can be recognized by the lock symbol in the browser line.
11. Change to our privacy policy
We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.
Last updated: 16.07.2021
