Data Protection Statement
Name and Contact Details of the Data Controller:
Quanos Solutions GmbH
Hugo-Junkers-Str. 15-17 | D-90411 Nuremberg;
Tel: +49 911 / 99097 - 0 | Fax: +49 911 / 99097 - 102
Email: info@quanos.com
Name and Contact Details of the Data Protection Officer:
Nicola Scholz-Recht, Solicitor
MG & P – Meinhardt, Gieseler & Partner mbB
Rathenauplatz 4-8
D-90489 Nuremberg
Tel: 0911 / 580 560 - 0
Email: scholz-recht@mgup.de
1. Collection and Recording of Personal Data and Nature and Purpose of the Data Usage
1.1 Visits to Our Website
Every time you visit our website or download a file, data about this activity is recorded by us/our service provider/hosting service and saved in a log file. The personal data will be anonymized to domain level by means of the truncation of your IP address, and then transmitted to us, within a maximum of seven days. The following information is recorded in the process, and stored until it is automatically deleted:
- name of the file downloaded
- date and time of the download
- volume of data transferred
- page from which the file was requested (referrer URL)
- pages you have called up from our website
- access status (file transferred, file not found, etc.)
- web browser and operating system used
- name of the service provider
- full IP address of the computer making the request
- notification of download success or failure.
The data specified is used for the following purposes:
- to ensure a smooth connection with the website
- to ensure ease of use of the website
- for technical security reasons, in particular to prevent attacks on our web server
- to evaluate system security and system stability
- for administrative purposes.
The legal basis for the data processing is the first sentence of Article 6(1)(f) GDPR. Our legitimate interest derives from the data protection purposes listed above. Under no circumstances do we use the data collected to draw any conclusions about your personal identity. When you visit our website, we also use cookies and analytics services. Further details of these may be found in sections 3 and 4 of this Data Protection Statement.
1.2 Forms on Our Website
At various points on our website, we request information from you via forms. This is necessary to facilitate contact with you, to provide you with access to exclusive content, or to plan events. To do so, we require your explicit consent on every occasion, in accordance with the first sentence of Article 6(1)(a) GDPR.
User details may be stored in our customer relationship management system and marketing automation platform (“CRM & Marketing System”) or comparable inquiry system.
We use the CRM, registration, and marketing automation system “HubSpot”, supplied by HubSpot Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA) with subsidiaries in Ireland (One Dockland Central, Dublin 1, Republic of Ireland) and Germany (Unter den Linden 26, 10117 Berlin, Germany), on the basis of our legitimate interests (fast and efficient processing of user inquiries, applications, and optimization of our online provision). For this purpose, we have agreed a contract with standard contractual clauses, in which HubSpot undertakes only to process user data in accordance with our instructions and in compliance with EU data protection standards. Furthermore, HubSpot is certified under the Privacy Shield agreement, thereby offering an additional guarantee of compliance with European data protection law (https://www.privacyshield.gov/list). Further information on HubSpot’s data protection guidelines are available here: https://legal.hubspot.com/privacy-policy
Our registration service enables users of our website to find out more about our company, download content, and provide their contact information and additional demographic details. This information is stored on the servers of our software partner HubSpot. All the information recorded by us is subject to this data protection regulation.
Personal data collected is deleted at the end of the legally mandated retention period. Where applicable, we may forward personal data within Quanos Solutions Group for the processing of your inquiry by the appropriate colleague. You may withdraw your consent to the processing of your data at any time. To do so, simply click on the “Unsubscribe” button in our emails. Alternatively, you can send a request to unsubscribe to info@quanos-solutions.com at any time.
2. Onward Transmission of Data
Your personal data will not be transferred onwards to third parties outside of Quanos Solutions for purposes other than those specified below. We will only transmit your personal data to third parties if:
- you have given your explicit consent in accordance with the first sentence of Article 6(1)(a) GDPR
- transmission is required for the performance of a contract with you, in accordance with the first sentence of Article 6(1)(b) GDPR.
- transmission is necessary in order to comply with a legal obligation, in accordance with the first sentence of Article 6(1)(c) GDPR, and/or
- transmission is required to protect our legitimate interests, in particular also to establishment, exercise, or defense of legal claims, in accordance with the first sentence of Article 9(2)(f) GDPR, and no grounds exist to suppose that you have an overriding and legitimate interest in the non-transmission of your data.
3. Cookies
We use cookies at several points on our web pages. Cookies are small text files that are placed on your computer and are stored by your browser. Cookies serve to make our service more user-friendly and secure.
We use session cookies. These are automatically deleted when the browser session is ended.
We also use cookies that are placed permanently on your browser. You will only see the notification that cookies are being used on our website again after you have deleted these cookies. Cookies do not damage your server, and do not contain any viruses, trojans, or other malware.
The data processed by cookies is required for the purposes stated, on the basis of our legitimate interests or those of third parties, in accordance with the first sentence of Article 6(1)(f) GDPR.
By visiting and using the Quanos Solutions website, you are consenting to the usage and storage of cookies.
Opt-Out Options and Consequences:
You can deactivate or restrict the transmission of cookies by modifying your browser settings. You can delete cookies which have already been stored at any time.
If you deactivate cookies for our website, you may not be able to make full use of the functionality of our website.
4. Cookiebot
When you visit our websites, we inform you about the types of cookies we use and give you the option of agreeing or not agreeing to individual types of cookies. We only load non-essential cookies once you have consented to their use.
Our websites use Cookiebot’s cookie consent technology to obtain your consent in accordance with the first sentence of Article 6(1)(a) GDPR for the storage of certain cookies in your browser and to document this in accordance with data protection requirements. The provider of this technology is Cookiebot – Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark.
When you visit our websites, a Cookiebot cookie is saved in your browser which stores the consent you have given or the withdrawal of this consent. This data is not passed on to the provider of Cookiebot.
The collected data will be stored until you ask us to erase it or erase the Cookiebot cookie yourself or until the purpose of storing the data no longer applies. This does not affect mandatory legal retention periods. Details of data processing by Cookiebot can be found at https://www.cookiebot.com/de/privacy-policy/
Cookiebot cookie consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is the first sentence of Article 6(1)(c) GDPR.
5. Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses cookies, text files that are stored on your computer and facilitate analysis of your website usage. The information about your use of this website generated by the cookie is usually transmitted to a Google server in the United States and stored there. This website uses Google Analytics with the extension “_anonymizeIp()”. This means that the IP address is truncated beforehand within member states of the European Union or other states which are signatories to the European Economic Area Agreement. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and then abbreviated there. Google uses this information on our behalf to evaluate your use of the website, to compile reports on website activity, and to perform further services for the website operator relating to the webpages and to internet usage. The IP address transmitted by your browser during the deployment of Google Analytics will not be combined with other Google data. You can prevent cookies from being stored by using appropriate browser settings; please note, however, that if you do this, you may not be able to benefit from the full functionality of this website. You can, moreover, withdraw your consent for Google to record the data (inc. your IP address) relating to your use of the website generated by the cookie, or to process this in future, at any time by downloading and installing the browser plugin available under the following address: tools.google.com/dlpage/gaoptout.
Further information relating to the terms of usage and data protection is available under: www.google.com/analytics/terms/us.htmland https://policies.google.com/?hl=en&gl=en.
6. Google Ads
We use Google Ads on our websites. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads allows us to display advertisements in the Google search engine or on third-party websites if the user enters specific search terms in Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data (e.g. location data and interests) available at Google (target group targeting). We can evaluate this data quantitatively, for example by analyzing which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.
The use of this service is based on your consent in accordance with Article 6(1)(a) GDPR. Consent can be withdrawn at any time.
Data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
7. Google Tag Manager
We use Google Tag Manager on our websites. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create any user profiles, does not store any cookies, and does not perform any independent analyses. Its sole purpose is to manage and run the tools integrated on our website by it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.
Use of Google Tag Manager is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and easy integration and management of a range of tools on its website. Insofar as your corresponding consent is requested, the processing takes place exclusively on the basis of Article 6(1)(a) GDPR; you can withdraw your consent at any time.
8. Microsoft Advertising (formerly: Bing Ads)
We use the Microsoft Advertising service provided by Microsoft Ireland Operations Limited (Ireland) on our websites. Microsoft Advertising is an online marketing service that uses the Universal Event Tracking (UET) tool to help us display targeted advertisements via the Microsoft Bing search engine. Microsoft Advertising uses cookies for this purpose. Personal data is processed in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers, and information about device and browser settings.
The purpose of using Microsoft Advertising is to optimize the display of advertisements. Further information about these processing activities, the technologies used, stored data, and the storage period can be found in the settings of our consent management tool. Processing only takes place with your consent in accordance with Article 6(1)(a) GDPR. You can withdraw your consent via our consent management tool.
In the case of Microsoft services, the transfer of data to Microsoft Corp. in the USA cannot be entirely ruled out. Further information about data privacy at Microsoft can be found in Microsoft’s data privacy statement at https://privacy.microsoft.com/de-de/privacystatement.
9. LinkedIn Ads
We use LinkedIn Ads on our websites. LinkedIn Ads is a service provided by LinkedIn Corporation that displays targeted advertising to users. LinkedIn Ads uses cookies and other browser technologies to evaluate user behavior and recognize users. LinkedIn Ads collects information about visitor behavior on various websites. This information is used to optimize the relevance of advertising. LinkedIn Ads also delivers targeted advertising based on behavioral profiles and geographic location. Your IP address and other identification features such as your user agent are transmitted to the provider. In this case, your data will be passed on to the operator of LinkedIn Ads, LinkedIn Corporation, Sunnyvale, California, USA. Web tracking technologies are used to create pseudonymized user profiles. These profiles cannot be merged with you as a natural person, but are used, for example, for segmentation when displaying advertisements.
We process data with the help of LinkedIn Ads for the purpose of optimizing our advertising campaigns and for marketing purposes based on your consent pursuant to Article 6(1)(a) GDPR.
The specific storage period of the processed data cannot be influenced by us, but is determined by LinkedIn Corporation. Further information can be found in the privacy policy for LinkedIn Ads: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
10. LinkedIn Analytics
We use LinkedIn Analytics on our websites. LinkedIn Analytics is a service of LinkedIn Corporation.
The service stores and processes information about your user behavior on our website. For this purpose, the service uses cookies, among other things, which are stored locally in the cache of your device’s web browser and which enable us to analyze your use of our website.
The legal basis for the use of this service is your consent in accordance with Article 6(1)(a) GDPR. We also use services in our legitimate interest in accordance with Article 6 (1)(f) GDPR in order to analyze use of our websites and to continuously improve individual functions and offers as well as the user experience. The data will be erased as soon as it is no longer required for the purpose for which it was collected.
You can prevent cookies from being saved on your hard disk by selecting “Do not accept cookies” in your browser settings. In this case, however, you may not be able to use all the functions of our websites to their full extent. Further information can be found in the privacy policy for LinkedIn Ads: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
11. Hubspot Forms
We have integrated HubSpot Forms on our websites. HubSpot Forms is a service of HubSpot, Inc. and provides marketing automation software for marketing services and products, including SEO and content creation, lead management, email marketing, and web analytics. HubSpot Forms is used to save data entered in forms, for example when contacting us via the contact form. The data provided can be stored in our Customer Relationship Management system (CRM system). In this case, your data will be passed on to the operator of HubSpot Forms, HubSpot, Inc., Cambridge, Massachusetts, USA.
We process your data with the help of HubSpot Forms for the purpose of processing the contact request and handling it in accordance with Article 6(1)(b) GDPR. The use of HubSpot Forms and the integrated services is in our legitimate interest pursuant to Article 6(1)(f) GDPR in the optimization of our marketing activities and the improvement of our service quality on our websites.
The specific storage period of the processed data cannot be influenced by us, but is determined by HubSpot, Inc. Further information can be found in the privacy policy for HubSpot Forms: https://legal.hubspot.com/privacy-policy.
12. Heap Inc.
We use the web analytics service provided by Heap Inc., 116 Natoma Street 3rd Floor, San Francisco, CA 94105, USA, on the basis of our legitimate interest in the statistical analysis of user behavior for optimization purposes, in accordance with Article 6(1)(f) GDPR.
Heap Inc. logs page views and activities in our web applications by using cookies. Heap Inc. conducts its analysis on an exclusively anonymous basis, using anonymized IP addresses and cookies which are not combined with other Heap Inc. data and/or personal data.
Further information relating to data protection at Heap Inc. is available under: https://www.heap.io/privacy. Heap Inc. offers every user the option to prevent the use of the tool by using a “Do Not Track” header, meaning that no data is recorded about the visit to the respective website. This is a setting that is supported by the current versions of all usual browsers. Your browser sends Heap Inc. a request to deactivate tracking of the relevant user. If you use different browsers/computers to access our web applications, you will need to set up a “Do Not Track” header for each of these separately.
13. Leadinfo
We use the lead generation service provided by Leadinfo B.V., Rotterdam, The Netherlands. This uses IP addresses to recognize companies visiting our website, and provides us with publicly available information about these, for example company names or addresses. Leadinfo also places two first-party cookies to evaluate user behavior on our website, and processes domains from form inputs (e.g. “Leadinfo.com”) in order to correlate IP addresses with companies and to improve the services. Further information is available under www.leadinfo.com. To opt out, please see: www.leadinfo.com/en/opt-out. If you choose to opt out, your data will no longer be recorded by Leadinfo.
14. Quanos InfoTwin
When using our modular cloud solution InfoTwin, we store your logging data each time you access the application, i.e. IP address, date and time and the URL accessed. After 10 days, this data is automatically deleted. The legal basis for the storage is Art. 6 para. 1 lit. f GDPR because the storage is necessary for reasons of system security and stability as well as for traceability.
In addition, we store the user ID, authorisation, month and year for each registration. After 4 years, this data is automatically deleted. The legal basis for the storage is Art. 6 para. 1 lit. b GDPR, because the stored data is the basis for commercial billing.
In addition, please refer to the information in Chapter 5. Heap Analytics.
15. Audio and Video Conferencing
Data Processing
To communicate with our customers, we use tools including online conferencing. The tools we use are listed below. If you communicate with us via online video or audio conferencing, your personal data will be recorded and processed by us and by the provider of the respective conferencing tool.
The conferencing tools record all the data that you provide/input to use the tools (email address and/or telephone number). Conferencing tools also process the duration of the conference, the start and end times of conference participation, the number of participants, and other “contextual information” in conjunction with the communication process (metadata).
Furthermore, the tool providers process all the technical data which is required for the online communication to proceed. This data includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker, and type of connection.
Insofar as content is exchanged, uploaded, or provided in any other manner within the device, this will also be stored on the tool provider’s servers. This content includes in particular cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared during your use of the service.
Please note that we do not have comprehensive influence over data processing by these tools. Our options are largely determined by the company policies of the respective providers. Further information on data processing by the conferencing tools is available within the data protection declaration for each respective tool, which we have included below.
Purpose and Legal Basis
The conferencing tools are used to communicate with prospective or existing contractual partners or to offer particular services to our customers (first sentence of Article 6(1)(b) GDPR). Furthermore, the tools are used to simplify and accelerate communication with us and/or our company (legitimate interest in the sense of Article 6(1)(f) GDPR). Insofar as consent is requested, the relevant tools are used on the basis of this consent (first sentence of Article 6(1)(a) GDPR); this consent may be revoked at any time with future effect.
Retention Duration
The data recorded directly by us via the video and conferencing tools will be deleted from our systems as soon as you request this, revoke your consent to storage, or the purpose for which the data is being stored no longer applies. Saved cookies will remain on your end device until you delete them. This does not affect mandatory legal retention periods.
We have no influence over the period for which data is stored by the conferencing tool operators for their own purposes. For specific details of these periods, please contact the conferencing tool operators directly.
15.1 Conferencing Tools Used
We use the following conferencing tools:
15.1.1 Microsoft Teams
We use Microsoft Teams. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
When you use Microsoft Teams, various different types of data are processed. The scope of the data also depends on the information you enter before or during participation in an online meeting.
The following personal data are the object of processing:
Details of the user: e.g. display name, where applicable email address, profile picture (optional), preferred language.
Meeting metadata: e.g. date, time, meeting ID, telephone numbers, location.
Text, audio, and video data: You have the option (where applicable) to use the chat function in an online meeting. Any text that you enter will be processed in order to be displayed in the online meeting. To enable the video to be displayed and audio to be heard, the data from the microphone and video camera (if applicable) in your end device is accordingly processed for the duration of the meeting. You can turn off the camera or mute the microphone yourself at any time via the Microsoft Teams applications.
For details of data processing, see the Microsoft Teams data protection declaration under: https://privacy.microsoft.com/en-GB/en-en/privacystatement.
15.1.2 GoTo Webinar
We also use GoTo Webinar to conduct teleconferences, online meetings, video conferences and/or webinars. The provider is LogMeIn Inc., 10 Hanover Quay, Dublin 2, D02R573, Republic of Ireland.
When you use GoTo Webinar, various different types of data are processed. The scope of the data also depends on the information you enter before or during participation in an online meeting.
The following personal data are the object of processing:
Details of the user: e.g. display name, where applicable email address, profile picture (optional), preferred language.
Meeting metadata: e.g. date, time, meeting ID, telephone numbers, location.
Text, audio, and video data: You have the option (where applicable) to use the chat function in an online meeting. Any text that you enter will be processed in order to be displayed in the online meeting. To enable the video to be displayed and audio to be heard, the data from the microphone and video camera (if applicable) in your end device is accordingly processed for the duration of the meeting. You can turn off the camera or mute the microphone yourself at any time via the Microsoft Teams applications.
For details of data processing, see the GoTo data protection declaration under:
https://www.goto.com/en/company/legal/privacy/international
16. YouTube with Enhanced Data Protection
This website incorporates videos from YouTube. The operator of the site is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Republic of Ireland.
We use YouTube in an enhanced data protection mode. According to YouTube, this mode means that no data about visitors to this website is stored before they view the video. However, the enhanced data protection mode does not absolutely exclude the transmission of data to YouTube partners. Irrespective of whether or not you view a video, YouTube establishes a connection to the Google DoubleClick network.
As soon as you start a YouTube video on this website, a connection is established to YouTube’s servers. In the process, the YouTube server is informed as to which of our pages you have visited. If you are logged into your YouTube account or to another Google service, you enable YouTube to connect your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account or other Google service.
YouTube may also place various cookies or comparable recognition technologies (e.g. device fingerprinting) on your end device once the video has been started. This enables YouTube to collect non-identifying information about visitors to this website. This information is used, amongst other purposes, to compile video statistics, to improve user-friendliness, and to prevent attempted fraud.
Where applicable, additional data processing actions, over which we have no influence, may be triggered after a YouTube video is started.
We use YouTube in the interests of presenting our online services in an attractive manner. This constitutes a legitimate interest in the sense of Article 6(1)(f) GDPR. Insofar as your corresponding consent is requested, the processing takes place exclusively on the basis of Article 6(1)(a) GDPR; you can withdraw your consent at any time.
For further information about data protection at YouTube, please see the YouTube data protection declaration under: https://policies.google.com/privacy?hl=en.
17. OpenStreetMap
We sometimes display maps provided by the service “OpenStreetMap” (OSM, https://www.openstreetmap.org) on this website. The mapping content is provided by the OSM Foundation on the basis of the Open Database License (ODbL). To enable the map to be displayed, user data (IP address) is transmitted to OSM. A session cookie is also stored on the user’s computer. This happens solely in order to display the maps and to temporarily store the selected map settings.
Further details of data storage by OSM are provided on the OSM data protection page under: https://wiki.openstreetmap.org/wiki/Privacy_Policy
18. Hippo Video
We use the tool provided by Hippo Video to display videos. Hippo Video is a tool of Lyceum Technologies, Inc., 2035 Sunset Lake Road, Suite B-2, Newark, Delaware, 19702, USA.
After starting a video, a connection is established to the Hippo Video servers. In the process, Hippo Video may store cookies on your end device. Hippo Video also stores IP addresses, location, device data, and browser details. Browsers usually include a “Do Not Track” function. If you do not wish to be tracked, you will need to activate this option in each of the browsers that you use.
We use Hippo Video in the interests of presenting our online services in an attractive manner, and thereby in our legitimate interest, in accordance with Article 6(1)(f) GDPR. If your corresponding consent is requested, the processing takes place exclusively on the basis of Article 6(1)(a) GDPR; you can withdraw your consent at any time.
For further information about how Hippo Video uses your data, please see the Lyceum Technologies, Inc. data protection guidelines under: www.hippovideo.io/privacy_policy.html
19. Google reCAPTCHA
We use Google reCAPTCHA (“reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Republic of Ireland.
reCAPTCHA is used to verify whether data has been entered into this website (e.g. into a contact form) by a human or by an automated program. To do this, reCAPTCHA analyzes website user behavior in a variety of ways. This analysis starts automatically as soon as the visitor opens the website. reCAPTCHA evaluates a range of information (e.g. IP address, duration of stay on the website, or mouse movements undertaken by the user). The data recorded during the analysis are transmitted onwards to Google.
The reCAPTCHA analysis runs entirely in the background. No indication is given to visitors that an analysis is taking place.
The data is stored and analyzed on the basis of Article 6(1)(f) GDPR. The website operator has a legitimate interest in protecting their web services from improper automated surveillance and from spam. Insofar as your corresponding consent is requested, the processing takes place exclusively on the basis of Article 6(1)(a) GDPR; you can withdraw your consent at any time.
For further information about Google reCAPTCHA, please see the Google data protection regulations and the Google terms of use, available under the following links: https://policies.google.com/privacy?hl=en and https://policies.google.com/terms?hl=en.
20. Our Own Services: How We Use Applicant Data
We offer you the option to apply for jobs with us using our software HRworks via an online application form (or alternatively via email/mail). In this section, we will inform you about the scope, purpose, and use of the personal data that we collect during the application process. We would like to assure you that your data is collected, processed, and used in compliance with current data protection legislation and all additional legal regulations, and that your data will be treated in strict confidence.
Scope and Purpose of Data Collection
If you send an application to us, we will process the personal data connected with this (e.g. contact and communication data, application documentation, interview notes, etc.), insofar as this is required for a decision regarding the agreement of a contract of employment. The legal basis for this is Article 26 of the new German Federal Data Protection Act (preparation for a contract of employment), Article 6(1)(b) GDPR (general preparation for a contract), and – insofar as you have given consent – Article 6(1)(a) GDPR. You can withdraw your consent at any time. Within our company, your personal data will be forwarded exclusively to staff involved in processing your application.
If your application is successful, the data you have supplied will be stored in our data processing system for the purpose of performing the contract of employment, on the basis of Article 26 of the new German Federal Data Protection Act and Article 6(1)(b) GDPR.
Data Retention Period
If we are unable to offer you a position, you decline the offer of a position, or you withdraw your application, we reserve the right to retain the data you have supplied to us for up to six months after the conclusion of the application process (rejection or withdrawal of the application), on the basis of our legitimate interests (Article 6(1)(f) GDPR). The data will then be deleted and physical application documents will be destroyed. We retain this data in particular for purposes of proof in the event of a legal dispute. Insofar as we anticipate that the data will be required after the expiry of the six month period (e.g. due to threatened or pending litigation), the data will only be deleted once the reason for the continued retention no longer applies.
We may also retain data for longer periods if you have given your corresponding consent (Article 6(1)(a) GDPR), or if legal retention obligations preclude deletion.
Data Collection during Video Interviews
When conducting digital interviews, we use the communication tool Microsoft Teams. Details of data collection by this tool are supplied in Section 7 of this document, “Audio and Video Conferencing”, in the subsection “Microsoft Teams”.
Inclusion in the Applicant Pool
Even if we are unable to offer you a position, we may however be able to include you in our Applicant Pool. If you are accepted, all the documents and information from your application will be transferred to the applicant pool so we can contact you if suitable vacancies arise.
Inclusion in the Applicant Pool takes place exclusively on the basis of your explicit consent (Article 6(1)(a) GDPR). Consent is voluntary and has no influence on any pending applications. Applicants selected for the Pool may withdraw their consent at any time. In this case, your data will be permanently deleted from the Applicant Pool, unless there are any legal grounds for retention.
Data from the Applicant Pool is permanently deleted a maximum of two years after consent has been given for its storage.
Data Processing Location
Your data is processed in the Federal Republic of Germany and in a member state of the European Union (EU). HRworks and its subcontractor AWS have agreed a contract (“data processing addendum”) that ensures that data will be processed in a permissible manner.
Your Right to Information and Revocation
By submitting your application, you consent to the storage of your personal data. You may withdraw your consent and prohibit the storage of your data at any time.
In accordance with current legal requirements, we will be happy to inform you upon request about which of your personal data we are processing (“right to information”). You also have the right to rectification of incorrect data, and to the cessation, deletion, and restriction of processing of your personal data, insofar as this is not precluded by any legal retention obligation. You will find our contact details here.
General Data Protection Notice
We reserve the right to modify this data protection notice in accordance with changes to current legal regulations. If you revisit our website, or reapply to our company, the new data protection notice will then apply.
21. Rights of the Data Subject
You have the right:
- in accordance with Article 15 GDPR, to information about the personal data concerning you that we are processing. In particular, you may request information about the purposes of processing, the categories of personal data, the categories of recipients of your personal data, the planned retention duration, the existence of a right to information, deletion, restriction or prohibition, the existence of a right to complain, the source of your data if this has not been collected by us, and about the existence of automated decision-making, including profiling, and where applicable request meaningful details of these.
- in accordance with Article 16 GDPR, to request the immediate rectification of incorrect or incomplete personal data concerning you stored by us
- in accordance with Article 17 GDPR, to request the deletion of the personal data concerning you stored by us, insofar as the processing is not required for the exercise of the right to free expression of opinion and information, to the fulfillment of a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims
- in accordance with Article 18 GDPR, to request the restriction of the processing of your personal data, insofar as you dispute the accuracy of the data, the processing is unlawful, but you decline its deletion and we no longer require the data, you however require this for the establishment, exercise, or defense of legal claims, or you have objected to the processing in accordance with Article 21 GDPR
- in accordance with Article 20 GDPR, to request receipt of the personal data that you have supplied to us in a structured, commonly used, and machine-readable format or its transmission to another controller
- in accordance with Article 7(3) GDPR, to withdraw your consent from us at any time. The consequence of this will be that we may no longer continue to process data on the basis of this consent.
- in accordance with Article 77 DGPR, to lodge a complaint with a supervisory authority You may contact the relevant supervisory authorities for your usual place of residence or for your company’s registered office for this purpose.
22. Right to Object
Insofar as your personal data is processed on the basis of legitimate interests in accordance with the first sentence of Article 6(1)(f) GDPR, you have the right in accordance with Article 21 GDPR to object to the processing, insofar as there are reasons for this arising from your particular situation, or the objection applies to direct advertising. In the latter case, you have a general right to object, which we will implement without reference to a particular situation.
If you wish to exercise your right to revoke your consent or to object, you simply need to send an email to: info@quanos-solutions.com.
23. Data Security
During your visit to our website, we use the common security process SSL (Secure Socket Layer), in conjunction with the highest level of encryption supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, then we revert to 128-bit V3 technology. You will see whether each individual page within our website is being transmitted with encryption by means of the closed lock or key icon in your browser’s address bar.
We also employ appropriate technical and organizational security measures to protect your data from random or intentional manipulation, full or partial loss, destruction, and to prevent unauthorized third parties from gaining access to it. Our security measures are subject to continuous improvement in accordance with technological development.
24. Currency and Validity of This Data Protection Declaration
This Data Protection Declaration is dated July 2024 and is currently valid.
As we develop our website and the services we provide by this means, or due to changes to legal or official regulations, it may become necessary to modify this Data Protection Declaration. You will find the currently valid Data Protection Declaration available to view and print from our website.