We attach great importance to transparency in the processing of your personal data. The following data protection information is intended to inform you about how we specifically handle your personal information. To improve readability, we use the language form of the generic masculine in this text. Please note, however, that the exclusive use of the masculine form is to be understood as gender-independent.
We inform you about the processing of your personal data when using our website in our privacy policy.
The following information applies to all subsequent descriptions of data processing operations.
Responsible for the processing of your personal data in the context of the present contact is
4ACES GmbH / 4ACES Tech GmbH (hereinafter referred to as 4ACES)
Major-Hirst-Straße 11
38442 Wolfsburg
Phone: +49 (0) 151 / 11312462
E-Mail: kontakt@4aces.de / kontakt@4aces-tech.de
Website: www.4aces.de / www.4aces-tech.de
The designated data protection officer is
DataCo GmbH
Nymphenburger Str. 86
80636 München
Phone: +49 (0) 89 7400 458 40
E-Mail: datenschutz@dataguard.de
Website: www.dataguard.de
Under the General Data Protection Regulation, you have the following rights:
This also applies to profiling based on this provision within the meaning of Art. 4 (4) DSGVO. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate interests for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise, or defense of legal claims.
The objection can be made without any formalities.
Furthermore, you have the right to lodge a complaint with a supervisory authority (Art. 77 DSGVO). The supervisory authority responsible for us is the State Commissioner for Data Protection of Lower Saxony (Die Landesbeauftragte für den Datenschutz Niedersachsen)
You can contact them at:
Die Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5
30159 Hannover
Phone: +49 (0) 511 120 4500
4ACES collects the following personal data from you as part of the application process:
4ACES collects data from interested persons in the following ways:
Processing of special categories of personal data that have been made public - Art. 9 (2) lit e DSGVO
Insofar as special categories of personal data are processed which you have obviously made public, your data will be processed pursuant to Art. 9 (2) lit e DSGVO.
Processing for the purpose of asserting, exercising, or defending legal claims or in the case of acts of the courts - Art. 6 para. 1 sentence 1 lit f DSGVO, Art. 9 para. 1 lit f DSGVO
To the extent necessary, your data will be processed for the purpose of asserting, exercising, or defending legal claims or in the case of acts of the courts pursuant to Art. 6 para. 1 sentence 1 lit f DSGVO, Art. 9 para. 1 lit f DSGVO.
Processing based on consent - Art. 6 para. 1 sentence 1 lit. a DSGVO in conjunction with Art. 7 DSGVO. Art. 7 DSGVO, Art. 88 para. 1 DSGVO in conjunction with. Art. 26 para. 2 BDSG
If you have given your consent to data processing, your data will be processed in accordance with Art. 6 para. 1 sentence 1 lit. a DSGVO in conjunction with Art. 7 DSGVO. Art. 7 DSGVO, Art. 88 para. 1 DSGVO in conjunction with. Art. 26 para. 2 BDSG.
Decision on the establishment of the employment relationship Art. 6 para. 1 p. 1 lit. b DSGVO, Art. 88 para. 1 DSGVO in conjunction with. § Section 26 (1) BDSG
We process your data to decide on the establishment of the employment relationship. In the event of employment in our company, your data will be processed for the purpose of implementing and terminating the employment relationship. Separate information on the processing of your personal data is provided for this purpose.
Processing based on legitimate interest - Art. 6 para. 1 p. 1 lit. f DSGVO
Insofar as the processing is carried out to protect a legitimate interest of us or a third party and their interests or fundamental rights and freedoms do not outweigh the first-mentioned interest, Art. 6 (1) sentence 1 lit. f DSGVO serves as the legal basis for us to process the data. Our legitimate interest results from the following reasons:
♦ The proper implementation and optimization of the application process.
♦ Assertion, exercise, or defense of legal claims.
Processing of special categories of personal data - Art. 9 para. 2 lit. a DSGVO
If you have given your consent to the processing of special categories of personal data, such as health data, religious affiliation or nationality, your data will be processed in accordance with Art. 9 (2) lit. a DSGVO.
While processing your personal data, we may pass on your personal data to the following recipients
Otherwise, data will only be transferred to recipients outside the company if this is permitted or required by law if the transfer is necessary for the fulfilment of legal obligations or if we have your consent.
In the case of processors and service providers outside the EU/EEA, your above-mentioned personal data will only be processed insofar as this is the subject of our standard data protection clauses pursuant to Art. 46 (2) c DSGVO with these recipients.
In principle, the personal data collected and generated during the provision of relevant products and services will be stored on our servers in the European Union. As the providers of our software solutions, among others, offer their products and/or services on a global basis based on available resources and servers, your personal data may be transferred to or accessed from other jurisdictions outside the European Union and the European Economic Area. Personal data will be transferred to the third country USA within the meaning of Article 15(2) of the DSGVO.
To ensure the continuation of the necessary level of protection when transferring data to a third country, contractual measures are agreed for this purpose. The software provider has its registered office in the United States of America, which has not been recognized as providing an adequate level of data protection. To ensure appropriate guarantees for the protection of the transfer and processing of personal data outside the EU, the transfer of data to and processing of data by our service providers is carried out based on appropriate guarantees pursuant to Art. 46 ff DSGVO, by concluding so-called standard data protection clauses pursuant to Art. 46 (2) lit. c DSGVO.
The following service providers within the EU may pose risks to your rights and freedoms:
4ACES uses the Office 365 service, including Microsoft Teams, to conduct job interviews via video telephony and Outlook to communicate appointments via email and to edit and file files.
We will delete your personal data as soon as the purposes for its storage no longer apply or you object to the use of your personal data (in the case of processing based on legitimate interests) or you revoke your previously granted consent. However, your personal data may also be stored beyond this, in the following cases:
The following storage periods in particular result for us from statutory provisions:
If the applicant has consented, the applicant’s documents will be included in the applicant pool and kept there for a maximum of one year from the date of consent. They are deleted when the purpose ceases to apply or the consent is revoked by the applicant.
In the event of employment in our company, your personal data will be deleted when the purpose ceases to apply, at the latest after the end of the employment relationship, insofar as no statutory retention periods prevent deletion.
4ACES collects the following personal data within the framework of the existing customer relationship and the initiation of the contract:
4ACES collects data from interested persons in the following ways:
The legal basis for the processing of data within the scope of the purposes is Art. 6 para. 1 p.1 lit. a - f DSGVO.
Processing of your personal data based on consent
Insofar as we obtain your consent for the processing of your personal data, the processing of your personal data is based on Art. 6 para. 1 p. 1 lit. a DSGVO in conjunction with Art. 5, 7 DSGVO. Art. 5, 7 DSGVO.
Processing for the purpose of executing the contract with you
Insofar as we process your personal data for the purpose of fulfilling a contract, Art. 6 (1) p. 1 lit. b DSGVO serves as our legal basis. This also applies to processing operations that are necessary for the implementation of pre- and post-contractual measures.
Processing for compliance with a legal obligation
Insofar as the processing of your personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 para. 1 p. 1 lit. c DSGVO serves as the legal basis for us. Our legal obligation to process data results, for example, from retention obligations under tax law and/or commercial law.
Processing based on legitimate interest
The legal basis for direct marketing purposes may be Art. 6 (1) sentence 1 lit. f DSGVO if we have legitimate interests, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail. The legitimate interests pursued by us in this regard - in addition to the purposes listed above - include:
The legal basis for processing activities in connection with the assertion, exercise or defense of legal claims is also our legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f DSGVO
While processing your personal data, we may disclose the personal data concerning you to the following recipients. We only transfer your personal data to external recipients if you have consented or if this is permitted by law.
External recipients of your personal data are in particular:
In addition, your personal data may be transferred to the following service providers located in a country outside the EU/EEA:
In principle, the personal data collected and generated during the provision of relevant products and services is stored on our servers in the European Union. Since the providers of our software solutions, among others, offer their products and/or services on a global basis based on available resources and servers, your personal data may be transferred to or accessed from other jurisdictions outside the European Union and the European Economic Area. Personal data will be transferred to the third country USA within the meaning of Article 15 (2) of the DSGVO. To ensure the continuation of the necessary level of protection in the event of data transfer to a third country, contractual measures are agreed for this purpose. The software provider has its registered office in the United States of America, which has not been recognized as providing an adequate level of data protection. To ensure appropriate guarantees for the protection of the transfer and processing of personal data outside the EU, the transfer of data to and processing of data by our service providers is carried out based on appropriate guarantees pursuant to Art. 46 ff DSGVO, by concluding so-called standard data protection clauses pursuant to Art. 46 (2) lit. c DSGVO.
The following service providers within the EU may pose risks to your rights and freedoms:
Microsoft Operations Ltd. – Dublin, Ireland, and Microsoft Corporation - Redmond, Washington (USA) when using Microsoft 365
4ACES uses the Office 365 service, including Microsoft Teams, to make customer calls via video telephony and Outlook to communicate appointments via e-mail and to edit and store files.
We do not store your personal data for longer than is necessary for the purpose for which it was collected. This means that data in our systems is destroyed or deleted as soon as it is no longer needed. Reasonable measures are taken by us to ensure that your personal data is only processed under the following conditions:
A requirement may exist if the data is still needed to fulfill contractual services, to check and grant or ward off warranty and, if applicable, guarantee claims. If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted, unless its - temporary - retention is still necessary, for the fulfillment of legal retention periods of up to ten years (including from the German Commercial Code, the German Fiscal Code, and the German Money Laundering Act). In the case of statutory retention obligations, deletion only comes into consideration after the expiry of the respective retention obligation.
For a (planned) conclusion as well as the execution of the contract with you, you must provide those personal data that are necessary for the establishment and execution of the contractual relationship and the fulfillment of the associated contractual obligations or which we are legally required to collect. This obligation also arises from the law, e.g., § 14 UstG. Without this data, we will generally not be able to conclude and perform the contract with you.
4ACES collects the following personal data within the framework of the existing customer relationship and the initiation of the contract:
In the following ways, 4ACES collects data from interested individuals:
The legal basis for the processing of data within the scope of the purposes is Article 6 (1) sentence 1 lit. a - f DSGVO.
Processing of your personal data based on consent
Insofar as we obtain your consent for the processing of your personal data, the processing of your personal data is based on Art. 6 para. 1 p. 1 lit. a DSGVO in conjunction with Art. 5, 7 DSGVO. Art. 5, 7 DSGVO.
Processing for the purpose of executing the contract with You
Insofar as we process your personal data for the purpose of fulfilling a contract, Art. 6 (1) p. 1 lit. b DSGVO serves as our legal basis. This also applies to processing operations that are necessary for the implementation of pre- and post-contractual measures.
Processing for compliance with a legal obligation
Insofar as the processing of your personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 para. 1 p. 1 lit. c DSGVO serves as the legal basis for us. Our legal obligation to process data results, for example, from retention obligations under tax law and/or commercial law.
Processing based on the legitimate interest
The legal basis for direct marketing purposes may be Art. 6 (1) sentence 1 lit. f DSGVO if we have legitimate interests, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail. The legitimate interests pursued by us in this regard - in addition to the purposes listed under b. - include:
The legal basis for processing activities in connection with the assertion, exercise or defense of legal claims is also our legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f DSGVO.
While processing your personal data, we may disclose the personal data concerning you to the following recipients. We only transfer your personal data to external recipients if you have consented or if this is permitted by law.
External recipients of your personal data are in particular:
In addition, your personal data may be transferred to the following service providers located in a country outside the EU/EEA:
MOCO / hundertzehn GmbH – Switzerland (Invoicing and accounts receivable tool)
In principle, the personal data collected and generated during the provision of relevant products and services is stored on our servers in the European Union. Since the providers of our software solutions, among others, offer their products and/or services on a global basis based on available resources and servers, your personal data may be transferred to or accessed from other jurisdictions outside the European Union and the European Economic Area. Personal data will be transferred to the third country USA within the meaning of Article 15 (2) of the DSGVO. To ensure the continuation of the necessary level of protection in the event of data transfer to a third country, contractual measures are agreed for this purpose. The software provider has its registered office in the United States of America, which has not been recognized as providing an adequate level of data protection. To ensure appropriate guarantees for the protection of the transfer and processing of personal data outside the EU, the transfer of data to and processing of data by our service providers is carried out based on appropriate guarantees pursuant to Art. 46 ff DSGVO, by concluding so-called standard data protection clauses pursuant to Art. 46 (2) lit. c DSGVO.
The following service providers within the EU may pose risks to your rights and freedoms:
Microsoft Operations Ltd. – Dublin, Ireland, and Microsoft Corporation - Redmond, Washington (USA) when using Microsoft 365
4ACES uses the Office 365 service, including Microsoft Teams, to make customer calls via video telephony and Outlook to communicate appointments via e-mail and to edit and store files.
We do not store your personal data for longer than is necessary for the purpose for which it was collected. This means that data in our systems is destroyed or deleted as soon as it is no longer needed. Reasonable measures are taken by us to ensure that your personal data is only processed under the following conditions:
A requirement may exist if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and, if applicable, guarantee claims.
If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted, unless its - temporary - retention is still necessary, for the fulfillment of legal retention periods of up to ten years (including from the German Commercial Code, the German Fiscal Code, and the German Money Laundering Act). In the case of statutory retention obligations, deletion is only considered after the expiry of the respective retention obligation.
For a (planned) conclusion, - as well as for the implementation of the contract with you, you must provide those personal data that are necessary for the establishment and implementation of the contractual relationship and the fulfillment of the associated contractual obligations or to the collection of which we are legally. This obligation also arises from the law, e.g., § 14 UstG. Without this data, we will generally not be able to conclude and perform the contract with you.