Privacy Notes

Data protection information according to Art. 13, 14 DSGVO

We attach great importance to transparency in the processing of your personal data. The following data protection information is intended to inform you about how we specifically handle your personal information. To improve readability, we use the language form of the generic masculine in this text. Please note, however, that the exclusive use of the masculine form is to be understood as gender-independent.

We inform you about the processing of your personal data when using our website in our privacy policy.

General information

The following information applies to all subsequent descriptions of data processing operations.

Name and contact details of the responsible person

Responsible for the processing of your personal data in the context of the present contact is

 

4ACES GmbH / 4ACES Tech GmbH (hereinafter referred to as 4ACES)

Major-Hirst-Straße 11

38442 Wolfsburg

Phone: +49 (0) 151 / 11312462

E-Mail: kontakt@4aces.de / kontakt@4aces-tech.de

Website: www.4aces.de / www.4aces-tech.de  

Contact details of the data protection officer

The designated data protection officer is

DataCo GmbH
Nymphenburger Str. 86
80636 München

Phone: +49 (0) 89 7400 458 40

E-Mail: datenschutz@dataguard.de

Website: www.dataguard.de

Your data subject rights

Under the General Data Protection Regulation, you have the following rights:

  • If your personal data is processed, you have the right to obtain information from the controller about the data stored about you (Art. 15 DSGVO).
  • If inaccurate personal data is processed, you have the right to rectification (Art. 16 of the DSGVO).
  • If the legal requirements are met, you may request the erasure or restriction of processing (Art. 17 and 18 DSGVO).
  • If you have consented to the data processing or a contract for data processing exists and the data processing is carried out with the help of automated procedures, you may have a right to data portability (Art. 20 DSGVO).
  • If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. 
  • You have the right to object at any time, on grounds relating to your situation, to the processing of personal data concerning you which is carried out based on Art. 6 (1) (e) of the DSGVO (data processing in the public interest) and Art. 6 (1) (f) of the DSGVO (data processing based on a balance of interests), Art. 21 (1) of the DSGVO.

This also applies to profiling based on this provision within the meaning of Art. 4 (4) DSGVO. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate interests for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise, or defense of legal claims.

The objection can be made without any formalities.

Furthermore, you have the right to lodge a complaint with a supervisory authority (Art. 77 DSGVO). The supervisory authority responsible for us is the State Commissioner for Data Protection of Lower Saxony (Die Landesbeauftragte für den Datenschutz Niedersachsen)

 

You can contact them at:

Die Landesbeauftragte für den Datenschutz Niedersachsen

Prinzenstraße 5

30159 Hannover

Phone: +49 (0) 511 120 4500

https://lfd.niedersachsen.de

Data protection information for applicants

Processing of your personal data  

4ACES collects the following personal data from you as part of the application process:

  • Salutation, first and last name, title, and academic degrees, if applicable.
  • E-mail address
  • Telephone / mobile phone number
  • Availability
  • Salary expectation
  • All personal data contained in the application (CV, cover letter, certificates, etc.)

 

4ACES collects data from interested persons in the following ways:

  • Direct application via the 4ACES homepage
  • Postal application
  • Stepstone application
  • Indeed application
  • Recruitment agency

Purposes of processing and its legal basis

  • Conducting the application procedure and deciding on the establishment of the employment relationship
  • Communication (telephone, e-mail)
  • Implementation of pre-contractual measures (initiation of the employment relationship)
  • Inclusion of applicant data in an applicant pool
  • Assertion, exercise, or defense of legal claims arising from the application process

Processing of special categories of personal data that have been made public - Art. 9 (2) lit e DSGVO

Insofar as special categories of personal data are processed which you have obviously made public, your data will be processed pursuant to Art. 9 (2) lit e DSGVO.

 

Processing for the purpose of asserting, exercising, or defending legal claims or in the case of acts of the courts - Art. 6 para. 1 sentence 1 lit f DSGVO, Art. 9 para. 1 lit f DSGVO

To the extent necessary, your data will be processed for the purpose of asserting, exercising, or defending legal claims or in the case of acts of the courts pursuant to Art. 6 para. 1 sentence 1 lit f DSGVO, Art. 9 para. 1 lit f DSGVO.

 

Processing based on consent - Art. 6 para. 1 sentence 1 lit. a DSGVO in conjunction with Art. 7 DSGVO. Art. 7 DSGVO, Art. 88 para. 1 DSGVO in conjunction with. Art. 26 para. 2 BDSG

If you have given your consent to data processing, your data will be processed in accordance with Art. 6 para. 1 sentence 1 lit. a DSGVO in conjunction with Art. 7 DSGVO. Art. 7 DSGVO, Art. 88 para. 1 DSGVO in conjunction with. Art. 26 para. 2 BDSG.

 

Decision on the establishment of the employment relationship Art. 6 para. 1 p. 1 lit. b DSGVO, Art. 88 para. 1 DSGVO in conjunction with. § Section 26 (1) BDSG

We process your data to decide on the establishment of the employment relationship. In the event of employment in our company, your data will be processed for the purpose of implementing and terminating the employment relationship. Separate information on the processing of your personal data is provided for this purpose.

 

Processing based on legitimate interest - Art. 6 para. 1 p. 1 lit. f DSGVO

Insofar as the processing is carried out to protect a legitimate interest of us or a third party and their interests or fundamental rights and freedoms do not outweigh the first-mentioned interest, Art. 6 (1) sentence 1 lit. f DSGVO serves as the legal basis for us to process the data. Our legitimate interest results from the following reasons:

♦ The proper implementation and optimization of the application process.

♦ Assertion, exercise, or defense of legal claims.

 

Processing of special categories of personal data - Art. 9 para. 2 lit. a DSGVO

If you have given your consent to the processing of special categories of personal data, such as health data, religious affiliation or nationality, your data will be processed in accordance with Art. 9 (2) lit. a DSGVO.

Recipients or categories of recipients of the personal data

While processing your personal data, we may pass on your personal data to the following recipients

  • Internally, only authorized employees are given access to an applicant's data via an authorization concept.
  • Order processors
  • Associated companies

Otherwise, data will only be transferred to recipients outside the company if this is permitted or required by law if the transfer is necessary for the fulfilment of legal obligations or if we have your consent.

In the case of processors and service providers outside the EU/EEA, your above-mentioned personal data will only be processed insofar as this is the subject of our standard data protection clauses pursuant to Art. 46 (2) c DSGVO with these recipients.

Transfer of personal data to a third country

In principle, the personal data collected and generated during the provision of relevant products and services will be stored on our servers in the European Union. As the providers of our software solutions, among others, offer their products and/or services on a global basis based on available resources and servers, your personal data may be transferred to or accessed from other jurisdictions outside the European Union and the European Economic Area. Personal data will be transferred to the third country USA within the meaning of Article 15(2) of the DSGVO.

To ensure the continuation of the necessary level of protection when transferring data to a third country, contractual measures are agreed for this purpose. The software provider has its registered office in the United States of America, which has not been recognized as providing an adequate level of data protection. To ensure appropriate guarantees for the protection of the transfer and processing of personal data outside the EU, the transfer of data to and processing of data by our service providers is carried out based on appropriate guarantees pursuant to Art. 46 ff DSGVO, by concluding so-called standard data protection clauses pursuant to Art. 46 (2) lit. c DSGVO.

The following service providers within the EU may pose risks to your rights and freedoms:

  • Microsoft Operations Ltd. – Dublin, Ireland, and Microsoft Corporation - Redmond, Washington (USA) when using Microsoft 365

4ACES uses the Office 365 service, including Microsoft Teams, to conduct job interviews via video telephony and Outlook to communicate appointments via email and to edit and file files.

Duration of the storage of personal data

We will delete your personal data as soon as the purposes for its storage no longer apply or you object to the use of your personal data (in the case of processing based on legitimate interests) or you revoke your previously granted consent. However, your personal data may also be stored beyond this, in the following cases:

  • If a deletion is contrary to contractual, legal (from HGB, StGB and AO) or statutory retention periods.
  • For the assertion, exercise, or defense of legal claims
  • If this is required under European or national law to fulfil a legal obligation to which we are subject.

The following storage periods in particular result for us from statutory provisions:

  • After decision on non-occupation: six-month retention period for application documents (section 15 (4) General Equal Treatment Act (AGG), section 224 Code of Civil Procedure (ZPO)).

If the applicant has consented, the applicant’s documents will be included in the applicant pool and kept there for a maximum of one year from the date of consent. They are deleted when the purpose ceases to apply or the consent is revoked by the applicant.

In the event of employment in our company, your personal data will be deleted when the purpose ceases to apply, at the latest after the end of the employment relationship, insofar as no statutory retention periods prevent deletion.

Data protection information for customers and interested parties

Processing of your personal data

4ACES collects the following personal data within the framework of the existing customer relationship and the initiation of the contract:

  • Salutation, first and last name, if applicable title and academic degrees
  • Company name
  • Position in the company
  • Business address
  • Bank account details
  • Tax ID
  • Customer number
  • E-mail address
  • Mobile phone number
  • Landline number
  • Fax number
  • All personal data provided to us during customer communication

 

4ACES collects data from interested persons in the following ways:

  • Inquiries via contact form on the 4ACES website
  • Requests by message to 4ACES employees, e.g., by e-mail or via other communication channels.
  • Requests at trade fairs or other events at which data is passed on to 4ACES employees with the aim of establishing contacts.
  • Own research on potential interested parties on business directories, contact details on websites or professional networks.

Purposes of processing and its legal basis

  • To process your inquiry as an interested party. For this purpose, we use your contact information to respond to your inquiry
  • To prepare and carry out pre-contractual measures - this includes, for example, the preparation and sending of an individual offer or an individual agreement and transmission of contractual conditions with the aim of concluding a contract.
  • For communication(E-Mail, Phone)
  • Establishment, performance, and termination of the contractual relationship
  • Customer administration and customer support - esp. the processing of customer inquiries
  • To provide You, our customer, with optimum support. This includes the communication with you by e-mail or mobile phone
  • To ensure smooth billing for the services provided. For this purpose, your personal data are processed to be able to issue invoices
  • To comply with our legal obligations. This includes, for example, the transmission of your personal data to the tax office
  • To provide information on services
  • To fulfill post-contractual measures
  • For the assertion, exercise, or defense of legal claims

The legal basis for the processing of data within the scope of the purposes is Art. 6 para. 1 p.1 lit. a - f DSGVO.

 

Processing of your personal data based on consent
Insofar as we obtain your consent for the processing of your personal data, the processing of your personal data is based on Art. 6 para. 1 p. 1 lit. a DSGVO in conjunction with Art. 5, 7 DSGVO. Art. 5, 7 DSGVO.

Processing for the purpose of executing the contract with you
Insofar as we process your personal data for the purpose of fulfilling a contract, Art. 6 (1) p. 1 lit. b DSGVO serves as our legal basis. This also applies to processing operations that are necessary for the implementation of pre- and post-contractual measures.

Processing for compliance with a legal obligation
Insofar as the processing of your personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 para. 1 p. 1 lit. c DSGVO serves as the legal basis for us. Our legal obligation to process data results, for example, from retention obligations under tax law and/or commercial law.

Processing based on legitimate interest
The legal basis for direct marketing purposes may be Art. 6 (1) sentence 1 lit. f DSGVO if we have legitimate interests, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail. The legitimate interests pursued by us in this regard - in addition to the purposes listed above - include:

  • The communication with you, to be able to answer your inquiries by e-mail, telephone and/or fax.
  • The possibility to perform due diligence with our potential business partner.

The legal basis for processing activities in connection with the assertion, exercise or defense of legal claims is also our legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f DSGVO

Recipients or categories of recipients of the personal data

While processing your personal data, we may disclose the personal data concerning you to the following recipients. We only transfer your personal data to external recipients if you have consented or if this is permitted by law.

External recipients of your personal data are in particular:

  • Freelancer
  • Contract processors
  • Potential business partners in the context of a (future) due diligence review
  • Authorities e.g., tax offices, courts, trade supervisory office, data protection supervisory authorities, Federal Office of Economics and Export Control (BAFA)
  • Credit institutions 
  • Parcel service providers 
  • Postal service 
  • Lawyer, tax consultant
  • Certified public accountant
  • Associated companies

 

In addition, your personal data may be transferred to the following service providers located in a country outside the EU/EEA:

  • MOCO / hundertzehn GmbH -Switzerland (Invoicing and accounts receivable tool)

Transfer of personal data to a third country

In principle, the personal data collected and generated during the provision of relevant products and services is stored on our servers in the European Union. Since the providers of our software solutions, among others, offer their products and/or services on a global basis based on available resources and servers, your personal data may be transferred to or accessed from other jurisdictions outside the European Union and the European Economic Area. Personal data will be transferred to the third country USA within the meaning of Article 15 (2) of the DSGVO. To ensure the continuation of the necessary level of protection in the event of data transfer to a third country, contractual measures are agreed for this purpose. The software provider has its registered office in the United States of America, which has not been recognized as providing an adequate level of data protection. To ensure appropriate guarantees for the protection of the transfer and processing of personal data outside the EU, the transfer of data to and processing of data by our service providers is carried out based on appropriate guarantees pursuant to Art. 46 ff DSGVO, by concluding so-called standard data protection clauses pursuant to Art. 46 (2) lit. c DSGVO.

The following service providers within the EU may pose risks to your rights and freedoms:

Microsoft Operations Ltd. – Dublin, Ireland, and Microsoft Corporation - Redmond, Washington (USA) when using Microsoft 365

4ACES uses the Office 365 service, including Microsoft Teams, to make customer calls via video telephony and Outlook to communicate appointments via e-mail and to edit and store files.

Duration of storage of personal data

We do not store your personal data for longer than is necessary for the purpose for which it was collected. This means that data in our systems is destroyed or deleted as soon as it is no longer needed. Reasonable measures are taken by us to ensure that your personal data is only processed under the following conditions:

  • For the duration that the data is used to provide you with a service
  • As required by applicable law, contract, or considering our legal obligations
  • Only if necessary for the purpose for which the data was collected, or longer if required by contract, applicable law, applying appropriate safeguards

A requirement may exist if the data is still needed to fulfill contractual services, to check and grant or ward off warranty and, if applicable, guarantee claims. If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted, unless its - temporary - retention is still necessary, for the fulfillment of legal retention periods of up to ten years (including from the German Commercial Code, the German Fiscal Code, and the German Money Laundering Act). In the case of statutory retention obligations, deletion only comes into consideration after the expiry of the respective retention obligation.

Obligation to provide data

For a (planned) conclusion as well as the execution of the contract with you, you must provide those personal data that are necessary for the establishment and execution of the contractual relationship and the fulfillment of the associated contractual obligations or which we are legally required to collect. This obligation also arises from the law, e.g., § 14 UstG. Without this data, we will generally not be able to conclude and perform the contract with you.

Data protection information for suppliers and service providers

Processing your personal data

4ACES collects the following personal data within the framework of the existing customer relationship and the initiation of the contract:

  • Salutation, first and last name, if applicable title and academic degrees
  • Company name
  • Position in the company
  • Business address
  • Bank account details
  • Customer number
  • E-mail address
  • Mobile phone number
  • Landline number
  • Fax number
  • All personal data made available to us during communication

 

In the following ways, 4ACES collects data from interested individuals:

  • Receipt of personal data directly from the data subject through contact by suppliers / service providers
  • Obtaining personal data directly from the data subject by contacting them through 4ACES
  • Research in yellow pages or websites

Purposes of processing and its legal basis

  • Initiation, execution, and termination of a contractual relationship
  • Execution of orders
  • Assertion, exercise, or defense of legal claims 
  • Measures for business management and further development of our services

The legal basis for the processing of data within the scope of the purposes is Article 6 (1) sentence 1 lit. a - f DSGVO.

 

Processing of your personal data based on consent
Insofar as we obtain your consent for the processing of your personal data, the processing of your personal data is based on Art. 6 para. 1 p. 1 lit. a DSGVO in conjunction with Art. 5, 7 DSGVO. Art. 5, 7 DSGVO.

Processing for the purpose of executing the contract with You
Insofar as we process your personal data for the purpose of fulfilling a contract, Art. 6 (1) p. 1 lit. b DSGVO serves as our legal basis. This also applies to processing operations that are necessary for the implementation of pre- and post-contractual measures.

Processing for compliance with a legal obligation
Insofar as the processing of your personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 para. 1 p. 1 lit. c DSGVO serves as the legal basis for us. Our legal obligation to process data results, for example, from retention obligations under tax law and/or commercial law.

Processing based on the legitimate interest
The legal basis for direct marketing purposes may be Art. 6 (1) sentence 1 lit. f DSGVO if we have legitimate interests, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail. The legitimate interests pursued by us in this regard - in addition to the purposes listed under b. - include:

  • In communication with you, to be able to answer your inquiries by e-mail, telephone and/or fax.
  • To be able to conduct due diligence with our potential business partner.

The legal basis for processing activities in connection with the assertion, exercise or defense of legal claims is also our legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f DSGVO.

Recipients or categories of recipients of the personal data

While processing your personal data, we may disclose the personal data concerning you to the following recipients. We only transfer your personal data to external recipients if you have consented or if this is permitted by law.

External recipients of your personal data are in particular:

  • Freelancer
  • Processors
  • Potential business partners in the context of a (future) due diligence review
  • Authorities e.g., tax offices, courts, trade supervisory office, data protection supervisory authorities, Federal Office of Economics and Export Control (BAFA)
  • Credit institutions 
  • Parcel service providers 
  • Postal service 
  • Lawyer, tax consultant
  • Auditor
  • Associated companies

In addition, your personal data may be transferred to the following service providers located in a country outside the EU/EEA:

MOCO / hundertzehn GmbH – Switzerland (Invoicing and accounts receivable tool)

Transfer of personal data to a third country

In principle, the personal data collected and generated during the provision of relevant products and services is stored on our servers in the European Union. Since the providers of our software solutions, among others, offer their products and/or services on a global basis based on available resources and servers, your personal data may be transferred to or accessed from other jurisdictions outside the European Union and the European Economic Area. Personal data will be transferred to the third country USA within the meaning of Article 15 (2) of the DSGVO. To ensure the continuation of the necessary level of protection in the event of data transfer to a third country, contractual measures are agreed for this purpose. The software provider has its registered office in the United States of America, which has not been recognized as providing an adequate level of data protection. To ensure appropriate guarantees for the protection of the transfer and processing of personal data outside the EU, the transfer of data to and processing of data by our service providers is carried out based on appropriate guarantees pursuant to Art. 46 ff DSGVO, by concluding so-called standard data protection clauses pursuant to Art. 46 (2) lit. c DSGVO.

The following service providers within the EU may pose risks to your rights and freedoms:

Microsoft Operations Ltd. – Dublin, Ireland, and Microsoft Corporation - Redmond, Washington (USA) when using Microsoft 365

4ACES uses the Office 365 service, including Microsoft Teams, to make customer calls via video telephony and Outlook to communicate appointments via e-mail and to edit and store files.

Duration of the storage of personal data

We do not store your personal data for longer than is necessary for the purpose for which it was collected. This means that data in our systems is destroyed or deleted as soon as it is no longer needed. Reasonable measures are taken by us to ensure that your personal data is only processed under the following conditions:

  • As required by applicable law, contract or in view of our legal obligations
  • Only for as long as necessary for the purpose for which the data was collected, or longer if required by contract or applicable law, using appropriate safeguards.

A requirement may exist if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and, if applicable, guarantee claims.

If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted, unless its - temporary - retention is still necessary, for the fulfillment of legal retention periods of up to ten years (including from the German Commercial Code, the German Fiscal Code, and the German Money Laundering Act). In the case of statutory retention obligations, deletion is only considered after the expiry of the respective retention obligation.

Obligation to provide data

For a (planned) conclusion, - as well as for the implementation of the contract with you, you must provide those personal data that are necessary for the establishment and implementation of the contractual relationship and the fulfillment of the associated contractual obligations or to the collection of which we are legally. This obligation also arises from the law, e.g., § 14 UstG. Without this data, we will generally not be able to conclude and perform the contract with you.

certificates

Social media

Contact

4ACES GmbH
Major-Hirst-Straße 11
38442 Wolfsburg
+49 151 1131 2462kontakt@4aces.de