Data privacy policy

Data protection information

Information for applicants, customers and interested parties as well as suppliers and service providers according to Art. 13, 14 DSGVO can be found here.

Data privacy policy

As of April 2023

Table of content

  1. Name and adress of the person responsible
  2. Contact details of the data protection officer
  3. General information on data processing
  4. Rights of the person concerned
  5. Provision of the website and creation of the log files
  6. Use of cookies
  7. Application by e-mail and application form
  8. Use of corporate identity in job-oriented networks
  9. Hosting

 

1. Name and address of the person responsible

The responsible within the meaning of the General Data Protection Regulation (Datenschutz-Grundverordnung, DSGVO) and other data protection regulations is:

For  https://www.4aces.de/

Major-Hirst-Straße 11
38442 Wolfsburg
Germany

0151 | 11312462
kontakt@4aces.de

For https://www.4aces-tech.de/

Major-Hirst-Straße 11
38442 Wolfsburg
Germany

0151 | 11312462
info@4aces-tech.de

 

2. Contact details of the data protection officer

The data protection officer of the responsible is:

DataCo GmbH
Nymphenburger Str. 86
80636 München
Germany

+49 89 7400 45840
www.dataguard.de

 

3. General information on data processing

Scope of the processing of personal data
As a matter of principle, we process personal data of our users only insofar as this is necessary for the provision of a functional website as well as our contents and services. The processing of personal data of our users is regularly only carried out with the consent of the user. An exception applies in those cases in which obtaining prior consent is not possible for actual reasons and the processing of the data is required by legal regulations.

Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) sentence 1 lit. a DSGVO serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) p. 1 lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 (1) sentence 1 lit. c DSGVO serves as the legal basis.

If vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) sentence 1 lit. d DSGVO serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) sentence 1 lit. f DSGVO serves as the legal basis for the processing.

Data deletion and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the standards expires unless there is a need to continue storing the data for the conclusion or performance of a contract.

 

4. Rights of the person concerned

If your personal data is processed, you are a data subject within the meaning of the DSGVO and you have the following rights vis-à-vis the controller:


The right to information (Art. 15 DSGVO)
You have the right to request confirmation from us as to whether personal data concerning you is being processed.
If this is the case, you have the right to information about this data and to the following information:

  • Purposes of processing
  • Categories of personal data
  • Recipients or categories of recipients
  • The intended storage period or the criteria for determining this period
  • The existence of the rights of rectification, erasure or restriction or objection
  • Right to lodge a complaint with the competent supervisory authority
  • If applicable, origin of the data (if collected from a third party)
  • If applicable, existence of automated decision-making, including profiling, with meaningful information about the logic involved, the scope and the effects to be expected.
  • If applicable, transfer of personal data to a third country or international organization.


Right to rectification (Art. 16 DSGVO)
If your personal data is inaccurate or incomplete, you have the right to request that the personal data be corrected or completed without delay.


Right to restriction of processing (Art. 18 DSGVO)
If one of the following conditions is met, you have the right to request the restriction of the processing of your personal data:

  • You contest the accuracy of your personal data for a period that allows us to verify the accuracy of the personal data.
  • In the context of unlawful processing, you object to the erasure of the personal data and request instead the restriction of the use of the personal data.
  • We no longer need your personal data for the purposes of processing, but you need your personal data to assert, exercise or defend your legal rights; or
  • After you have objected to the processing, for the duration of the examination as to whether our legitimate grounds outweigh your grounds.

Right to erasure ("right to be forgotten") (Art. 17 DSGVO)
If one of the following reasons applies, you have the right to demand the immediate deletion of your personal data:

  • Your data is no longer necessary for the processing purposes for which it was originally collected.
  • You withdraw your consent and there is no other legal basis for the processing.
  • You object to the processing and there are no overriding legitimate grounds for the processing, or you object pursuant to Art. 21 (2) DSGVO.
  • Your personal data are processed unlawfully.
  • Erasure is necessary for compliance with a legal obligation under Union law or the law of the member state to which we are subject.
  • The personal data has been collected in relation to information society services offered in accordance with Article 8(1) DSGVO.

Please note that the above reasons do not apply insofar as the processing is necessary:

  • To exercise the right to freedom of expression and information.
  • To comply with a legal obligation or to perform a task in the public interest to which we are subject.
  • For reasons of public interest in the field of public health.
  • For archival, scientific, or historical research purposes in the public interest or for statistical purposes.
  • For the assertion, exercise, or defense of legal claims.


Right to data portability (Art. 20 DSGVO)
You have the right to receive your personal data in a structured, common, and machine-readable format or to request that it be transferred to another controller.

Right to object to certain data processing (Art. 21 DSGVO)

You have the right to object at any time, on grounds relating to your situation, to the processing of personal data relating to you which is carried out based on Art. 6 (1) sentence 1 lit. e or f DSGVO. This also applies to profiling based on these provisions.

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.


Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the DSGVO. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 DSGVO. A list of the locally competent supervisory authorities in Germany can be found on the website of the Federal Commissioner for Data Protection under the following link: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

 

5. Provision of the website and creation of log files

Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

  • Information about the browser type and version used
  • The operating system of the user
  • The IP address of the user
  • Date and time of access
  • Websites from which the user's system accesses our website
  • Host name of the accessing computer

This data is stored in the log files of our system. This data is not stored together with other personal data of the user.


Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 p. 1 lit. f DSGVO.


Legal basis for data processing
The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 p. 1 lit. f DSGVO.


Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.


Possibilities of objection
The collection of data for the provision of the website and the storage of the data in log files is necessary for the operation of the website. The user can object to this. Whether the objection is successful is to be determined within the framework of a balancing of interests.

 

6. Use of cookies

Description and scope of data processing
When you visit our website, we use technical tools for various functions, in particular cookies, which can be stored on your terminal device.

We only use technically necessary cookies that are required for the technical structure of the website. Without these cookies, our website cannot be displayed (completely correctly) or the support functions are not possible.

We use the "Borlabs Cookie" opt-in tool for this purpose.

The following data is stored and transmitted by the technically necessary cookies:

  • Language settings
  • Log-in information
  • Use of website functions

We do not use cookies on our website that are not technically necessary. Text files that do not solely serve the functionality of the website but also collect other data are considered technically unnecessary cookies.


Purpose of data processing
The purpose of using technically necessary cookies is to ensure the functionality of our website. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

We require the technically necessary cookies for the following applications:

  • Adoption of language settings
  • Functionality of the website

The use of technically unnecessary cookies is for the purpose of improving the quality of our website through improved user experience and thus our reach and profitability. By setting these cookies, we unlock content from other platforms.


Legal basis for data processing
The provisions of the Telecommunications Telemedia Data Protection Act (TDDG) are relevant for the storage of information in the end user's terminal equipment and/or access to information already stored in the end user's terminal equipment. If the setting and reading of cookies is technically necessary, this is done to ensure the functionality of our website. In this case, the storage of and access to cookies on your terminal equipment is carried out based on Section 25 (2) No. 2 TDDG. This storage and access to the information in your terminal equipment serves to facilitate your use of our website and to be able to offer you our services as you have requested. Some functions of our website also do not work without the use of these cookies and could therefore not be offered. The cookies are generally deleted after the session ends (e.g., logging out or closing the browser) or after the expiry of a specified duration. Information about different storage periods for cookies can be found in the following sections of this privacy policy.

Insofar as cookies are used that are not technically necessary, this is done based on your consent, which you can give via the cookie banner. The basis for the storage and access to information in this case is § 25 para. 1 TDDG in conjunction with. Art. 6 para. 1 lit. a), Art. 7 DSGVO. You can revoke your consent at any time with effect for the future or subsequently grant it again by configuring your settings for cookies accordingly. Alternatively, you can prevent the storage of cookies by making appropriate settings in your browser software. Please note that the browser settings you make only affect the browser you are using. If personal data is processed following the storage of and access to the information on your terminal equipment, the provisions of the DSGVO are relevant. Information on this can be found in the following sections of this privacy policy.


Description and scope of data processing
A contact form is available on our website, which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored.

We use the tool "WPForms" of WPForms LLC, 2701 Okeechobee Blvd Stee 400, West Palm Beach, Florida 33409, United States of America.

At the time of sending the message, the following data is stored:

  • E-Mail Address
  • Name
  • First name
  • IP-Address of the calling computer
  • Date and time of contact

Purpose of data processing
The processing of personal data from the input mask of the contact form or via the provided e-mail address serves us solely to process the contact.

The other personal data processed during the submission process are used to prevent misuse of the contact form and to ensure the security of our information technology systems.


Legal basis for data processing
The legal basis for the processing of data transmitted while sending an e-mail is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest is to optimally answer your inquiry that you send to us via contact form. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 p. 1 lit. b DSGVO.


Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.


Possibility of objection
If the user contacts us via the input mask in the contact form, he can object to the storage of his personal data at any time.

The objection is possible by e-mail to kontakt@4aces.de or kontakt@4aces-tech.de.

All personal data stored while contacting us will be deleted in this case.

 

Risk phrase
Your personal data may also be transferred to the USA. There is no adequacy decision for the USA according to Art. 45 (3) DSGVO. We would like to point out that data transfer without an adequacy decision entails certain risks, which we would like to inform you about below:

Intelligence services in the USA take certain online identifiers (such as the IP address or unique identification numbers) as a starting point for monitoring individuals. It cannot be ruled out that these intelligence services have already collected information about you, with the help of which the data transmitted here can be traced back to you.

Electronic communications service providers headquartered in the United States are subject to surveillance by U.S. intelligence agencies pursuant to 50 U.S. Code § 1881a ("FISA 702"). Accordingly, providers of electronic communications services headquartered in the U.S. have an obligation to provide personal information to U.S. authorities pursuant to 50 U.S. Code § 1881a, without any possible recourse available to you. Even encryption of data at the electronic communications service provider's data centers may not provide adequate protection because, with respect to imported data in its possession or custody or under its control, an electronic communications service provider has a direct obligation to provide access to or surrender such data. This obligation may expressly extend to the cryptographic keys without which the data cannot be read.

The fact that this is not merely a "theoretical risk" is demonstrated by the ECJ's judgment of July 16, 2020 (Case C 311/18,,, Schrems-II").

 

7. Application by e-mail and application form

Scope of processing personal data

Our website contains an application form that can be used for electronic applications. If an applicant takes advantage of this option, the data entered in the input mask will be transmitted to us and stored. These data are:

  • Name
  • First Name
  • E-Mail Address
  • Salary requirement
  • As attachment: curriculum vitae, cover letter, references

Alternatively, you can also send us your application by e-mail. In this case, we will record your e-mail address and the data you provide in the e-mail.

After sending your application, you will receive confirmation of receipt of your application documents by e-mail from us.

Your data will not be passed on to third parties. The data will be used exclusively for processing your application.


Purpose of data processing
he processing of personal data from the application form serves us solely to process your application. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the submission process serve to prevent misuse of the application form and to ensure the security of our information technology systems.


Legal basis for data processing
The legal basis for the processing of your data is the initiation of a contract at the request of the data subject, Art. 6 para. 1 p. 1 lit. b Alt. 1 DSGVO and § 26 para. 1 p. 1 BDSG.

The legal basis for the processing of data in the context of the applicant pool is the explicit declaration of consent by the applicant, Art. 6 para. 1 p. 1 lit. a, Art. 7 DSGVO. You can revoke your consent at any time with effect for the future.


Duration of storage
After completion of the application process, the data will be stored for up to three months. At the latest after the expiration of the three months, your data will be deleted. In the event of a legal obligation, the data will be stored within the scope of the applicable provisions.

Any additional personal data collected during the submission process will be deleted after a period of seven days at the latest.

 

8. Use of company presences in job-oriented networks

Data processing scope
We use the possibility of company appearances in profession-oriented networks. We maintain a company presence on the following job-oriented networks:

LinkedIn:

LinkedIn, Unlimited Company Wilton Place, Dublin 2, Ireland

XING:

XING SE, Dammtorstraße 30, 20354 Hamburg, Germany

On our site we provide information and offer users the possibility of communication.

The company website is used for job applications, information/PR, and active sourcing.

 

We do not have any information on the processing of your personal data by the companies jointly responsible for the corporate presence. For more information, please refer to the privacy policy of:

LinkedIn:

https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

XING:

https://privacy.xing.com/de/datenschutzerklaerung

If you carry out an action on our company website (e.g., comments, posts, likes, etc.), it is possible that you make personal data (e.g., clear name or photo of your user profile) public.


Legal basis for the data processing
The legal basis for the processing of personal data for the purpose of communicating with customers and interested parties is Art. 6 para. 1 p.1 lit. f DSGVO. In this context, our legitimate interest is to optimally answer your inquiry or to be able to provide the requested information. If the aim of contacting you is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

Purpose of data processing
The purpose of our corporate website is to inform users about our services. In doing so, every user is free to publish personal data through activities.


Duration of storage
We store your activities and personal data published via our company website until you revoke your consent. In addition, we comply with the statutory retention periods.


Possibility of objection
You can object at any time to the processing of your personal data that we collect during your use of our corporate presence and assert your data subject rights as stated under IV. of this data protection declaration. To do so, send us an informal e-mail to the e-mail address stated in this data protection declaration.

Further information on exercising your rights can be found here:

LinkedIn:

https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

XING:

https://privacy.xing.com/de/datenschutzerklaerung

 

9. Hosting

The website is hosted on servers by a service provider contracted by us.

Our service provider is:

Host Europe GmbH, Hansestraße 111, 51149 Köln, Germany

The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The information stored is:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Date and time of the server request
  • IP address

This data is not merged with other data sources. The collection of this data is based on Art. 6 para. 1 lit. f DSGVO. Our legitimate interest for processing this data is to display our website without errors and to optimize its functions.

The location of the server of the website is geographically in Germany.

This privacy policy was created with the support of DataGuard.

certificates

Social media

Contact

4ACES GmbH
Major-Hirst-Straße 11
38442 Wolfsburg
+49 151 1131 2462kontakt@4aces.de