The EU General Data Protection Regulation (GDPR), which entered into force on 25 May 2018, is a Regulation of the European Union that creates a directly applicable, Europe-wide legal basis for the processing of personal data by public authorities and businesses. The European Union has adopted the GDPR with a view to extending the protection of personal data and enhancing each individual’s right to informational self-determination. At GloreSoft, we take the protection of the personal data of our customers and of the contacts on the part of our customers very seriously. We process your personal data in compliance with the statutory provisions regarding data protection, in particular, the provisions of the GDPR and the German Federal Data Protection Act (BDSG). By providing the following information, we comply with our statutory obligation to inform you in accordance with Articles 12 et seq. GDPR of the purpose and the relevant contacts in connection with our data processing activities and to enable you to exercise your statutory rights in connection with such data processing.
This information sheet is for our customers and for the contacts on the part of our customers and suppliers. Our customers are businesses that we help fill specialist positions in the areas of IT. Suppliers are businesses whose products and services are purchased by GloreSoft. Consequently, we process only in exceptional cases personal data of natural persons (for example, the contact details of contacts on the part of our customers). The customer and supplier data that is stored and processed by us consists primarily of purely business-related data. Where necessary, we store personal data concerning contacts and other individuals with whom we get in contact in their official function.
- Data controller
The data controller responsible for the processing of your personal data is GloreSoft GmbH Würmstr 55, 82166 Gräfelfing email@example.com +49 89 726 55 007 (hereinafter: GloreSoft).
Contact details of the data protection officer
You can reach the company data protection officer of GloreSoft using the following contact details:
+49 89 726 55 007
Please do not hesitate to contact our data protection officer if you have any questions, complaints or comments regarding data protection at GloreSoft
- Processing purposes and legal bases
5.1 Performance of a contract – formation, implementation and termination
We, GloreSoft GmbH, process personal data concerning natural persons (in particular, the contact details of contacts on the part of our customers) only where this is necessary to provide our services in the areas of temporary work, permanent placements, including for the formation, implementation and termination of the relevant contractual relationships.
To this end, we primarily process only the personal data that we receive and/or collect from our customers and suppliers/the contacts on the part of our customers and suppliers during and/or as part of the ongoing business relationship. In addition, we may also obtain personal customer data from the following further sources:
- Publicly available sources, such as commercial/company registers;
The legal basis for the above-described processing of personal data is processing for the formation, implementation and termination of a contract (point (b) of Article 6(1) GDPR).
5.2 Direct advertising and further legitimate corporate interests
At GloreSoft, we use your official contact details to provide customers and prospective customers as part of our direct advertising activities with information about our services and with invitations to our customer events. The legal basis for this form of promotional information is our legitimate interest (point (f) of Article 6(1) GDPR) in convincing customers and prospective customers in this way to (again) purchase our services. You can object to your personal data being used for direct marketing purposes at any time by notice to the contact details stated above or, in the event of advertising by email, by using the link provided for this purpose in the relevant email. We will stop using your data for direct advertising purposes if you object to your data being used for these purposes. For further information, please see the description of your rights as a data subject in Section 10 below.
5.3 Further processing purposes and legal bases
To the extent that the processing of data for the purposes set out below does not occur for the implementation of the respective contractual relationship, we additionally process data on a statutory legal basis for the performance of legal obligations (point (c) of Article 6(1) GDPR), due to a legitimate interest (point (f) of Article 6(1) GDPR) or based on your consent (point (a) of Article 6(1) GDPR) for the following purposes:
- Measures to improve and further develop our services and to manage and enhance our customer relationships, for example, surveys among customers/participants;
- Maintaining business processes and ensuring compliance, for example, operating, managing and enabling the use of information technology and communication systems;
- Protecting trade and business secrets and business property, including the IT infrastructure, against loss and risks, such as viruses, spam and other attacks and risk scenarios;
- Performing legal documentation, reporting and notification obligations;
- Exchange of personal data within the GloreSoft for internal administrative purposes (including budgeting, financial management, reporting, and risk management and control) and for key account management across locations/companies of the Group;
- Video surveillance to prevent trespassing, including the gathering of evidence in the event of criminal offences;
- Measures to ensure the security of buildings and facilities (for example, access control) and to prevent trespassing;
- Preventive measures to prevent criminal conduct and administrative offences or the violation of company rules and investigation of criminal offences;
- Handling inquiries from law enforcement agencies or other public authorities;
- Managing mergers and takeovers, as well as reorganisations and sales.
When carrying out the relevant processing activities, we proactively take your interests requiring protection which relate to the processing of your personal data carefully into account. Regardless of this, where data is processed based on a weighing of interests, you may, of course, object at any time to such processing on grounds relating to your particular situation. In this case, we reserve the right to continue the processing if we arrive at the conclusion after another examination that our legitimate interest in processing the relevant data continues to override your interests or your fundamental rights and freedoms. (Please also note your rights as a data subject in this regard, as set out in Section 10 below.)
Initially, in principle, only our employees who are engaged in customer management from an HR, sales or technical perspective gain knowledge of your personal data.
If we commission a service provider who is based outside the EU/EEA in any particular case and, therefore, data is transferred to a third country, we will enter into an appropriate data protection agreement with this service provider in accordance with the legal requirements in order to agree an adequate level of data protection. Such further service providers commissioned by us may be: IT service providers, online recruiting providers and social networks, such as Xing or LinkedIn.
Finally, we transfer personal data in particular cases to our legal or tax advisors, who, due to their professional status, have a special obligation to maintain confidentiality and secrecy.
- Duration of storage and erasure of your personal data
At GloreSoft, we store your personal data during the initiation and the course of the service/customer relationship as long as this is necessary for the formation and/or implementation of individual service contracts.
We erase your personal data when the contractual relationship between you and GloreSoft has ended, all mutual claims have been fulfilled and there are no longer any statutory obligations to retain such data, for example, under the German Commercial Code (HGB) (Sections 238, 257(4) German Commercial Code (HGB)) or the German Tax Code (AO) (Section 147(3) and (4) German Tax Code (AO)), or other statutory grounds that would justify storing your data.
At GloreSoft, we store your contact details and the business correspondence hitherto exchanged also after the concrete service contract has ended in order to be able to maintain our business relationship and contact you at regular intervals, in particular, in order to support you with further services where necessary or, as the case may be, obtain again services from you. The legal basis for such processing is our legitimate interest in maintaining and cultivating existing business relationships, including the commercial interest in convincing you once more of our services when contacting you for advertising purposes (point (f) of Article 6(1) GDPR).
- Data security
At GloreSoft, we protect personal data by taking appropriate technical and organisational measures to ensure an adequate level of protection and safeguard the privacy rights of customers/contacts. The purpose of the measures taken is, inter alia, to prevent unauthorised access to the technical facilities used by us and to protect personal data from being accessed by unauthorised third parties.
- Obligation to provide your data
For some of the personal data that you disclose to us as part of our customer relationship, the provision of such data is required by law or the contract and/or is necessary for the creation and/or the proper implementation of the relevant contractual relationships. Consequently, you are obliged to provide us with such personal data. Please note that if you do not provide us with such personal data, we may be unable to perform individual contractual obligations.
- Your rights as a data subject
10.1 Access, rectification, erasure, etc.
Upon request, we provide you with information about whether any personal data concerning you has been stored by GloreSoft and, if so, what personal data, as well as with information about, inter alia, the categories of recipients to whom we have transferred such data, where applicable. In addition, you may exercise the following further rights in accordance with the statutory provisions: rectification, erasure, restriction of processing (blocking for certain purposes), as well as the right to data portability.
10.2 Right to object (to direct advertising, among other things)
If the requirements stipulated in Article 21 GDPR are met, you may object to your personal data being processed, in particular where such processing is based on a weighing of interests (point (f) of Article 6(1) GDPR). This also concerns the cases, if any, where we process your personal data in particular cases for direct advertising purposes. In this context, we weigh our interest in contacting you for advertising purposes against your right to informational self-determination. If you do not wish to receive any advertising from GloreSoft, you may object at any time to your data being processed for advertising purposes.
Information about your right to object under Article 21 GDPR
- You have the right to object at any time to processing of your data which is based on point (f) of Article 6(1) GDPR (data processing based on a weighing of interests) if there are grounds to object relating to your particular situation.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is done for the establishment, exercise or defence of legal claims.
- In individual cases, we also process your personal data for direct advertising purposes. If you do not wish to receive any advertising, you have the right to object at any time. We will observe such objection with effect for the future.
We will stop processing your data for direct advertising purposes if you object to your data being processed for these purposes.
The objection can be made without observing any particular form and, if possible, should be addressed to:
Würmstr 55, 82166
+49 89 726 55 007
10.3 Right to revoke
You have the right to revoke any consent to the processing of your personal data that has been given. As a result of the revocation of your consent, the processing of your data is terminated with effect for the future unless there are other grounds that justify such processing. A revocation does not affect the lawfulness of the processing carried out in the past. We will store information about your revocation for documentation and evidentiary purposes.
10.4 Right to lodge a complaint
You have the right to turn to a competent supervisory authority if you have any complaints. The supervisory authority responsible for GloreSoft is Bavarian Datenschutzbeauftragter (http://www.datenschutz-bayern.de/).
10.5 Other concerns
Our data protection officer will be happy to help you with any further questions or concerns regarding data protection. Any inquiries in this regard or exercise of your above rights should, if possible, be made in writing to our above-stated address or be addressed directly to our data protection officer, for example by email to firstname.lastname@example.org.
- Automated decision-making/profiling
There is no automated decision-making and/or profiling.