1. Information on the collection of personal data
Below you will find information on the processing of personal data when using this website. Personal data is all information that can be attributed to you personally, e.g. name, address, e-mail or online identifiers such as IP address. In particular, we explain the legal basis for this, what the data is used for, how and for what purposes this is done and what criteria apply to the storage period. Details on the respective processes can be found in the following sections.
The controller pursuant to Art. 4 No. 7 of the EU General Data Protection Regulation (GDPR) is MASA Institute GmbH, Friedrichstr. 3-4, 37073 Göttingen, phone: 49 151 68104434, email: firstname.lastname@example.org.
2. Collection of personal data when visiting this website
a. When using the website for information purposes only, i.e. if you do not provide us with any other information, the data that is technically necessary to display the website and to ensure its stability and security is processed. This data includes the domain accessed, date and time of access, the request (HTTP request), bytes transferred, description of the browser used by the user, IP address and the HTTP status code. This data is not merged with other data. It is not possible for us to access the data directly. The data can only be accessed by the provider of the web server for security purposes and is automatically deleted after three days at the latest. The legal basis for the processing of personal data for the implementation of these pre-contractual measures is Art. 6 para. 1 sentence 1 lit. b GDPR.
b. The data is also analysed in aggregated and anonymised form for statistical purposes. We have a legitimate interest in analysing user behaviour in order to optimise our offering. The legal basis in this respect is Art. 6 para. 1 sentence 1 lit. f GDPR.
c. Furthermore, text information, also known as "cookies", is stored on your computer via your Internet browser when you use the website. As part of the basic functionality and for security reasons (e.g. to prevent cross-site request forgery), the content management system provides a so-called session cookie or a transient cookie that expires at the end of the session, i.e. is automatically deleted when you close the browser. This only stores the so-called session ID, i.e. a unique combination of characters, whereby your computer sends back the cookie information, whereby several related requests from a user can be recognised and assigned to a session (name of the cookie: wires; value to identify the session: alphanumeric, e.g. nhjtjgdpgt1uf8841jq2u658db). This is a technically necessary cookie that we use on the legal basis of Art. 6 para. 1 sentence 1 lit. b GDPR.
If other cookies are set, we will inform you separately below. You can prevent the installation of cookies by setting your Internet browser accordingly, restrict them if necessary and delete existing cookies at any time. You determine the storage of cookies yourself. It may not be possible to use all functions of the website to their full extent without cookies.
d. When operating the website, we use the advertising agency Marktplatz Südniedersachsen Internet GmbH & Co KG, Webdesign & Hosting, Prinzenstr. 21, 37073 Göttingen, www.mpsn.de, as an external service provider to process your data. Order processing can be carried out on an ancillary basis on the legal basis of the underlying processing. Processing that is in itself justified for the controller can therefore also be carried out by processors on the basis of the same data protection law, provided that the requirements for order processing under Art. 28 et seq. GDPR are complied with. In this case, therefore, on the legal basis of Art. 6 para. 1 sentence 1 lit. b and f GDPR. In any case, outsourcing is necessary to safeguard our legitimate interests within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR. The service provider was carefully selected and commissioned by us. In this respect, we observe the legal requirements and, in particular, conclude a contract for order processing that serves to protect your data.
3. other functions and offers on our website
In addition to the purely informational use of our website, you have the option of sending us an enquiry, whereupon we store the data you provide there for the purpose of processing the enquiry and follow-up questions. The processing for the provision of contractual or pre-contractual services is determined by the underlying contractual relationship and is carried out on the basis of Art. 6 para. 1 lit. b GDPR. In all other cases, we have a legitimate interest in responding to your request, whereupon the processing is carried out on the basis of Art. 6 para. 1 lit. f. GDPR.
We use SSL encryption to provide the best possible protection for data transmitted via the website. You can recognise such encrypted connections by the prefix "https://" in the address bar of your browser.
When you call up an external hyperlink that leads to another service, a connection is established to the respective web server and the desired website is requested. Such links are clearly labelled and can be recognised by the fact that the URL/Internet address displayed in the browser changes. We do not transmit any data to third parties. Your browser usually transmits the URL of the original website to the web server. It is therefore possible to see from which website you accessed the linked website. Our website and the respective links are configured in such a way that the referrer is not transmitted. However, accessing an external hyperlink regularly leads to significantly more extensive data processing on the requested website, for which the respective service provider is responsible.
The resulting data is deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If we are obliged to store data for a longer period of time due to retention and documentation obligations under commercial law, processing will be restricted. This means that the data will be blocked and not processed for other purposes. According to § 147 para. 1 and 3 AO, § 257 para. 1 and 4 HGB, § 14b para. 1 UStG, a 10-year retention period applies to books and records, annual financial statements, accounting vouchers, invoices, etc., as well as a 6-year retention obligation for all other business documents subject to retention, such as received or sent commercial or business letters and other documents, insofar as they are relevant for taxation. The retention period begins at the end of each calendar year. They will not be passed on to third parties.
4. Data and Pricacy protection information on the application process
If you send us an application, the applicant data will be processed for a specific purpose and in accordance with the legal requirements to fulfil our obligations resulting from the application process. The processing is carried out primarily on the basis of Section 26 BDSG and subordinately Art. 6 para. 1 lit. b GDPR. Accordingly, the processing of data required in connection with the decision on the establishment of an employment relationship is permitted. Insofar as you voluntarily provide additional data, the processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. If you voluntarily provide special personal data within the meaning of Art. 9 para. 1 GDPR or if this is requested as required data, the legal basis is also Art. 9 para. 2 lit. a GDPR or Section 26 para. 3 BDSG. Should the data be required for legal prosecution after completion of the application process, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. Our interest then lies in the assertion or defence of claims.
The data will be deleted as soon as it is no longer required, at the latest after six months. However, the data may be further processed for the purposes of the employment relationship after a successful application. For secure transmission, postal dispatch should be used instead of e-mail.
5. Your rights
You have the right
- in accordance with Art. 7 para. 3 GDPR, to withdraw consent once given at any time. As a result, the data processing based on this consent may no longer be continued in the future;
- to request information about your processed personal data in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
- in accordance with Art. 16 GDPR, to demand the immediate correction of incorrect or incomplete personal data stored about you
- in accordance with Art. 17 GDPR, to request the erasure of your stored personal data, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims
- in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you; the processing is unlawful but you oppose its erasure; we no longer need the data but you need it for the establishment, exercise or defence of legal claims or you have objected to processing in accordance with Art. 21 GDPR;
- in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller
- in accordance with Art. 21 GDPR, you can object to the processing of your personal data, which we base on a balancing of interests, insofar as there are reasons for this arising from your particular situation. We ask you to explain the reasons why we should not process your personal data as we have done. We will then examine the situation and will either stop or adapt the data processing or show you our compelling reasons worthy of protection, on the basis of which we will continue the processing.
Furthermore, you can object to the processing of your personal data for advertising purposes at any time (objection to advertising).
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us in accordance with Art. 77 GDPR. You can find the contact details at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
If you have any further questions, you can also contact us at any time using the contact details provided above.