DATA PROTECTION INFORMATION FOR TELEPHONE AND E-MAIL CONTACT AND IN THE CONTEXT OF APPLICATIONS

PERSON RESPONSIBLE FOR THE PROCESSING

Responsible for the processing is

COLIFT GmbH
Sonninstr. 22a
20097 Hamburg
represented by the Managing Director Michael Morthorst
can be reached at +49 40 22 85 38 or privacy@colift.de.

DATA PROTECTION CONTACT

You can reach our contact person for data protection at the above postal address with the addition “Data protection contact person” or by e-mail at privacy@colift.de.

PURPOSES OF DATA PROCESSING AND LEGAL BASIS

We process your personal data to the extent necessary for the purpose of exchanging e-mails with you and for the fulfilment of the purposes addressed in these e-mails. For this purpose, we process data in our email server, any customer files and for all other purposes for which we are legally responsible. For example, the following purposes may apply: to acquire or identify you as our business contact , to advise you appropriately to be able to identify you as our business contact , to be able to advise you appropriately, to correspond with you, to fulfil our contractual obligations with you, our suppliers and clients, to assert, exercise or defend civil law claims, to fulfil our legal obligations and duties.

The legal basis for this is Art. 6 para. 1 lit. f DSGVO and the legitimate interest to process our or your request by telephone or e-mail, to store and process your contact details to communicate with you, to provide you with information about our company as well as our products and/or services, to assert, exercise and defend our legal claims.

If e-mails are used to conclude or execute a contract with us, the legal basis for the processing is Art. 6 para. 1 lit. b DSGVO, if you are our expert, customer, supplier or other business partner as a self-employed person or sole trader, otherwise Art. 6 para. 1 lit. f DSGVO. In this case, our legitimate interest is to advance the conclusion of the contract or to fulfil our contractual obligations towards our customers or your employer.

If you are an applicant, the legal basis is Section 26 BDSG in conjunction with Article 9 DSGVO for the processing of special categories of personal data, as well as the General Equal Treatment Act (AGG).

Insofar as we act to fulfil a legal obligation, the legal basis is Art. 6 para. 1 lit. c DSGVO.

PERSONAL DATA PROCESSED

Within the scope of communication with you, we process data that we from websites or social media , contained in the telephone calls and/or e-mails, e.g. title, first name, surname, e-mail address, name of your company, function / position in the company, address, telephone number, contractual data on orders placed or received, bank details, as well as other personal data that we require to fulfil our contractual obligations with our clients and suppliers or that we process to fulfil legal obligations.

In addition, we process data that is necessary for the assertion, exercise or defence of claims under civil law.

We process content data of your message or submission to us (if you exercise your rights as a data subject ).

In the context of an application, we may also process your date of birth, place of birth and nationality, your curriculum vitae, references from previous employers, information on education and training, as well as other data that you provide to us as part of the application. This may also include special categories of personal data in accordance with Art. 9 (1) DSGVO (e.g. your severely disabled status).

DATA SOURCES

We generally collect your personal data directly from you . In certain situations, however, we may exceptionally collect your personal data not directly from you, but through your colleagues  or social media. receive.

We may also receive your data from the following bodies, insofar as the collection and transfer of data is required or permitted by law, or insofar as you have expressly consented to this: e.g. public registers, health insurance companies, lawyers, courts, supervisory authorities, police, public prosecutors, credit agencies, debt collection companies, personnel service providers, etc.

DURATION OF STORAGE

We delete your personal data after the purpose of the processing no longer applies and (subsequently) the legal obligation to retain the data. This is 7 years for contract-relevant correspondence and 10 years for invoices.

Unless there is a legal obligation to retain data, we delete the personal data if and insofar as we no longer need it within the scope of the legitimate interest described above, but at the earliest after the expiry of the regular statute of limitations in accordance with § 195 BGB. If no contract is concluded, we store your data for 6 months, at the most until you object, if you are entitled to do so.

If you apply to us by e-mail, we will process your data for the duration of the application process. In the event of rejection, this is usually six months after the end of the job advertisement in accordance with the AGG. The legal basis for this is our legitimate interest (Art. 6 para. 1 lit. f DSGVO) in being able to prove that you and all other applicants have been treated correctly and are not subject to discrimination. If you are hired, we will store your data beyond that and transfer it to the personnel file.

If your personal data is required beyond this (for example in connection with the assertion of or defence against claims under civil law in connection with your application), it will be deleted as soon as the further storage of the data is no longer necessary for these purposes. In this case, the storage is also based on Art. 6 para. 1 lit. f DSGVO.

RECIPIENTS OF YOUR PERSONAL DATA

Your personal data is passed on to external service providers in the context of e-mail contact with us, who carry out certain activities for us – usually in the context of order processing in accordance with Art. 28 DSGVO. The service providers used are:

• Microsoft Ireland Operations Limited: Operation of Microsoft 365 Online.
  The data storage location of the so-called dormant data is Germany. Nevertheless, it cannot be ruled out that in exceptional cases personal data will be transferred to Microsoft Corp. in the USA. For this case, so-called EU standard contractual clauses (SCC) were concluded between Microsoft Ireland Operations Limited and Microsoft Corp., USA, as a necessary guarantee and supplemented by further security measures (“Additional Safeguards Addendum to Standard Contractual Clauses”). These include Microsoft’s commitment to use all possible legal means to prevent access by US intelligence services or investigating authorities, for example, or at least to inform the persons concerned of this. In
  addition, we have obliged Microsoft to observe and comply with a professional secrecy agreement transferred to us by
  our clients. Microsoft will impose a confidentiality obligation on all persons it employs and will require subcontractors to impose the same confidentiality obligation on the persons they employ;
• Klenty; California, USA: E-mail dispatch; we have concluded so-called EU standard contractual clauses (SCC) with Klenty as a necessary guarantee;
• Sipgate GmbH, Düsseldorf: Cloud-based telephone system;
• Vodafone GmbH, Düsseldorf: Telephone system;
• sevDesk GmbH, Offenburg: Invoice generation and dispatch;
• Pipedrive OÜ, Talinn, Estonia: Contact management;
• AB Leverache, Sweden: Platform for expert networks;
• DATEV eG, Nuremberg: Operation of our accounting software;
• TestGorilla B.V., Netherlands: Personality tests;
• Deutsche Bank AG, Frankfurt: Payment processing;
• Wise PLC, London, England: Payment processing;
• Paypal Inc, California, USA: Payment processing.

If you contact us as a data subject, we will forward your personal data, if you so wish or if it is necessary for the fulfilment of our tasks, to consulting companies to ensure the proper processing of your request or, if applicable, to the data protection supervisory authority. The legal basis for this is either your consent (Art. 6 para. 1 lit. a DSGVO) or our legitimate interest in properly fulfilling our legal obligations (Art. 6 para. 1 lit. f DSGVO .

Furthermore, it may happen that we are obliged to forward your data to external bodies (e.g. authorities). The legal basis for this would be Art. 6 para. 1 lit. c DSGVO. In such cases, we will inform you of this and of the further circumstances, in particular your options for intervention, insofar as this is permissible.

YOUR RIGHTS

If you wish to exercise any of your rights, please contact us as data controller at the contact details above . If you require proof, we recommend that you contact us by email (see address above).

Right to information

According to Art. 15 of the GDPR, you have the right to request confirmation from us as to whether personal data relating to you is being processed by us. If this is the case, you have the right to be informed about this personal data and to receive further information as specified in Art. 15 of the GDPR.

Right of rectification/supplementation

Pursuant to Art. 16 of the GDPR, you have the right to request that we correct any inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.

Right to erasure

You have the right to demand that we delete personal data relating to you without delay. We are obliged to delete personal data without delay if the relevant requirements of Art. 17 of the GDPR are met. For details, please refer to Art. 17 of the GDPR.

Right to restrict processing

In accordance with Art. 18 DSGVO, you have the right under certain conditions to demand that we restrict the processing of your personal data.

Right to data portability

Pursuant to Article 20 of the GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format, and you have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the processing is carried out using automated procedures.

Right to withdraw consent

According to Art. 7 DSGVO, you have the right to revoke your consent at any time and without giving reasons. Please note that a revocation applies exclusively to the future and does not affect the lawfulness of processing carried out in the past.