Als führende Unternehmensgruppe im DACH-Raum bündeln wir das Know-how unserer Partner und bieten unseren Kunden ein umfassendes Dienstleistungsportfolio an.
1. Data protection at a glance
Data collection on this website
Who is responsible for the data collection on this website?
Data processing on this website is carried out by the website operator. You can find his contact details in the imprint of this website.
How do we collect your data?
Your data is collected when you provide it to us. This can be, for example, data that you enter in a contact form.
Other data is automatically collected by our IT systems when you visit the website. This is mainly technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.
What do we use your data for?
Part of the data is collected to ensure error-free provision of the website. Other data may be used to analyse your user behaviour.
What rights do you have regarding your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. You can contact us at any time at the address given in the imprint with regard to this and other questions on the subject of data protection. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
This website is hosted by an external service provider (hoster). Personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated via a website.
Our hoster will only process your data insofar as this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data. We have concluded a Data Processing Agreement with the hoster in accordance with Art. 28 GDPR.
3. General notes and mandatory information
We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Information on the controller pursuant to Art. 4 No. 7 GDPR
Phone: +49 7143 84300
Data Protection Officer
Dr. Kraft, firstname.lastname@example.org, Einsteinstr. 55, 89077 Ulm, Fon: +49 731 20589-24
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail-addresses, etc.).
Revocation of your consent to data processing
Some data processing operations are only possible with your express consent, which is voluntary. You can revoke your consent at any time. All you need to do is send us an informal e-mail. The lawfulness of the data processing carried out until the revocation remains unaffected by the revocation.
Right to object to the collection of data in specific cases and to direct marketing (Art. 21 GDPR)
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct advertising (objection pursuant to Art. 21 (2) GDPR).
Right to lodge a complaint with the competent supervisory authority
In the event of breaches of the GDPR, data subjects shall have a right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
Information, deletion and correction
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, a right to correction or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the imprint.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
- If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.
- If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balancing of your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.
- If you have restricted the processing of your personal data, such data may – apart from being stored – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
Access to your personal data stored by us is restricted to our employees and the service providers commissioned by us, who have to handle this personal data due to their tasks.
If third parties gain access to your data, we have obtained permission from you or there is a legal basis for this.
We also use service providers to provide services and process your data (including for hosting, sending newsletters, delivering ordered goods, processing payments, sending letters or e-mails as well as maintaining and analysing databases, securing our web servers or for website tracking). The service providers process the data exclusively on our instructions and have been obliged to comply with the applicable data protection regulations. All processors have been carefully selected and are only given access to your data to the extent and for the period required to provide the services or to the extent that you have consented to the processing and use of the data.
Data exchange within the group of companies
Data exchange within the group of companies to which we belong takes place exclusively within the EU/EEA and Switzerland as a country with an adequate level of protection pursuant to Art. 45 (1) GDPR and serves only internal administrative purposes. By group of companies, we mean affiliated companies within the meaning of Art. 4 No. 19 GDPR.
Datenaustausch innerhalb der Unternehmensgruppe
Ein Datenaustausch innerhalb der Unternehmensgruppe, der wir angehören, findet ausschließlich innerhalb der EU/EWR sowie der Schweiz als Staat mit angemessenem Schutzniveau gem. Art. 45 Abs. 1 DSGVO statt und dient lediglich internen Verwaltungszwecken. Unter Unternehmensgruppe verstehen wir dabei verbundene Unternehmen im Sinne des Art. 4 Nr. 19 DSGVO.
4. Data collection on this website
We use so-called cookies in some areas of our website, e.g. to recognise visitors’ preferences and to be able to optimally design the website accordingly. This facilitates navigation and a high degree of user-friendliness of a website. Cookies also help us to identify particularly popular areas of our website. Cookies are small files that are stored on a visitor’s hard drive. They allow information to be retained for a certain period of time and identify the visitor’s computer. We use permanent cookies for better user guidance and individual performance presentation.
We only use technically necessary cookies on our website.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data is not merged with other data sources.
The collection of this data is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – for this purpose, the server log files must be collected.
If you send us enquiries via the contact form, your details from the form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions.
The processing of the data entered in the contact form is carried out in accordance with Art. 6 (1) lit. f GDPR. The processing of data voluntarily entered by you in the contact form is based on your consent in accordance with Art. 6 (1) lit. a GDPR.
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your enquiry). Mandatory legal provisions – in particular retention periods – remain unaffected.
Request by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 (1) lit. a GDPR) and/or on our legitimate interests (Art. 6 (1) lit. f GDPR), as we have a legitimate interest in effectively processing the enquiries addressed to us.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
Online application procedure
We only process your personal data to process your application and/or within the framework of the talent pool. The processing of your application also includes, if necessary, the use of your data to contact you by e-mail and/or post and/or telephone. The recruiting managers as well as the respective HR managers and interviewers have access to your documents. Another form of processing is carried out anonymously for the purpose of measuring the success of job placements and the technical application channels used as well as with regard to the skills of applicants submitted.
Insofar as you have given your consent to the processing of your personal data, Art. 6 (1) lit. a GDPR serves as the legal basis. This is particularly the case in the context of the talent pool. When processing your personal data that is necessary for the performance of a contract to which you are a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures in the context of recruiting.
The data is processed with the help of systems of Greenhouse Software Inc., a company based in the USA. The SITS Group has concluded a contract with Greenhouse on the basis of the EU Standard Contractual Clauses in accordance with Art. 46 GDPR and has implemented sufficient technical and organisational measures to adequately protect your data. The data is stored exclusively on European servers. The transmission of the data entered by you as well as the file attachments sent along is carried out via a transport-secured connection. If you would like more detailed information about the use of Greenhouse as a US service provider, please contact us: email@example.com.
The deletion of the applicant’s stored personal data takes place automatically at the earliest after 4 weeks, but at the latest after 5 years, from the time the applicant was informed that the position will not be filled by him/her and no further legal requirements conflict with this. The time limit results from the legal requirements of the respective countries for the equal treatment of applicants.
If you have given your consent to be included in the talent pool, your data will be stored in our system for up to 1 year in order to be considered in advance for future job advertisements. We use the data you provide to contact you by e-mail and/or post and/or telephone.
The TeamViewer software can be used for remote maintenance and our helpdesk. The provider of this software is TeamViewer GmbH, Jahnstr. 30, 73037 Göppingen. If you wish to use remote maintenance, you must download the TeamViewer software from the provider using a link provided by us and run it on your computer. TeamViewer allows us to temporarily access your system, view your screen and remotely control your mouse and keyboard. Please close all windows with content that requires data protection or is critical to your company before you release TeamViewer. Team Viewer is subject solely to the data protection provisions of TeamViewer GmbH as your contractual partner for the use of the software, which can be accessed at https://www.teamviewer.com/de/privacy-policy/.
5. Analysis tools and advertising
Matomo (formerly Piwik)
We use the website analysis software Matomo to optimise and statistically evaluate visitor access to our website.
Alternatively, you can also object to the storage and analysis of the data collected by Matomo at any time HERE. In this case, a so-called opt-out cookie ensures that Matomo does not collect any session data.
In addition, as part of our website analysis, we naturally respect your ‘Do not Track’ preference as you have set it in your browser.
General information on data protection at Matomo: https://matomo.org/privacy/
6. Plugins und Tools
We use the Friendly Captcha service on our website, which makes it possible to distinguish whether the data entry is made by a natural person or automatically/mechanically. The IP address and any other data required by Friendly Captcha for the service are forwarded to Friendly Captcha. The IP address of the website visitor is immediately anonymised by Friendly Captcha. The data is processed in accordance with Art. 6 (1) 1 lit. f GDPR. Our legitimate interest is to determine whether a request actually originates from a natural person and needs to be processed and thus to avoid unnecessary sorting out of spam mails.
Recipient of the data: Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany
Social Media Buttons
Our website uses social media buttons (LinkedIn) to allow you to interact with third parties.
These social media buttons are not integrated as plugins via a so-called iFrame, but are stored as links. By clicking on the social media buttons, you will be forwarded directly to the page of the corresponding provider. The respective provider is then responsible for compliance with the data protection provisions and for the accuracy, timeliness and completeness of the information provided there on data processing within the meaning of Art. 4 No. 7 GDPR.
We would like to point out that our fanpages in the social networks are merely another of various options for contacting us or receiving information from us. Alternatively, the information offered via our fanpages can also be accessed on our website, for example.
Supplementary information on the individual social networks can be found in the following paragraphs.
Controller with whom our LinkedIn account (‘Fanpage’) is jointly operated (‘Platform Operator’):
LinkedIn Ireland Unlimited Company
In an agreement pursuant to Art. 26 (1) GDPR, it was determined between the joint controllers who fulfils which obligation pursuant to the GDPR
The agreement within the meaning of Art. 26 (1) GDPR can be found at the following link: https://legal.linkedin.com/pages-joint-controller-addendum
The platform operator makes the essential contents of this agreement available to the data subjects. We have no influence on whether or how the platform operator actually uses data (purpose, storage, deletion, disclosure, transmission, profiling). We also have no effective control options in this respect.
Contact details for data protection:
You can contact the platform operator’s data protection officer using the following web form https://www.linkedin.com/help/linkedin/ask/TSO-DPO?lang=en
Categories of personal data:
Data that we process from registered visitors to our fanpage:
Shared profile data (ProFinder profile data, education, work experience, salary expectations, photo, location data, skills and knowledge confirmations, professional achievements (e.g. patent granting, professional recognition, projects)), other data and content freely published, provided, disseminated, posted or uploaded by the data subjects on LinkedIn or via their LinkedIn account.
Legal basis of the data processing
The legal bases on which the platform operator bases the data processing can be found here: https://www.linkedin.com/legal/privacy-policy
Data transfers to third countries
The platform operator will transfer the data to the United States, Ireland and any other country in which the platform operator does business and store and otherwise process the data there, regardless of the residence of the data subjects.
Associated data transfers to third countries are secured by an adequacy decision of the EU Commission pursuant to Art. 45 GDPR or by appropriate safeguards pursuant to Art. 46 GDPR: https://www.linkedin.com/help/linkedin/answer/62533?lang=en
Further information, in particular on the categories of personal data, the origin of the data, the storage period, the purposes of the data processing and the categories of recipients, can be found in the following links:
–> Information on the available personalisation and data protection setting options can be found here (with further references): https://privacy.linkedin.com/de-de/faq
Supervisory authority responsible for the platform operator (Art. 77 GDPR)
Data Protection Commission
21 Fitzwilliam Square, Dublin 2
At your express request, we will send you our monthly newsletter on selected topics and information about our group of companies. Please note that delivery can only take place if you have either expressly confirmed your wish to receive the newsletter again as part of our double opt-in process or if your e-mail address has already been verified as a result of existing contact with us.
We therefore require your e-mail address for registration. You can tell us your name, but you do not have to. If you tell us your name, we will use it to address you personally. You will then receive an e-mail at the e-mail address you have provided, asking you to click on a link in order to confirm your registration for the newsletter. Only after your confirmation will your e-mail address be activated for sending the newsletter (double opt-in procedure). Insofar as you have registered for the newsletter, you have submitted the following declaration of consent for this:
“Yes, I would like to receive monthly news, cyber incidents and interesting offers related to IT security from SITS Group at my email address provided above. The newsletter contains tracking pixels to evaluate the success of the campaigns. I have noted that I can revoke this consent to the use of my data for e-mail advertising at any time, e.g. by clicking on the unsubscribe link at the end of each newsletter or in writing to firstname.lastname@example.org“.
The personal data collected as part of the newsletter registration will be used exclusively for sending and personalizing the newsletter. You can revoke the consent to the storage of personal data that you have given us for newsletter dispatch at any time with effect for the future. For the purpose of revoking consent, each newsletter contains a corresponding link; alternatively, you are also welcome to contact us directly (email@example.com) so that we can implement your revocation.
Our newsletter contains tracking pixels. A tracking pixel is an invisible graphic in HTML e-mails with the purpose of enabling a log file recording when the e-mail is opened, as well as a recording regarding the links activated from the newsletter with subsequent analysis. This enables us to evaluate the success of our newsletter campaigns by means of statistical evaluations and to optimize our newsletter, for example, in order to present you with topics and offers that are better suited to your interests.
The personal data collected in this way is processed by our service provider named below in the USA, among other places. Insofar as you do not agree to this, you can unsubscribe from the newsletter at any time via the link in each newsletter or by sending a message with “Newsletter revocation” to firstname.lastname@example.org.
Recipient of the data: HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin and its subcontractors.
The legal basis for the transfer is a contract for order processing as well as the EU standard contractual clauses pursuant to Art. 46 (2) lit. c DSGVO and the additional measures implemented to protect the data.