Data privacy statement

Data privacy statement

Rev.: 5/1/2018
Firestixx would like to thank you for visiting our website and for your interest in our company.
Data protection is a top priority for Firestixx. The following statement tells you how we implement data protection provisions at Firestixx, what information we record when you visit our web pages, and how this information is used. First of all: your data is exclusively used for the following purposes, and will not be used in any other way – e.g. for advertising purposes – without your permission.

I. Name and address of the Controller
The Controller in the sense of the General Data Protection Regulation and other national data protection laws of the member states as well as other statutory data protection provisions is:

FireStixx GmbH & Co. KG
Siemensstraße 1a
D-84051 Essenbach-Altheim
Germany
Telefon +49 8703 90588-0
Telefax +49 8703 90588-59
E-Mail info(at)firestixx.org

The Controller’s Data Protection Officer is:
Email:

III. General information about data processing
We fundamentally only collect and utilize our users’ personal data to the extent that this is necessary in order to provide a functional website as well as our content and services. As a rule, our users’ personal data is only collected and utilized with the consent of the user. An exception applies in cases where it is not possible to obtain consent in advance for practical reasons, and where data processing is permitted by the statutory provisions.

1. Legal basis for processing personal data
If and to the extent that we obtain consent from the data subjects for personal data processing transactions, Art. 6 Sec. 1 lt. a EU General Data Protection Regulation (GDPR) serves as the legal basis for processing personal data.
In processing personal data that is necessary in order to fulfill a contract with the data subject, Art. 6 Sec. 1 lt. b GDPR serves as a legal basis. This also applies to processing steps that are necessary in order to perform pre-contractual measures.
If and to the extent that personal data must be processed in order to fulfill a legal obligation to which our company is subject, Art. 6 Sec. 1 lt. c GDPR serves as a legal basis.
In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 Sec. 1 lt. d GDPR serves as a legal basis.
If processing is necessary in order to protect a legitimate interest of our company or of a third party, and as long as the interests, basic rights and basic freedoms of the data subject do not outweigh the former interest, Art. 6 Sec. 1 lt. f GDPR serves as a legal basis for the processing.

2. Data deletion and duration of storage
The data subject’s personal data will be deleted or blocked as soon as the storage purpose no longer applies. In addition, storage may take place if this is required by European or national legislation through Union ordinances, laws or other regulations to which the Controller is subject. Data will also be blocked or deleted after the end of a storage period established by the abovementioned standards, unless there is a need to continue storing the data in order to conclude or fulfill a contract.

IV. Provision of the website and creation of log files
1. Description and scope of data processing
Each time our web page is accessed, our system automatically records data and information from the computer system on the accessing computer.
The following data is collected:
• Information about the browser type and version used
• The user’s operating system
• The user’s internet service provider
• The user’s IP address
• Date and time of access
• Websites from which the user’s system accesses our web page
• Websites accessed by the user’s system via our website.
The log files contain IP addresses and other data that can be associated with a user. This is the case, for instance, if the link to the website from which the user accessed the web page or the link to the next website the user visits contains personal data.
The data is also saved in our system’s log files. This data is not combined with any other personal data regarding the user.
The user data collected in this way is pseudonymized using technical measures, so it is no longer possible to associate the data with the user accessing the website. This data is not combined with any other personal data regarding the user.

2. Legal basis for data processing
The legal basis for temporarily storing the data and log files is Art. 6 Sec. 1 lt. f GDPR.

3. Purpose of data processing
The system must temporarily store the IP address in order to deliver the website content to the user’s computer. In order to do this, the user’s IP address must be stored for the duration of the session.
Data is stored in log files in order to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information systems. Data is not analyzed for marketing purposes in this context.
These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 Sec. 1 lt. f GDPR.

4. Duration of storage
The data will be deleted as soon as it is no longer needed in order to achieve the purpose for which it was collected. If the data was recorded in order to make the website available, this is the case when the respective session ends.

5. Objection and removal option
Recording the data in order to make the website available and storing the data in log files is necessary in order to operate the web page. Thus the user does not have the option of objecting to this.

V. Use of cookies
1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the user’s web browser or on the user’s computer system by the web browser. For data protection reasons, our website fundamentally does not store any cookies on the user’s computer. For PHP sessions, we only use session cookies.
The session cookies used by Weblication are only saved in the web browser’s main memory, so they are deleted when the browser is closed. That is why you generally need to log in again after closing the browser. Visit data that needs to be maintained during a session includes form data, for instance, so that it can be displayed again if there is an incorrect entry. This data is also deleted at the latest when the form is submitted.

2. Legal basis for data processing
The legal basis for processing personal data using cookies is Art. 6 Sec. 1 lt. F GDPR.

3. Purpose of data processing
The purpose of using necessary cookies is to simplify the use of websites for the users and/or to make websites easier to navigate.
These purposes also constitute our legitimate interest in processing personal data pursuant to Art. 6 Sec. 1 lt. f GDPR.

4. Duration of storage
Cookies are not stored on the user’s computer.

5. Analysis by Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics also uses cookies, in other words text files that are stored on your computer to analyze your use of the website (see above under IV 1 – 4).
As a rule, the information generated by the cookie about your use of the website will be transmitted to a Google server in the United States and stored there. However, we have enabled the Google Analytics IP anonymization function on this web page, so Google will first shorten your IP address within member states of the European Union or in other states that are party to the Agreement on the European Economic Area.
Google will use this information to analyze your use of the website, to compile reports on the website activities and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be associated with any other data held by Google.
You can prevent data generated by the cookies and relating to your use of the website (including your IP address) from being recorded and shared with Google, as well as from being processed by Google, by downloading and installing the browser plugin under the following link: http://tools.google.com/dlpage/gaoptout. This will place an opt-out cookie that prevents your data from being recorded when you visit this website in the future.
More information about the terms of use and about data protection with Google Analytics can be found under www.google.com/analytics/terms/de.html and under https://www.google.de/intl/de/policies/.

VI. Contact form, online application and email contact
1. Description and scope of data processing
a.) Our web page features a contact form / application form that can be used to contact us electronically. If a user takes advantage of this option, the data entered on the input screen will be transmitted to us and saved. This involves the following data:
• Title, first and last name
• Company
• Industry/application area
• Street name, house number, postal code, city and country
• Phone
• Email
• Desired salary, if applicable
• Application materials

When you send the message, the following data will also be saved:
• The user’s IP address
• Date and time of registration

In order to process your data, we will obtain your consent as part of the submission step and provide a reference to this data privacy policy.
b.) Alternatively, users can contact us via the provided email address. In this case, the user’s personal data that is transmitted along with the email will be saved.
c.) Data is not shared with third parties. The data will exclusively be used for conducting the conversation and/or for the application process.

2. Legal basis for data processing
a.) The legal basis for processing data with consent from the user is Art. 6 Sec. 1 lt. a GDPR.
b.) The legal basis for processing data transmitted in the course of sending an email is Art. 6 Sec. 1 lt. f GDPR. If the goal of the email contact is to conclude a contract, an additional legal basis for processing is Art. 6 Sec. 1 lt. b GDPR.

3. Purpose of data processing
We exclusively process personal data from the input screen for the purpose of handling the contact request. In the case of an email contact, this also establishes our necessary legitimate interest in processing the data.
The other personal data processed during the submission step serves to prevent any misuse of the contact form and to ensure the security of our information systems.

4. Duration of storage
a.) The data will be deleted as soon as it is no longer needed for the purpose for which it was collected. For personal data from the input screen and personal data provided by email, this is the case when the respective conversation with the user has ended. The conversation has ended when the circumstances indicate that the matter in question has been resolved.
b.) For personal data from the input screen in the online application function and personal data submitted by email as part of an application, this is the case when the relevant application process is complete and there is no risk of a legal objection.
By submitting the declaration of consent as part of the online application, you agree to our storing of applications for a period of 2 years so that we can also consider you for future job openings.
Any additional personal data collected during the submission step will be deleted at the latest after seven days.

5. Objection and removal option
The user has the option to revoke the consent for processing personal data at any time. If the user contacts us by email, he or she can object to the storage of the personal data at any time. In this case, the conversation cannot be continued and/or the application can no longer be considered.
Please send your revocation of consent and/or your objection to data storage via email to or , or in writing to our company address given above.
In this case, all personal data stored in the context of establishing contact will be deleted.

VII. Rights of the data subject
If your personal data is processed, you are considered a data subject in the sense of GDPR and you have the following rights with regard to the Controller:

1. Right to information
You can request confirmation from the Controller as to whether your personal data is being processed by us.
If such processing is taking place, you can request information from the Controller about the following matters:
(1) the purposes for which personal data is being processed;
(2) the categories of personal data being processed;
(3) the recipients and/or categories of recipients to whom the relevant personal data has been or will be disclosed;
(4) the planned duration of storage for your personal data or, if no concrete information is available in this regard, criteria for determining the duration of storage;
(5) whether you have the right to rectification or deletion of your personal data, the right to restrict processing by the Controller, or the right to object to this processing;
(6) whether you have the right to lodge a complaint with a supervisory authority;
(7) all available information about the origin of the data if the personal data was not collected from the data subject;
(8) whether an automated decision-making process exists, including profiling pursuant to Art. 22 Sec. 1 and 4 GDPR and – at least in these cases – relevant information about the logic involved as well as the scope and desired effects of such processing for the data subject.
You have the right to request information about whether your personal data is transmitted to a third country or an international organization. In this context, you can request information about the suitable guarantees pursuant to Art. 46 GDPR in conjunction with this transmission.

2. Right to rectification
You have the right to have your data rectified and/or completed by the Controller if your processed personal data is incorrect or incomplete. The Controller must rectify this data immediately.

3. Right to restrict processing
Under the following conditions, you can request that processing of your personal data be restricted:
(1) if you dispute the accuracy of your personal data for a period that allows the Controller to check the accuracy of the personal data;
(2) if the processing is unlawful and you refuse to have the personal data deleted, instead requesting that use of the personal data be restricted;
(3) if the Controller no longer needs the personal data for the intended processing purposes, but you need it in order to establish, exercise or defend legal claims, or
(4) if you have lodged an objection to processing pursuant to Art. 21 Sec. 1 GDPR and it has not yet been determined whether the Controller’s legitimate reasons outweigh your reasons.
If you have restricted the processing of your personal data, this data may only be processed – aside from its storage – with your consent; or in order to establish, exercise or defend legal claims; or in order to protect the rights of another natural or legal person; or in the case of substantial public interest by the Union or a member state.
If processing was restricted according to the above requirements, you will be informed by the Controller before any restriction is lifted.

4. Right to erasure
a) Erasure obligation
You can ask the Controller to delete personal data concerning you immediately and the Controller is obligated to erase this data immediately if one of the following reasons applies:
(1) Your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
(2) You withdraw your consent upon which processing was based pursuant to Art. 6 Sec. 1 lt. a or Art. 9 Sec. 2 lt. a GDPR, and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Art. 21 Sec. 1 GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 Sec. 2 GDPR.
(4) The personal data was unlawfully processed.
(5) The personal data must be erased in order to comply with a legal obligation under Union law or the law of the member states to which the Controller is subject.
(6) The personal data was collected for information society services pursuant to Art. 8 Sec. 1 GDPR.
b) Information for third parties
Where the Controller has made your personal data public and is obligated to erase this personal data pursuant to Art. 17 Sec. 1 GDPR, the Controller, with consideration for the available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform Controllers processing the personal data that you as a data subject have requested the erasure by such Controllers of any links to this personal data and any copies or replications of this personal data.
c) Exceptions
The right to erasure does not apply to the extent that processing is necessary
(1) for exercising the right to freedom of expression and information;
(2) for compliance with a legal obligation which requires processing under Union law or the law of the member states to which the Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
(3) for reasons of public interest in the area of public health pursuant to Art. 9 Sec. 2 lt. h and i as well as Art. 9 Sec. 3 GDPR;
(4) for archiving purposes, scientific or historical research purposes and statistical purposes that are in the public interest pursuant to Art. 89 Sec. 1 GDPR, to the extent that the right named in Section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
(5) for the establishment, exercise or defense of legal claims.

5. Right to information
If you have asserted your right to rectification, erasure or restriction of processing toward the Controller, the Controller must inform all recipients to whom your personal data was disclosed about this rectification or erasure of data or restriction of processing, unless this proves impossible or involves disproportionate effort.
You have the right to obtain information from the Controller about these recipients.

6. Right to data portability
You have the right to receive personal data concerning you which you have provided to the Controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another Controller without being prevented from doing so by the Controller that originally received the personal data, where
(1) the processing is based on consent pursuant to Art. 6 Sec. 1 lt. a GDPR or Art. 9 Sec. 2 lt. a GDPR or on a contract pursuant to Art. 6 Sec. 1 lt. b GDPR and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to have your personal data transmitted directly from one Controller to another, where technically feasible. This may not adversely affect the freedoms or rights of others.
The right to data portability does not apply if processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you pursuant to Art. 6 Sec. 1 lt. e or f GDPR, including profiling based on those provisions.
The Controller will no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for establishing, exercising or defending legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. Right to withdraw consent for data protection
You have the right to withdraw your consent for data processing at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
(1) is necessary for concluding or fulfilling a contract between you and the Controller,
(2) is permissible under Union or member state law to which the Controller is subject and which also lays down suitable measures to safeguard your rights and freedoms as well as your legitimate interests; or
(3) is based on your explicit consent.
However, such decisions may not be based on special categories of personal data referred to in Art. 9 Sec. 1 GDPR, unless Art. 9 Sec. 2 lt. a or g applies and suitable measures to safeguard your rights and freedoms as well as your legitimate interests are in place.
In the cases referred to in (1) and (3), the Controller will implement suitable measures to safeguard your rights and freedoms as well as your legitimate interests, at least the right to obtain human intervention on the part of the Controller, to express your point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged will inform the complainant about the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

VIII. Use of social media buttons
We use “social plugins” (hereinafter referred to as buttons) from social networks such as Facebook and LinkedIn.
Where these buttons are displayed on the web page, they have not already established contact with the Facebook or LinkedIn servers. Only by clicking on these buttons do you provide your consent to communicate with Facebook or LinkedIn, and a connection is then created. The button remains enabled until you click on it again or delete your cookies. More information about cookies can be found in our cookie policy.

Once the button is clicked, it creates a direct connection to the server of the social network in question. The content of the button is then transmitted from the social networks directly to your browser, which integrates it into the web page.
Once a button is clicked, the social network in question can already collect data, regardless of whether you interact with the button. If you are logged in to a social network, your visit to this website can be associated with your user account.
If you are a member of a social network and do not want data collected during your visit to our website to be associated with your saved member data, you will need to log out of the social network in question before clicking on the buttons.
We do not have any influence over the scope of data that social networks collect through their buttons. The purpose and scope of this data collection and the further processing and use of this data by the social networks in question, as well as your rights and setting options to protect your privacy in this regard, can be found in the data privacy policies for the respective social networks.

IX. Changes to this data privacy statement
We occasionally make changes to this data privacy statement to ensure that it corresponds to the current legal requirements and covers all of our offerings.
Your statutory rights to information, rectification, blocking, deletion and objection remain unaffected by such changes.