Data privacy statement

Thank you for showing an interest in our website. The protection of your privacy is of the utmost importance to us. In the following you will find a detailed explanation of how we use your information.

We reserve the right to change this Privacy Policy from time to time to comply with current legal requirements or to implement changes to our services in our Privacy Policy, such as when we introduce new services. Any new visit you make to our website will then be subject to the new Privacy Policy.

If you have questions about privacy, please write us an email or contact our data protection officer directly:

datenschutz@braincourt.com

General information

Contact information and persons in authority

Braincourt GmbH
Fasanenweg 11
70771 Leinfelden-Echterdingen / Germany

Telephone +49 711 7585800
Telefax +49 711 75858080
e-mail info@braincourt.com

Persons in authority:
Günter Hauser, Kosmas Kalpakidis, Markus Staudenmayer

Braincourt Austria GmbH
Brückenkopfgasse 1/6
8020 Graz / Austria

Telephone +43 720 310 409
Telefax +43 720 310 409 99
e-mail info@braincourt.com

Persons in authority:
Thomas Buchegger, Klaus Klinger, Markus Staudenmayer

Data privacy officer

Person in authority for data privacy

Braincourt GmbH
Dr. Stefan Kloos
e-mail datenschutz@braincourt.com

Braincourt Austria GmbH
Thomas Buchegger
e-mail datenschutz@braincourt.com

YOUR RIGHT TO APPEAL AT THE RESPONSIBLE SUPERVISORY AUTHORITY

You have the right to appeal at the data protection supervisory authority (Sec. 77 GDPR).

The supervisory authorities responsible for us are:

For Braincourt GmbH

The State Commissioner for Data Protection and Freedom of Information
Königstrasse 10a
70173 Stuttgart

Postfach 102 932
70025 Stuttgart

Telephone +49 711 615541-0
Telefax +49 711 615541-15
e-mail: poststelle@lfdi.bwl.de
www.baden-wuerttemberg.datenschutz.de

For Braincourt Austria GmbH

Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Wien

Telephone +43 1 52 152-0
e-mail dsb@dsb.gv.at
www.dsb.gv.at

USING OUR WEBSITE

Information of a general nature is collected automatically when you access our website. This information (server log files) includes, for example, the type of web browser you use, your operating system, the domain name of your Internet service provider and similar. This only comprises information that allow no conclusions to be drawn about your person. This information is required technically in order to correctly deliver the contents of the web pages you requested and is also mandatory when using the Internet. We evaluate anonymous information of this kind to optimise our website and the underlying technology.

Like many other websites, we also use what are known as ‘cookies’. Cookies are small text files that are transferred from a website server to your hard drive. This automatically provides us with certain data, such as your IP address, browser used, computer operating system and your connection to the Internet.

Cookies cannot be used to launch programs or transfer viruses to computers. The information contained in the cookies allows us to facilitate navigation and display our websites correctly.

The data we collect is never disclosed to third parties, nor do we establish a link to personal data without your consent.

It goes without saying that you can generally view our website without cookies. Most browsers are normally set to accept cookies by default. You can disable the use of cookies at any time using the settings in your browser. Please use the help in your internet browser to find out how to change these settings. Please note that possibly several features of our website may not function if you have disabled the use of cookies.

On this website, we use the Facebook Pixel from Facebook, a social media network from the company Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

The code implemented on this page can evaluate the action taken by visitors who visit this website from a Facebook ad. This data is collected and stored by Facebook and can be used to improve Facebook ads. The data collected is not visible to us, and is only available in the context of advertising placements. Cookies are also set when the Facebook Pixel code is used.

Using the Facebook Pixel communicates a visit to this website to Facebook so that visitors get to see matching ads on Facebook. If you have a Facebook account and are logged in, your visit to our website is associated with your Facebook user account.

To find out how the Facebook Pixel is used for advertising campaigns, please visit https://www.facebook.com/business/learn/facebook-ads-pixel.

If you are signed in to Facebook, you can change your ad settings on Facebook at: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. At http://www.youronlinechoices.com/preferentialmanagement/ you can manage your preferences regarding usage-based online advertising. There you can disable or enable several providers at once or make settings for individual providers.

You can find more information on the Data Policy from Facebook at: https://en-gb.facebook.com/policy.php.

To protect the security of your data during transfer, we use state-of-the-art encryption technology (such as SSL) over a HTTPS Connection.

If users leave comments on our blog, the time the comment was created and the username the website visitor chose previously are saved along with the details of the comment. This is for our own safety, because we can be prosecuted for any illegal content on our website, even when it is created by users.

If you wish to receive the newsletter offered on the website, we require you to provide an e-mail address as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree with the receipt of the newsletter.

We use the so-called double opt-in procedure to ensure that the newsletter is sent out by mutual consent. In the course of this, the potential recipient can be included in a distribution list. The user will then be given the opportunity to confirm the registration with legal certainty by means of a confirmation e-mail. Only when the confirmation is made, the address is actively included in the distribution list. We use this data exclusively for the sending of the requested information and offers.

Newsletter2Go is used as newsletter software. Your data will be transmitted to Sendinblue GmbH. Sendinblue GmbH is prohibited from selling your data and using it only for the purpose of sending newsletters. Sendinblue GmbH is a German certified provider selected according to the requirements of the General Data Protection Regulation and the Federal Data Protection Act. More information can be found here.

You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter.

The data protection measures are always subject to technical renewals for this reason, we ask you to inform yourself about our data protection measures at regular intervals by inspecting our data protection declaration.

If you establish contact with us by email or over the contact form, the information you provide is stored for the purpose of processing your enquiry and any possible follow-up queries.

We adhere to the principles of data avoidance and economy. For this reason, we only store your personal data for as long as it is necessary for achieving the purposes stated here, or as required by the various storage periods provided for by law. After the respective purpose no longer exists or these periods have expired, the corresponding data is routinely blocked or deleted in accordance with the statutory provisions.

This website uses Google Analytics, a web analytics service from Google Inc. (in the following “Google”). Google Analytics uses ‘cookies’, which are text files that are stored on your computer and facilitate the analysis of how you use our website. The information the cookie generates on how you use our Website is usually transferred to a Google server in the USA and stored there. Because IP anonymisation is enabled on this website, your IP address is truncated by Google if it is located within the member states of the European Union or other parties to the agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the US and truncated there. Google uses this information on behalf of the operator of our website to evaluate how you use our website in order to compile reports on website activity to provide the website operator with website and internet-related services. The IP address transferred by your browser as a part of the Google Analytics service is not merged with other data from Google.

You can reject the use of cookies by selecting the appropriate settings in your browser; we would like to point out however, that doing so may limit your ability to use all of the features of this website to the full. By downloading and installing the browser plugin available from the link below, you can also prevent the data the cookie generates on how you use our website (incl. your IP address) from being transferred to Google and Google processing this data: browser add-on for disabling Google Analytics.

In order to correctly render our content in a graphically appealing manner across browsers, we use script and font libraries on this website, such as Google Webfonts (https://www.google.com/ Webfonts/). Google Webfonts are transferred to the cache in your browser to prevent them being loaded multiple times. If your browser does not support Google Webfonts or prohibits access to them, content is displayed in a standard font.

Calling up script or font libraries automatically initiates a connection to the library operator. It is theoretically possible for the operators of such libraries to collect data, although, currently, it unclear whether they do, and if they do, then for what purposes.

You can find the Privacy Policy from Google as the library operator here: https://www.google.com/policies/privacy/

This website uses Google Maps API for the visual display of geographical information. When using Google Maps, Google also collects, processes and uses data about how visitors use the map functions. For more information about data processing by Google, please refer to the Google Data Privacy Statement. You can also change your personal privacy settings in the privacy centre there.

You can find detailed instructions on how to manage your personal data is connection with Google products here.

We use “Google reCAPTCHA” (in the following “reCAPTCHA”) on our websites. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. reCAPTCHA is used to checked whether the data entered on our websites (e.g. on a contact form) is performed by a human being or an automated program. reCAPTCHA analyses the action taken by the website visitor here based on various characteristics. The analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, the amount of time spent by the website visitor on the website or movements with the mouse made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses take place completely in the background. Site visitors are not informed that an analysis is taking place. This data is collected on the basis of Sec 6. (1) (f) GDPR. The website operator has a legitimate interest in protecting its web sites from abusive automated spying and SPAM. For more information on Google reCAPTCHA and the Privacy Policy from Google, please go to: https://policies.google.com/privacy?hl=en and https://www.google.com/recaptcha/intro/android.html.

Social plugins used by the providers listed below are used on our web pages. These plugins can be recognised by the fact that they are labelled with the appropriate logo.

These plugins can be used to send information to the service provider, which may include personal data and may be used by them. We use a double-click solution to prevent the unconscious and unwanted collection and transfer of data to the service provider. To enable a social plugin, you first need activate it by clicking on the corresponding button. Only by activating the plugin is the detection of information and its transfer to the service provider triggered. We do not personally collect identifiable information using the social plugins or via their use.

We have no control over the data an activated plugin collects, nor how it is used by the provider. At present, it must be assumed that a direct connection to the provider’s services is established and that at least the IP address and device-related information is collected and used. The service providers may also try to store cookies on the computer used. Please refer to the privacy policies from the respective service providers to see which specific data is collected and how it is used. Note: if you are logged in to Facebook at the same time, Facebook can identify you as a visitor to a particular page.

We have embedded the social media buttons from the following companies into our website.

Facebook Inc. (1601 S. California Ave – Palo Alto – CA 94304 – USA)

Twitter Inc. (795 Folsom St. – Suite 600 – San Francisco – CA 94107 – USA)

Google Plus/Google Inc. (1600 Amphitheatre Parkway – Mountain View – CA 94043 – USA)

XING AG (Gänsemarkt 43 – 20354 Hamburg – Germany)

LinkedIn Corporation (2029 Stierlin Court – Mountain View – CA 94043 – USA)

You are entitled to request information at any time about the personal data on your person that we store. Likewise, you have the right to have your personal information corrected, blocked or deleted, except for the data that needs to be stored for business purposes. To do so, please contact our data protection officer. You can find their contact details at the bottom on this Privacy Notice.

For locked data to be taken into account at any time, it needs to be stored in a lock file for control purposes. You can also request that the data be deleted as long as no legal obligation exists to archive it. If such an obligation exists, we will lock your data on request.

By notifying us, you can make changes or revoke your consent with effect for the future.

INFORMATION AND RIGHTS FOR

1. Processing purposes and legal basis

Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (FDPA) and other relevant data protection regulations. The processing and use of the individual data depends on the agreed or requested service. In our contract documents, forms, consent forms and the other information provided to you (for example, on the Website or in the Terms and Conditions), you can find further details and additions to the processing purposes.

1.1 Consent (Sec. 6 (1) (a) GDPR)

If you have given us consent to the processing of personal data, the respective consent is the legal basis for the processing mentioned therein. You can revoke your consent at any time with effect for the future.

1.2 Fulfilment of contractual obligations (Sec. 6 (1) (b) GDPR)

We process your personal data to implement the contracts we have concluded with you. We also process your personal data in order to undertake measures and perform activities in the context of pre-contractual relationships.

1.3 Fulfilment of legal obligations (Sec. 6 (1) (c) GDPR)

We process your personal information when necessary to fulfill legal obligations (such as commercial, tax laws).

Identity and age checks, prevention of fraud and money laundering, the prevention, combating and clarification of terrorist financing and offending criminal offenses, comparison with European and international anti-terrorist lists, the fulfillment of tax control and reporting obligations as well as the archiving of data for data protection and data security purposes and the Examination by tax and other authorities can become necessary. In addition, the disclosure of personal data in the context of administrative / judicial action may be required for purposes of gathering evidence, prosecuting or enforcing civil claims.

1.4 Our legitimate interest / legitimate interest of third parties (Sec. 6 (1) (f) GDPR)

We may also use your personal information on the basis of a balance of interests to protect our legitimate interest or that of third parties. This takes place for the following purposes:

  • For the limited storage of your data, if its deletion is not or only possible with disproportionate effort owing to the special nature of its storage
  • For the development of services and products as well as existing systems and processes
  • For enriching our data by using or researching publicly available data
  • For statistical analyses or for marketing analyses
  • For benchmarking
  • For asserting legal claims and defending legal disputes that are not directly attributable to the contractual relationship
  • For obtaining information and exchanging information with credit reference agencies, if this extends beyond our economic risk

2. Categories if personal data we process

We process the following data:

  • personal data (name, occupation/branch and comparable data)
  • contact details (address, mail address, telephone number and comparable data)
  • Payment / Cover confirmation for bank and credit cards
  • Information about your financial situation (credit data including scoring, for instance data for assessing the economic risk) ATTENTION: this is not about company credit ratings
  • customer history

We also process personal data from public sources (e.g. the Internet, media, press, trade and association registers, resident registers, debt directories, land registers.
If required for rendering of our service, we process personal data that we legitmately receive from third parties (e.g. address publishers, credit reference agencies).

3. Who receives your data?

Within our company, we disclose your personal information to those departments that need this information to fulfil their contractual and legal obligations or to realise our legitimate interests.

In addition, the following organisations may receive your data:

  • Data processing companies we employ (Sec. 28 GDPR), service providers that support our activities and other data controllers within the meaning of the GDPR, especially in the following areas: IT services, external data centres, it support/maintenance, archiving, document processing, call centre services, data destruction, purchasing/procurement, risk controlling, billing, telephony, website management, auditing services, credit institutions, printers or data disposal businesses)
  • Public bodies and institutions, in the event of a legal or regulatory obligation, according to which we are obliged to provide information and notify or disclose data, or the transfer of data is in the public interest
  • Bodies and institutions based on our legitimate interest or the legitimate interest of the third party (e.g. to public authorities, credit reference agencies, debt collection companies, lawyers, courts, appraisers, affiliated companies and committees and supervisory bodies)
  • Other bodies for which you have given us your consent to transfer data

4. Transfer of your data to a third country or international organisations

Data processing does not take place outside the EU or EEA (this is usually the case).

A transfer of data to offices in countries outside the European Union (EU) or the European Economic Area EEA, so-called third countries), takes place when it is necessary for the execution of an order / contract by or with you, it is required by law (eg tax reporting obligations), it is in the legitimate interest of us or a third party or you have given us consent.
The processing of your data in a third country can also take place in connection with the involvement of service providers in order processing. Insofar as the EU country does not have an EU Commission’s decision on an adequate level of data protection, according to the EU data protection regulations we ensure through corresponding contracts that its rights and freedoms are adequately protected and guaranteed. Corresponding detailed information is available on request.

5. How long do we save your data?

If necessary, we process your personal data for the duration of our business relationship, including the initiation and execution of a contract.
In addition, we are subject to various storage and documentation requirements, e.g. from the Commercial Code (CC) and the Tax Code (TC). The deadlines for storage and documentation are specified to up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.
Ultimately, the retention period is also judged according to the statutory limitation periods, which according to §§ 195 seq. of the German Civil Code (Bürgerliches Gesetzbuch, BGB) can generally be three years, in some cases up to thirty years.

6. To what extent is there automated decision-making in individual cases (including profiling)?

We do not use purely automated decision-making procedures under Article 22 GDPR. If we use these procedures in individual cases, we will inform you about this separately, if this is required by law. If profiling is used this must be described here.

7. Your data privacy rights

You have the right to information according to Sec. 15 GDPR, the right to cancellation according to Sec. 16 GDPR, the right to restriction of processing according to Sec. 18 GDPR and the right of data transferability according to Sec. 20 GDPR. In addition, there is a right of appeal to a data protection supervisory authority (Sec. 77 GDPR). Basically, according to section 21 GDPR the right to object to the processing of personal data by us. This right of objection, however, only applies in the case of very special circumstances of your personal situation, whereby rights of our house may conflict with your right of objection. If you wish to claim any of these rights, please contact our Privacy Officer (privacy@braincourt.com).

8. Scope of your obligations to provide us with your information

All you need to do is to provide the information necessary to enter into a business relationship or enter into a pre-contractual relationship with us, or that we are required to collect by law. Without this data, we will generally not be able to conclude or execute the contract. This may also apply to data required later in the business relationship. If we also request data from you, you will be made aware of the voluntary nature of the information separately.

9. Information about your right to object pursuant to Sec. 21 GDPR

You have the right to object to your personal data being processed at any time that takes place on the basis of Sec. 6 (1) (f) GDPR (data processing based on a balance of interests) or Sec 6. (1) (e) GDPR (data processing in the public interest) if reasons exist for this that arise from your particular situation. This also applies to profiling based on this provision in the meaning of Sec. 4 (4) GDPR.

If you object, we will no longer process your personal data unless we can establish compelling legitimate grounds for its processing that outweigh your interests, rights and freedoms, or its processing for purposes of asserting, exercising or defending legal claims.

You can send your objection informally to the address detailed in Sec. 1.

10. Your right to appeal to the competent supervisory authority

You have a right of appeal to the data protection supervisory authority (Sec. 77 GDPR). The supervisory authority responsible for us is:

For Braincourt GmbH

The State Commissioner for Data Protection and Freedom of Information
Königstrasse 10
70173 Stuttgart

For Braincourt Austria GmbH

Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Wien

1. Processing purposes and legal basis

Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (FDPA) and other relevant data protection regulations. The processing and use of the individual data depends on the agreed or requested service. In our contract documents, forms, consent forms and the other information provided to you (for example, on the Website or in the Terms and Conditions), you can find further details and additions to the processing purposes.

1.1 Consent (Sec. 6 (1) (a) GDPR)

If you have given us consent to the processing of personal data, the respective consent is the legal basis for the processing mentioned therein. You can revoke your consent at any time with effect for the future.

1.2 Fulfilment of contractual obligations (Sec. 6 (1) (b) GDPR)

We process your personal data to implement the contracts we have concluded with you. We also process your personal data in order to undertake measures and perform activities in the context of pre-contractual relationships.

1.3 Fulfilment of legal obligations (Sec. 6 (1) (c) GDPR)

We process your personal information when necessary to fulfill legal obligations (such as commercial, tax laws).

Identity and age checks, prevention of fraud and money laundering, the prevention, combating and clarification of terrorist financing and offending criminal offenses, comparison with European and international anti-terrorist lists, the fulfillment of tax control and reporting obligations as well as the archiving of data for data protection and data security purposes and the Examination by tax and other authorities can become necessary. In addition, the disclosure of personal data in the context of administrative / judicial action may be required for purposes of gathering evidence, prosecuting or enforcing civil claims.

1.4 Our legitimate interest / legitimate interest of third parties (Sec. 6 (1) (f) GDPR)

We may also use your personal information on the basis of a balance of interests to protect our legitimate interest or that of third parties. This takes place for the following purposes:

  • For the limited storage of your data, if its deletion is not or only possible with disproportionate effort owing to the special nature of its storage
  • For the development of services and products as well as existing systems and processes
  • For enriching our data by using or researching publicly available data
  • For statistical analyses or for marketing analyses
  • For benchmarking
  • For asserting legal claims and defending legal disputes that are not directly attributable to the contractual relationship
  • For obtaining information and exchanging information with credit reference agencies, if this extends beyond our economic risk

2. Categories if personal data we process

We process the following data:

  • personal data (name, occupation/branch and comparable data)
  • contact details (address, mail address, telephone number and comparable data)
  • Payment / Cover confirmation for bank and credit cards
  • Information about your financial situation (credit data including scoring, for instance data for assessing the economic risk) ATTENTION: this is not about company credit ratings
  • customer history

We also process personal data from public sources (e.g. the Internet, media, press, trade and association registers, resident registers, debt directories, land registers.
If required for rendering of our service, we process personal data that we legitmately receive from third parties (e.g. address publishers, credit reference agencies).

3. Who receives your data?

Within our company, we disclose your personal information to those departments that need this information to fulfil their contractual and legal obligations or to realise our legitimate interests.

In addition, the following organisations may receive your data:

  • Data processing companies we employ (Sec. 28 GDPR), service providers that support our activities and other data controllers within the meaning of the GDPR, especially in the following areas: IT services, external data centres, it support/maintenance, archiving, document processing, call centre services, data destruction, purchasing/procurement, risk controlling, billing, telephony, website management, auditing services, credit institutions, printers or data disposal businesses)
  • Public bodies and institutions, in the event of a legal or regulatory obligation, according to which we are obliged to provide information and notify or disclose data, or the transfer of data is in the public interest
  • Bodies and institutions based on our legitimate interest or the legitimate interest of the third party (e.g. to public authorities, credit reference agencies, debt collection companies, lawyers, courts, appraisers, affiliated companies and committees and supervisory bodies)
  • Other bodies for which you have given us your consent to transfer data

4. Transfer of your data to a third country or international organisations

Data processing does not take place outside the EU or EEA (this is usually the case).

A transfer of data to offices in countries outside the European Union (EU) or the European Economic Area EEA, so-called third countries), takes place when it is necessary for the execution of an order / contract by or with you, it is required by law (eg tax reporting obligations), it is in the legitimate interest of us or a third party or you have given us consent.
The processing of your data in a third country can also take place in connection with the involvement of service providers in order processing. Insofar as the EU country does not have an EU Commission’s decision on an adequate level of data protection, according to the EU data protection regulations we ensure through corresponding contracts that its rights and freedoms are adequately protected and guaranteed. Corresponding detailed information is available on request.

5. How long do we save your data?

If necessary, we process your personal data for the duration of our business relationship, including the initiation and execution of a contract.
In addition, we are subject to various storage and documentation requirements, e.g. from the Commercial Code (CC) and the Tax Code (TC). The deadlines for storage and documentation are specified to up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.
Ultimately, the retention period is also judged according to the statutory limitation periods, which according to §§ 195 seq. of the German Civil Code (Bürgerliches Gesetzbuch, BGB) can generally be three years, in some cases up to thirty years.

6. To what extent is there automated decision-making in individual cases (including profiling)?

We do not use purely automated decision-making procedures under Article 22 GDPR. If we use these procedures in individual cases, we will inform you about this separately, if this is required by law. If profiling is used this must be described here.

7. Your data privacy rights

You have the right to information according to Sec. 15 GDPR, the right to cancellation according to Sec. 16 GDPR, the right to restriction of processing according to Sec. 18 GDPR and the right of data transferability according to Sec. 20 GDPR. In addition, there is a right of appeal to a data protection supervisory authority (Sec. 77 GDPR). Basically, according to section 21 GDPR the right to object to the processing of personal data by us. This right of objection, however, only applies in the case of very special circumstances of your personal situation, whereby rights of our house may conflict with your right of objection. If you wish to claim any of these rights, please contact our Privacy Officer (privacy@braincourt.com).

8. Scope of your obligations to provide us with your information

All you need to do is to provide the information necessary to enter into a business relationship or enter into a pre-contractual relationship with us, or that we are required to collect by law. Without this data, we will generally not be able to conclude or execute the contract. This may also apply to data required later in the business relationship. If we also request data from you, you will be made aware of the voluntary nature of the information separately.

9. Information about your right to object pursuant to Sec. 21 GDPR

You have the right to object to your personal data being processed at any time that takes place on the basis of Sec. 6 (1) (f) GDPR (data processing based on a balance of interests) or Sec 6. (1) (e) GDPR (data processing in the public interest) if reasons exist for this that arise from your particular situation. This also applies to profiling based on this provision in the meaning of Sec. 4 (4) GDPR.

If you object, we will no longer process your personal data unless we can establish compelling legitimate grounds for its processing that outweigh your interests, rights and freedoms, or its processing for purposes of asserting, exercising or defending legal claims.

You can send your objection informally to the address detailed in Sec. 1.

10. Your right to appeal to the competent supervisory authority

You have a right of appeal to the data protection supervisory authority (Sec. 77 GDPR). The supervisory authority responsible for us is:

For Braincourt GmbH

The State Commissioner for Data Protection and Freedom of Information
Königstrasse 10
70173 Stuttgart

For Braincourt Austria GmbH

Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Wien

1. Processing purposes and legal basis

Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other relevant data protection regulations. You can find further details and additional information on the processing purposes in our contract documents, forms, declarations of consent and other information provided to you (e.g. on our website or in our Terms and Conditions).

1.1 Consent (Sec 6. (1) (a) GDPR)

If you have granted us your consent to process personal data, each instance of consent forms the legal basis for the processing mentioned therein. You can revoke each instance of consent at any time with effect for the future. To revoke your consent, please send a corresponding statement to widerruf@braincourt.com.

1.2 Fulfilment of legal obligations (Sec 6. (1) (b) GDPR)

We process your personal data for the purpose of completing the application procedure. Processing may also take place electronically. This is especially the case if you submit your application documents electronically, for example, by email or over a web form on the website.

1.3 Fulfilment of legal obligations (Sec. 6 (1) (c) GDPR)

We process your personal data if it is required for fulfilling legal obligations.

1.5 Our legitimate interest/legitimate interest of third parties (Sec. 6 (1) (f) GDPR)

We can also use your personal data based on a balance of interests to protect the legitimate interest of us or third parties. This is done for the following purposes:

  • for advertising or market research if you have not objected to the use of your data
  • for the collection of information and the exchange of data with credit agencies, if this goes beyond our economic risk
  • for the limited storage of your data, if deletion is not possible or only possible with disproportionate effort due to the special type of storage
  • for comparison with European and international anti-terrorist lists, if this goes beyond the legal obligations
  • for the further development of services and products as well as existing systems and processes
  • for the disclosure of personal data as part of a due diligence for example in company sales
  • for the enrichment of our data by using or researching publicly available data
  • for statistical evaluations or for market analyzes
  • for benchmarking
  • for the assertion of legal claims and defense in legal disputes that are not directly attributable to the contractual relationship
  • for the development of scoring systems or automated decision-making processes
  • for internal and external investigations and or security checks
  • for monitoring or recording telephone calls for quality control and training purposes
  • for certifications of private law or official matters
  • for ensuring and exercising our house rights through appropriate measures (e.g. video surveillance)

2. Categories of personal data we process

We process the following data:

  • name, first name
  • Contact details (e.g. email address, address, telephone number)
  • Complete application documents (such as CV, qualification certificates, references)

3. Who receives your data?

Within our company, we disclose your personal information to those departments that need this information to fulfil their contractual and legal obligations or to realise our legitimate interests. All employees responsible for processing data are obliged to safeguard the confidentiality of your data. We only disclose your personal data to affiliated companies and not to third parties unless you have consented to the disclosure of your data or we are required to transfer it by law and/or by way of official or court orders.

The following positions can also receive your data:

  • Processors we use (Sec. 28 GDPR), service providers for supporting activities and other responsible persons within the meaning of the GDPR, in particular in the area
    (e.g. IT services, logistics and printing services, external data centers, support / maintenance of EDP / IT applications, archiving, document processing, call center services, compliance services, controlling, data screening for anti-money laundering purposes, data validation or plausibility check, data destruction, purchasing / procurement, customer management, lettershops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, credit institutions, printers or companies for data disposal, courier services, logistics)
  • public bodies and institutions in the event of a legal or official obligation, according to which we are obliged to provide, report or pass on data or the data transfer is in the public interest
  • Bodies and institutions based on our legitimate interest or the legitimate interest of the third party (e.g. to authorities, credit agencies, debt collection, lawyers, courts, appraisers, group companies and committees and supervisory bodies)
  • other places for which you have given us your consent to the data transfer

4. Transmission of your data to a third country or to an international organization

Data processing outside the EU or the EEA does not take place.

A data transfer to places in countries outside the European Union (EU) or the European Economic Area EEA, so-called third countries) takes place if it should be necessary for the execution of an order / contract from or with you, if it is required by law (e.g. tax reporting requirements), it is in the context of a legitimate interest of us or a third party or you have given us your consent.
The processing of your data in a third country can also take place in connection with the involvement of service providers in the context of order processing. Insofar as there is no decision by the EU Commission regarding an appropriate data protection level for the country in question, we guarantee according to the EU data protection regulations through appropriate contracts that their rights and freedoms are adequately protected and guaranteed. We will provide you with the corresponding detailed information on request.

5. How long do we store your data?

If the controller concludes an employment contract with an applicant, the transmitted data will be saved for the purpose of processing the employment relationship in compliance with the statutory provisions. If the data controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted three months after notification of the rejection decision, provided that there are no other legitimate interests of the data controller contrary to deletion. Other legitimate interest in this sense is, for example, an obligation to provide evidence in a procedure under the General Equal Treatment Act (GETA).

6. To what extent is there automated decision-making in individual cases (including profiling)?

We do not use purely automated decision-making procedures in accordance with Article 22 GDPR. If we use these procedures in individual cases, we will notify you separately if this is required by law.

7. Your data privacy rights

You have the right to information according to Sec. 15 GDPR, the right to cancellation according to Sec. 16 GDPR, the right to restriction of processing according to Sec. 18 GDPR and the right of data transferability according to Sec. 20 GDPR. In addition, there is a right of appeal to a data protection supervisory authority (Sec. 77 GDPR). Basically, according to section 21 GDPR the right to object to the processing of personal data by us. This right of objection, however, only applies in the case of very special circumstances of your personal situation, whereby rights of our house may conflict with your right of objection. If you wish to claim any of these rights, please contact our Privacy Officer (privacy@braincourt.com).

8. Scope of your obligations to provide us with your data

You only need to provide the data that is required for the application process. Without this data, we will generally not be able to conclude an employment contract with you. If we also request data from you, you will be informed of the voluntary nature of the information.

9. Your right to appeal to the competent supervisory authority

You have the right to lodge a complaint with the data protection supervisory authority (Sec. 77 GDPR). The supervisory authority responsible for us is:

For Braincourt GmbH

The State Commissioner for Data Protection and Freedom of Information
Königstrasse 10 a
70173 Stuttgart

For Braincourt Austria GmbH

Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Wien

1. Processing purposes and legal basis

Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other relevant data protection regulations. You can find further details and additional information on the processing purposes in our contract documents, forms, declarations of consent and other information provided to you (e.g. on our website or in our Terms and Conditions).

1.1 Consent (Sec. 6 (1) (a) GDPR)

If you have given us consent to the processing of personal data, the respective consent is the legal basis for the processing mentioned there. You can withdraw your consent at any time with effect for the future.

1.2 Fulfilment of contractual obligations (Sec. 6 (1) (b) GDPR)

We process your personal data on the basis of our employment contracts with you. We need the data to maintain the employment relationship.

1.3 Fulfilment of legal obligations (Sec. 6 (1) (c) GDPR)

We process your personal data if it is required for fulfilling legal obligations. If necessary, we process your data for identity verification, comparisons with European and international anti-terrorist lists, the fulfilment of controlling and reporting obligations and for archiving data for data protection and security purposes, as well as audits by tax authorities and other authorities. In addition, the disclosure of personal data in the context of administrative/judicial action may be required for purposes of gathering evidence, prosecuting or enforcing civil claims.

2. Categories of personal data we process

We process the following data:

  • name, first name
  • Contact details (e.g. email address, address, telephone number)
  • Complete application documents (such as CV, qualification certificates, references)
  • Social security data (such as date of birth, place of birth, maiden name, SS No., health insurance, DEÜV data, marital status)
  • Settlement data (such as salary, wages, working hours, sick leave, holiday entitlement, bank details)

Furthermore we process personal data from public sources (e.g. internet, media, press, commercial and association register, registration register, debtor registers, land registers).
If it is necessary for the provision of our service, we process personal data that we have lawfully received from third parties (e.g. address publishers, credit agencies).

3. Who receives your data?

Within our company, we disclose your personal information to those departments that need this information to fulfil their contractual and legal obligations or to realise our legitimate interests.

In addition, the following organisations may receive your data:

  • Data processing companies we employ (Sec. 28 GDPR), service providers that support our activities and other data controllers within the meaning of the GDPR, especially in the following areas: IT services, external data centres, IT support/maintenance, call centres services, billing, telephony, auditing services, credit institutions, printers or data disposal businesses, courier services)
  • Public bodies and institutions, in the event of a legal or regulatory obligation, according to which we are obliged to provide information and notify or disclose data, or the transfer of data is in the public interest
  • Bodies and institutions based on our legitimate interest or the legitimate interest of the third party (e.g. to public authorities, lawyers, courts, appraisers, affiliated companies and supervisory bodies)
  • Other bodies for which you have given us your consent to transfer data

4. Transfer of your data to a third country or international organisations

We only transfer data to safe third countries for which the EU Commission has decided that an adequate level of protection exists (e.g. Switzerland) (Sec. 45 GDPR).

If the EU Commission has not taken a decision in such regard, personal data is only allowed to be transferred if appropriate safeguards are provided (standard safeguard clauses) and enforceable rights and effective remedies are available (Sec. 46 GDPR).

A data transfer to locations in countries outside the European Union (EU) or the European Economic Area EEA, so-called third countries) takes place if it should be necessary to carry out an order / contract from or with you, if it is required by law (e.g. tax reporting requirements), it is in the context of a legitimate interest of us or a third party or you have given us your consent.
The processing of your data in a third country can also take place in connection with the involvement of service providers in the context of order processing. Insofar as there is no decision by the EU Commission regarding an appropriate data protection level for the country in question, we guarantee according to the EU data protection regulations through appropriate contracts that their rights and freedoms are adequately protected and guaranteed. We will provide you with the corresponding detailed information on request.

5. How long do we store your data?

If required, we process your personal data for the duration of our employment relationship with you.

We also are subject to various storage and documentation obligations, which, amongst other things, result from the legal framework. The storage and documentation periods specified by said legal framework are six to ten years. Documentation periods can amount to up to ten years beyond the end of the employment relationship.

Ultimately, the retention period is also judged according to the statutory limitation periods, which according to Sec. 195 seq. German Civil Code (BGB) can generally be three years, but, in some cases, is up to thirty years.

6. To what extent is there automated decision-making in individual cases (including profiling)?

We do not use purely automated decision-making procedures in accordance with Article 22 GDPR. If we use these procedures in individual cases, we will inform you of this separately, provided that this is required by law.

If profiling is used, this must be described here.

7. Your data privacy rights

You have the right to information according to Sec. 15 GDPR, the right to cancellation according to Sec. 16 GDPR, the right to restriction of processing according to Sec. 18 GDPR and the right of data transferability according to Sec. 20 GDPR. In addition, there is a right of appeal to a data protection supervisory authority (Sec. 77 GDPR). Basically, according to section 21 GDPR the right to object to the processing of personal data by us. This right of objection, however, only applies in the case of very special circumstances of your personal situation, whereby rights of our house may conflict with your right of objection. If you wish to claim any of these rights, please contact our Privacy Officer (privacy@braincourt.com).

8. Scope of your obligation to provide us with your data

You only need to provide the data required to commence and implement an employment relationship with us, or that which we are legally obliged to collect. Usually, we will not be able to conclude a contract with you without this data. If we also request additional data from you, we will inform you of the voluntary nature of this information separately.

9. Your right to appeal to the competent supervisory authority

You have the right to lodge a complaint with the data protection supervisory authority (Sec. 77 GDPR). The supervisory authority responsible for us is:

For Braincourt GmbH

The State Commissioner for Data Protection and Freedom of Information
Königstrasse 10 a
70173 Stuttgart

 

For Braincourt Austria GmbH

Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Wien