General Data Protection Regulation
We hereby inform you how we collect personal data when you use our website. Personal data is all data which refer to you personally such as your name, address or email addresses.
2. Name and contact data of the person/ body responsible for the processing (“controller”) and the data protection officer of the company
optimal media GmbH
17207 Röbel / Müritz
Email address: firstname.lastname@example.org
Telephone: +49 (0)39931 56 500
Fax: +49 (0) 39931 56 796
The internal data protection officer of optimal media GmbH, Mr. Andreas Schur, is available under email@example.com.
3. Collection and storage of personal data and nature and purpose of its processing
a) When you visit our website:
When you access our website, the browser which is used on your terminal automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is thereby collected without your help or cooperation and stored until its automated deletion:
- Pages visited
- Date and time of access
- Volume of the data sent, in bytes
- Source/ link from which you were redirected to the page
- Browser used
- Operating system used
- IP address used
- The collected data only serves to prepare visitor statistics about the use of our website and to improve our website.
- The legal basis for the data processing is Art. 6 subs. 1 sentence 1 f) GDPR. Our legitimate interest follows from the purposes of data processing listed above.
b) When you contact us by email
When you contact us by email, we will store the data you have disclosed to us (your email address, possibly your name and telephone number) for the purpose of processing your request and/or answering your questions.
The processing of data in the context of contacting us is based on your voluntary consent you have given according to Art. 6 subs. 1 sentence 1 a) GDPR.
We will delete the data collected in this context as soon as the storage is no longer necessary, for instance because your request has been settled, or we will restrict the processing in the case that there are statutory retention periods to be observed.
c) In the case of online applications
If you file an online application with us, we will process the personal data you have disclosed and transmitted to us (application data) including but not limited to your
- Surname, first name
- Telephone number
- Email address
- Application documents (application letter, curriculum vitae, certificates/references etc.)
for no purposes other than filling vacancies in our company. We do not use your application data for any other purposes.
This personal data is, as a rule, deleted automatically three months after termination of the application procedure if your application for the vacancy to be filled is unsuccessful. Only if deletion of this data is prevented by statutory provisions or storage of the data is necessary for the establishment, exercise or defence of legal claims or when you have explicitly consented to an extended storage of your data, the data will not be deleted after expiry of three months.
If we cannot offer you a vacancy to be filled for the time being but, based on your profile, we think that your application might be interesting for possible future vacancies in our company, we will store your personal application data in our applicants’ pool for a maximum period of twelve months (either digitally or as hardcopy). We will inform you to that effect by separate letter and ask you for your consent. If we cannot use your application data within this twelve months’ storage period, we will also inform you accordingly. At that time, we will completely delete your application documents.
The legal basis for this data processing is Art. 6 subs. 1 sentence 1 a) and f) GDPR.
4. Disclosure/ transfer of data
We do not disclose or transfer your personal data to third parties for any purposes other than those listed below.
We only disclose or transfer your personal data to third parties when:
- you have given your explicit consent according to Art. 6 subs. 1 sentence 1 a) GDPR,
- the transfer is necessary for the establishment, exercise or defence of legal claims according to Art. 6 subs. 1 sentence 1 f) GDPR and there is no reason to assume that such interests are overridden by your interest in the non-disclosure of your data,
- we have to comply with a legal obligation to disclose or transfer the data according to Art. 6 subs. 1 sentence 1 c) GDPR, and
- this is permitted by law and necessary for the performance of contractual relationships with you according to Art. 6 subs. 1 sentence 1 b) GDPR.
As a rule, we only disclose and transfer your personal data which you have disclosed to us in the context of your online application to the internal bodies and departments of our company that are responsible for the specific application procedure in question.
The cookie stores information which is generated in the context of the specific terminal used from time to time. However, this does not mean that we can immediately identify you.
6. Google Analytics
This website uses the “Google Analytics“ service of Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). This service uses “cookies“. These cookies are stored on your computer such that Google is able to analyse how you use our website. The information generated by the cookies about how you use this website and your IP address are usually transferred to a server of Google Inc. in the USA and stored there.
However, if the IP anonymisation is activated on this website, Google will shorten your IP address within EU Member States or in any other country party to the Agreement on the European Economic Area prior to the transfer. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. Google, acting upon the instruction of the operator of this website, will use the information to analyse how you use the website, to compile reports on the website activities and render to the website operator additional services that are related to the website use.
This website uses Google Analytics with the supplementary feature “anonymizeIp()“. This makes sure that only shortened IP addresses are processed further which prevents IP addresses from being allocated to specific persons.
As to the exceptional cases where personal data is transferred to the USA, Google has agreed to respect and comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
You can set your browser to refuse the storage of cookies on your terminal. However, in this case, you may be unable to use all functions and features of this website without restrictions if your browser does not permit cookies. You may also prevent the collection and transfer to Google of the data generated by the cookie regarding your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
We use this tracking measure to ensure customized design and continuous optimisation of our website. Moreover, we use this tracking measure to prepare statistics regarding the use of our website and analyse the use of our website to optimise the services we offer to you. These interests are legitimate in terms of the afore-mentioned provision.
We implement this measure on the basis of Art. 6 subs. 1 sentence 1 f) GDPR.
7. Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).
reCAPTCHA is used to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis will be forwarded to Google.
The reCAPTCHA analyses take place completely in the background. Website visitors are not advised that such an analysis is taking place.
Data processing is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in protecting its site from abusive automated crawling and spam.
8. Social media plug-ins
Based on Art. 6 subs. 1 sentence 1 f) GDPR, we currently use on our website social media plug-ins of the social networks Facebook und Google+ to enable you via these plug-ins to interact with the social networks and other users and thus improve the publicity of our company.
The plug-in provider stores the data collected from you as a user profile and uses it for the purposes of advertising, market research and/or customized design of the provider’s website. You may oppose the preparation of these user profiles; if you want to exercise your right to oppose, you have to address your opposition to the relevant plug-in provider.
The data is transferred regardless of whether or not you have an account with the plug-in provider or are logged in there. When you are logged in to the plug-in provider, the data we have collected from you is directly allocated to your account with the plug-in provider. When you click the activating button and, for instance, click the “LIKE” or “SHARE” button, the plug-in provider will store this information in your user account, too, and will also publicly communicate this information to your contacts. We therefore recommend that you always log out after you have used a social network and especially before you activate the button because thereby you can prevent the allocation of the information to your profile with the plug-in provider.
Further information on the purpose and scope of data collection and data processing by the plug-in provider is available in the privacy policies of these providers at the addresses listed below. They also contain further information on your rights and the possible settings to protect your privacy.
Facebook and Google have agreed to respect and comply with the EU-US Privacy Shield, https://www.privacy-shield.gov/EU-US-Framework.
The addresses of the relevant plug-in providers and the links to their privacy policies are listed below.
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA;
http://facebook.com/policy.php; further information on data collection is available at:
b) Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA;
9. Your rights
a) Information/ access, rectification, erasure, restriction of processing, data portability, withdrawal of consent, complaint
You have the right:
- to request information under Art. 15 GDPR about your personal data which is processed by us. In particular, you may request information on the purposes of the processing, the categories of personal data processed, the categories of recipients to whom your data was or is disclosed, the intended duration of storage, your right to demand rectification, erasure, restriction of processing and your right to object to the processing, your right to lodge a complaint, the origin of the data in case it was not collected by us as well as information on the existence of automated decision-making processes including profiling and, where applicable, sound information regarding the pertinent details;
- to request from us without undue delay (“unverzüglich”) rectification of inaccurate data or completion of your personal data which we have stored, according to Art. 16 GDPR;
- to request from us according Art. 17 GDPR the erasure of your personal data we have stored unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
- to request the restriction of processing of your personal data according to Art. 18 GDPR where the accuracy of the personal data is contested by you, the processing is unlawful but you oppose the erasure of the personal data and we no longer need the personal data but you require the data for the establishment, exercise or defence of legal claims or you have objected to the processing according to Art. 21 GDPR;
- to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format and to request transmission of your data to another controller, according to Art. 20 GDPR;
- to withdraw at any time the consent you have granted to us according to Art. 7 subs. 3 GDPR by appropriate notice to be given to us. In this case, we are no longer allowed to continue the data processing which was based on this consent in the future and
- to lodge a complaint with a supervisory authority according to Art. 77 GDPR. As a rule, you can address the complaint to the supervisory authority at the place of your habitual residence or your place of work or the place of our establishment.
b) Right to object
When your personal data is processed based on legitimate interests under Art. 6 subs. 1 sentence 1 f) GDPR, you have the right to object to the processing of your personal data according to Art. 21 GDPR if this is done on grounds relating to your particular situation or if you object to the processing of your data for direct marketing purposes. In the latter case, you have the right to generally object to the processing which we will respect with no need to state a particular situation.
If you want to exercise your right to object, it is sufficient to send an email to:
10. Data security
When you visit our website, we use the common SSL procedure (Secure Socket Layer) in combination with the highest possible encryption level that is supported by your browser. This usually is a 256-bit encryption. If your browser does not support the 256-bit encryption, we will use the 128-bit v3 technology instead. You can see by the closed key or lock icon in the lower status bar of your browser whether an individual page of our Internet presentation is encrypted during transfer.
Your online application will be encrypted during transfer according to the state of the art.
In all other respects, we use appropriate technical and organisational security measures to protect your data against accidental or wilful manipulation, total or partial loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in conformity with the technological progress.