Sucurema | Privacy policy
  1. Home
  2. Privacy policy

Privacy policy

Privacy policy

Privacy policy and information on consent to the processing of personal data at Sucurema GmbH

This privacy policy describes how Sucurema GmbH handles your personal data and ensures the implementation of data protection. It is supplemented by explanatory notes.

1. introduction
The protection of personal data processed in our company, in particular the safeguarding of its confidentiality, integrity and availability, is our duty and is regularly monitored by the Management Board, the Data Protection Officer and other persons at Sucurema GmbH. The Management Board of Sucurema GmbH is aware of the great importance of data protection and its personal responsibility. With the introduction, implementation and continuous improvement of the data protection management system, we want to emphasize the high value we place on the processing of personal data.

2. data protection management
The protection of the personal data processed in our company, in particular the safeguarding of its confidentiality, integrity and availability, is our duty and is regularly monitored by the Management Board, the Data Protection Officer and other persons at Sucurema GmbH. The Management Board of Sucurema GmbH is aware of the great importance of data protection and its personal responsibility. With the introduction, implementation and continuous improvement of the data protection management system, we want to emphasize the high value we place on the processing of personal data.

3. principles
Compliance with legal requirements represents the minimum level of our data protection efforts. Measures required to fulfill legal obligations must be implemented with priority. All measures must be based on whether their objective can be achieved with a proportionate use of resources. The aim is always to adequately control the risks associated with processing, but if possible without unduly restricting the company's own interests. The following principles apply to the processing of personal data: We only process personal data if and as long as there is a clear permission or obligation to do so! The specific purpose of processing and the legal basis for this are documented in the record of processing activities. Any processing of data not covered here may not take place! We avoid the processing of personal data as far as possible! Data is only used to the extent necessary to achieve a legitimate purpose. Data that is not relevant for achieving a specific purpose is not processed. If a purpose can also be achieved appropriately with anonymous or pseudonymous data, these must be used. Accordingly, the processing of general or generalized information takes precedence over the processing of detailed information. The duration of processing must also be limited to what is necessary. Data must be deleted as soon as possible, taking into account any retention obligations. We respect the interests of all data subjects at all times! Any processing is only carried out taking into account the interests and expectations of the data subjects. Personal data is only used insofar as this is unavoidable to achieve a legitimate purpose and is reasonable for the data subject. We ensure that the processing we carry out is comprehensible to the data subject and respect the rights of the data subject, in particular the right to information. We handle access to personal data restrictively! We treat all personal data as strictly confidential! Data is only made accessible to persons or processes if and as long as this is necessary in individual cases. This restriction applies both to data collections as a whole and to the detailed information they contain. We pay attention to the accuracy of the personal data that we process! If we learn that such data is incorrect, we will correct it immediately. We ensure security in data processing! We use state-of-the-art technical and organizational measures to ensure adequate protection against data breaches. In doing so, we take into account the respective risk associated with processing. We can prove our data protection efforts! We assess and measure the success of our data protection measures to the extent necessary and correct any undesirable developments.

4. Responsibility and tasks
In principle, all employees are called upon to actively support the company's data protection efforts and to do their best to ensure the correct implementation of requirements in their area of responsibility. They are trained accordingly and continuously sensitized. Employees are instructed appropriately. All employees are also personally responsible in this respect.

5. Processing of your personal data
5.1 Groups of persons
We process the personal data of various groups of people (e.g. employees, candidates, experts, cooperation/business partners, suppliers). Individual persons may also belong to several groups of persons.

5.2 Data origin
We process personal data that we receive from applicants, our customers and interested parties in the course of our business relationship. In addition, we process personal data that we legitimately obtain from publicly accessible sources or that is legitimately transmitted to us by other companies within Sucurema GmbH or other third parties (e.g. a credit agency), should this be necessary for the provision of our services. Certain data may also be processed automatically if, for example, you read e-mails or newsletters from us or visit our website.

5.3 Categories of personal data that are processed
We process the following categories of personal data: master data (e.g. name, address), order data, data for the fulfillment of our contractual obligations, advertising and sales data (e.g. projects of potential interest to you) and other data comparable to the categories mentioned.

5.4 Purpose of the processing
The purpose of the processing always depends on the group of persons to which you belong. Employees: We process your data for the purpose of fulfilling our obligations as an employer arising from the employment relationship between you and us. Applicants / candidates / experts / etc.: We process your data in order to find you the exact job or project that suits you. You yourself control which of your data we can use for this purpose and which data you make available to us. The more precisely we know your skills, experience and interests, the more precisely we can find the right employment opportunities or projects for you. Cooperation partners / business partners / contact persons / suppliers / etc.: We only process the data that we need to ensure the smooth running of the contractual relationship that exists or is about to exist between you and us. In addition, third-party data may be processed insofar as it may be lawfully processed, such as creditor information. Other information and data that we receive from you may also be processed.

5.5 Legal basis for the processing
The legal basis for the processing of your data depends on the respective group of persons. In principle, we only process personal data if

- voluntary consent has been given (Art. 4 No. 11, Art. 5 I lit. b), Art. 6 I 1 lit. a), Art. 7 GDPR).
- contractual or pre-contractual relationships exist (Art. 7 lit b) EU GDPR, § 28 I 1 No. 1 BDSG).
- we are legally obliged to process (Art. 6 I lit. c) GDPR.
- a legitimate interest in processing prevails when weighing up processing or non-processing (Art. 6 I 1 lit. f) GDPR.

Processing could theoretically also take place if the processing would be in the public interest or in the exercise of official authority (Art. 6 I 1 lit. e) GDPR).

5.6 Place of processing
We process your data on servers and IT systems within the European Union or within the European Economic Area. In individual cases, your personal data may also be processed in third countries, for example when using certain software. Before introducing such processing, we always check that an appropriate level of protection is maintained by our external data protection officer and comply with the recommendations of the Federal Office for Information Security.

5.7 Technical and organizational measures
As part of our data protection concept based on the internationally recognized standards of DIN ISO/IEC 27001, we have taken a large number of technical and organizational measures to ensure the security, confidentiality, integrity and availability of your data in our company.

6. Transmission of your data
6.1 Transmission of employee data
We only transmit our employees' data within the scope of our obligations arising from the existing employment relationship, for example to the health insurance company, the tax office or our payroll accounting department. In the case of temporary employees or employees who are employed by third parties, further data, including personal data such as profiles or working hours, are transmitted between us and third parties for the purpose of positioning and for the purpose of the obligations arising from the existing employment relationship

6.2 Transmission of applicant / candidate / expert data
In order to find the right project or the right job for you, we may forward your profile to potential clients or potential employers in a non-anonymized form for decision-making purposes. These third parties are exclusively customers, business or cooperation partners of ours, i.e. partners with whom we are in contact.

6.3 Transmission of cooperation partner / business partner / contact person / supplier data
In fulfillment of our contractual obligations, personal data of cooperation partners / business partners / contact persons / suppliers may also be transmitted to third parties, insofar as this is necessary for the fulfillment of the contract.

6.4 Transmission to authorities
We are also obliged to transmit personal data to authorities in certain legally regulated cases. This requires a written request from the authority requesting the information and at least a probable obligation to cooperate. Obviously inadmissible requests for information will also be rejected by us vis-à-vis authorities.

7. Up-to-dateness of your data
7.1 Obligation to keep data up to date
We are legally obliged to work with up-to-date data and to keep our data records up to date.

7.2 Data protection impact assessments
Where required by law, procedures are identified on the basis of predefined risk criteria and levels before they are put into operation and compared with the protective measures. The resulting data protection assessments are incorporated into the implementation of the measures and are documented accordingly.

8. Duration of processing
We only process your data for as long as we are legally obliged to do so or for as long as you have consented to the processing.

9. Procedures for automated decision-making
We do not use any automated decision-making processes.

10. Up-to-dateness of the data protection provisions and changes
We do not use any procedures for automated decision-making.

11. Handling of cookies and analysis tools
When you visit our website www.sucurema.com, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without any action on your part and stored until it is automatically deleted:

- IP address of the requesting computer,
- Date and time of access,
- Name and URL of the accessed file,
- Website from which the access was made (referrer URL),
- browser used and, if applicable, the operating system of your computer and the name of your access provider.

The aforementioned data is processed by us for the following purposes:
- Ensuring a smooth connection to the website,
- Ensuring a comfortable use of our website,
- evaluating system security and stability and
- for other administrative purposes.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person.

12. Your rights as a data subject
As a data subject affected by the processing of your data, you have the following rights vis-à-vis us as the data controller:

- Right to rectification and, if necessary, completion of your personal data processed by us
- Right to transparent information about the handling of your personal data processed by us
- Right to information about your personal data processed by us
- Right to erasure and the right to be 'forgotten'
- Right to restriction of processing
- Right to data portability
- Right to object
- Right to revoke consent already given with effect for the future
- Right to lodge a complaint with the competent supervisory authority for data protection


13. Right to object
Information about your right to object in accordance with Article 21 of the General Data Protection Regulation (GDPR)

13.1 Right to object on a case-by-case basis
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) GDPR (data processing in the public interest) and Article 6(1)(f) GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

13.2 Right to object to the processing of data for direct marketing purposes
In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. You can exercise your rights simply by sending an e-mail to datenschutz@sucurema.de or a fax to +49 6131 25006 29. We have a statutory response period of four weeks to process your request, which may be extended by a further four weeks in exceptional cases. We will endeavor to process your request in full within the first four weeks of receiving your request. Please note that due to statutory retention periods, we may still be obliged to store certain of your personal data even after a request for deletion or “being forgotten”. The data protection supervisory authority responsible for us is: Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz You can contact the supervisory authority by post: P.O. Box 30 40 D-55020 Mainz Telephone +49 (0) 6131 208-2449

14. Data protection officer
You can reach our data protection officer via datenschutz@sucurema.de

15. Validity
This Privacy Policy shall continue to apply indefinitely from the date of its publication. The validity of this data protection declaration is canceled by the announcement of a successor data protection declaration.

Let's Keep Talking

Please fill out the form below, and we will get back to you shortly.

Email
info@sucurema.com
Phone
+49 163 88 535 88
Address
Holzhofstraße 3, 55116 Mainz