We use cookies to personalize content and to analyze our traffic. Please decide if you are willing to accept cookies from our website.

Privacy policy

Privacy Policy and instructions for consent to the processing of personal data at Sucurema GmbH

This data protection declaration describes how Sucurema GmbH handles your personal data and ensures the implementation of data protection. It is supplemented by explanatory notes.

1 Introduction

The protection of the personal data processed in our company, in particular the protection of its confidentiality, integrity and availability, is our duty and is regularly monitored by the Board of Management, the Data Protection Officer and other persons of Sucurema GmbH. The Board of Management of Sucurema GmbH is aware of the high importance of data protection and its personal responsibility. With the introduction, implementation and continuous improvement of the data protection management system, we want to underline the high importance that the processing of personal data has for us.

2 Privacy Management

In order to be able to process your data securely with us, we have integrated data protection aspects deeply into our company. Therefore, in addition to this data protection declaration, you will also find explanations about our data protection concept and our technical and organizational measures. All data protection-relevant documents can be accessed at any time on our website www.sucurema.com.

3 Principles

The fulfillment of the legal requirements represents the minimum of our data protection efforts. Measures necessary to fulfill legal obligations must be implemented with priority. All measures must be based on whether a proportionate use of funds can achieve their goal. The aim is always to adequately control the risks associated with processing, but if possible, without unduly restricting the company's own interests. The following principles apply to the processing of personal data: We only process personal data if and as long as there is a clear permission or obligation! The specifically pursued purpose of processing and the legal basis claimed for this are documented in the list of processing activities. Processing of data that is not dealt with here is not permitted! We avoid the processing of personal data as much as possible! Data will only be used to the extent necessary to achieve a legitimate purpose. Data that is not relevant to achieve a specific purpose will not be processed. If a purpose can also be adequately achieved with anonymous or pseudonymous data, this must be used. The processing of general or generalized information also applies to the processing of detailed information. The duration of processing must also be limited to the required extent. Data must be deleted as early as possible, taking into account any retention requirements. We always take the interests of all concerned into account! Any processing that takes place, only takes into account the interests and expectations of those affected. Personal data is only used insofar as this is unavoidable to achieve a legitimate purpose and is reasonable for the person concerned. We ensure the processing that we carry out is understandable for the data subject and respect the rights of the data subjects, in particular the right to information. We restrict access to personal data! We treat all personal data as strictly confidential! Data is only made accessible to people or processes insofar as and as long as this is necessary in individual cases. This restriction applies both to data collections as a whole and to the detailed information contained therein. We pay attention to the correctness of the personal data that we process! If we learn that such data are incorrect, we will correct them immediately. We ensure security in data processing! The state of the art technical and organizational measures ensures adequate protection against data protection violations. We take into account the respective risk associated with processing. We can prove our data protection efforts! We assess and measure the success of our data protection measures to the necessary extent and correct any undesirable developments

4 Responsibilities and tasks

In principle, all employees are called upon to actively support the company's data protection efforts and to ensure the correct implementation of requirements in their area of responsibility. They are trained accordingly and constantly educated in this area. Employees are properly guided. All employees are also personally responsible in this respect.

5 Processing of your personal data

5.1 Groups of people

We process personal data from different groups of people (e.g. employees, candidates, experts, cooperation/business partners, suppliers). Individuals can also belong to more than one group of people.

5.2 Data Sources

We process personal data that we receive from applicants, our customers and interested parties in the course of our business relationship. Furthermore, if this is necessary for the provision of our services, we process personal data that we legitimately obtain from publicly available sources or which are legitimately transmitted to us by other companies within Sucurema GmbH or by other third parties (e.g. an information agency). Certain data may also be processed automatically if, for example, you read us emails or newsletters or visit our website.

5.3 Categories of personal data processed

We process the following categories of personal data: master data (e.g. name, address), order data, data to fulfill our contractual obligations, advertising and sales data (e.g. potentially interesting projects for you) as well as other data comparable to the categories mentioned.

5.4 Purpose of processing

The purpose of the processing is always based on the group of people to which you belong. Employees: We process your data for the purpose of fulfilling our obligations as an employer from the employment relationship between you and us. Applicants / Candidates / Experts / etc.: We process your data in order to find the right job for you or the project that suits you. You control what data we can use from you for this purpose and what data you provide to us. The more we know your skills, experiences and interests, the more tailor-made employment opportunities or projects we can find for you. Cooperation partners / business partners / contact persons / suppliers / etc.: We only process the data that we need to ensure a smooth flow of the contractual relationship between you and us. Furthermore, data of third parties may be processed insofar as they may be processed lawfully, such as vendor information. Further information and data we receive from you may also be processed.

5.5 Legal basis for processing

The legal basis for the processing of your data depends on the respective group of people. In principle, we only process personal data if:

  • voluntary consent (Article 4(11), Article 5 I lit b), Article 6 I 1 lit a), Article 7 GDPR).
  • contractual or pre-contractual relationships (Art. Art. 7 lit b) EU-DSRL, Section 28 I 1 No. 1 BDSG).
  • we are legally obliged to process (Art. 6 I lit c) GDPR.
  • where a balance is made between processing or non-processing, a legitimate interest in processing predominates (Art. 6 I 1 lit. f) GDPR.

Processing could also, in theory, take place if the processing were in the public interest or if it were the exercise of official authority (Article 6 I 1 lit e) GDPR).

5.6 Place of processing

We process your data on servers and computer systems within the European Union or within the European Economic Area. In individual cases, your personal data may also be processed in third countries, for example when using certain software. Before introducing such processing, we always check the maintenance of an adequate level of protection by our external data protection officer and adhere to the recommendations of the Federal Office for Security in Information Technology.

5.7 Technical and organisational measures

We have taken a variety of technical and organisational measures to ensure the security, confidentiality, integrity and availability of your data in our company as part of our data protection concept, which is aligned with the internationally recognized standards of DIN ISO/IEC 27001.

6 Transmission of your data

6.1 Transfer of employee data

We only transmit data of our employees to the tax office or our payroll within the scope of our obligations under the existing employment relationship, for example to the health insurance company. In the case of temporary workers or employees employed by third parties, further personal data, such as profiles or working hours, will be transmitted between us and third parties for the purpose of positioning and for the purpose of obligations arising from the existing employment relationship.

6.2 Transmission of applicants/ candidate/ expert data

In order to find the right project or employment for you, we may not forward your profile anonymously to potential clients or potential employers for decision-making. These third parties are exclusively customers, business partners or cooperation partners of ours, i.e. partners with whom we are in contact.

6.3 Transmission of cooperation partner / business partner / contact / supplier data

In fulfilment of our contractual obligations, personal data of cooperation partners / business partners / contact persons / suppliers may also be transmitted to third parties, insofar as this is necessary for the fulfilment of the contract.

6.4 Transmission to authorities

We are obliged to provide personal data to authorities in certain cases regulated by law. This presupposes a written request by the requesting authority for information and a duty of participation, at least probably, which is likely to be in place. We also reject manifestly inadmissible requests for information against the authorities.

7 Up-to-dateness of your data

7.1 Obligation to update data

We are legally obliged to work with up-to-date data and to keep our data sets up-to-date.

7.2 Data Protection Impact Assessments

To the extent required by law, procedures are identified on the basis of predefined risk criteria and levels before they are put into operation and compared with the protective measures. The data protection assessments thus made are incorporated into the implementation of the measures and are documented accordingly.

8 Processing Duration

In principle, we only process your data for as long as we are legally obliged to do so or if you have consented to the processing.

9 Automated decision-making procedures

We do not use automated decision-making procedures.

10 Up-to-dateness of data protection regulations and changes

We keep our data protection at the highest possible level. Due to legal or technical developments, we may need to adapt or change our procedures. In these cases of amendment, which are always subject to objective justification, your consent shall continue to apply. Unless you expressly object to the change. We will always notify you of any changes by posting them, for example on our websites. If the changes are significant, we will ask you to consent to the amended privacy policy on the channel you have chosen. This will usually be done via e-mail. In the event of a lack of or revoked consent, we are entitled to terminate the contracts with you without notice.

11 Handling Cookies and Analysis Tools

11.1 Cookies

When you visit our website www.sucurema.com information is automatically sent to the server of our website by the browser used on your device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:

  • IP address of the requesting computer,
  • date and time of access,
  • the name and URL of the retrieved file,
  • Website from which access is made (referrer URL),
  • browser and, if applicable, the operating system of your computer as well as the name of your access provider.

The above data will be processed by us for the following purposes:

  • Ensuring a smooth connection of the website,
  • Ensuring comfortable use of our website,
  • evaluation of system security and stability as well as
  • for other administrative purposes.

The legal basis for data processing is a reference of Art. 6 Abs. 1 S. 1 lit. f GDPR. Our legitimate interest follows for the purposes of data collection listed above. In no case will we use the data collected for the purpose of drawing conclusions about you.

12 Your rights as a data alike

As a data controller, you have the following rights towards us as a processing agency:

  • Right to rectification and, if applicable, to supplement your personal data processed by us
  • Right to transparent information about the handling of your personal data processed by us
  • Right to information about your personal data processed by us
  • Right to erasure and the right to "be forgotten"
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Right to revoke consent already given with effect for the future
  • Right to complain to the competent data protection supervisory authorit

13 Right of objection

Information about your right to object under Article 21 general data protection regulation (GDPR)

13.1 Case-related right of objection

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you on the basis of Article 6 (1) (e) GDPR (data processing in the public interest) and Article 6 (1) (f GDPR) (data processing based on a balance of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR. If you object, we will no longer process your personal data unless we can prove compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

13.2 Right to object to the processing of data for direct marketing purposes

In individual cases, we process your personal data in order to conduct direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling in so far as it is related to such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes. You can exercise your rights simply by sending an e-mail to datenschutz@sucurema.de or by fax to +49 6131 25006 29. We have a statutory deadline of four weeks for the processing of your request, which can be extended by a further four weeks in exceptional cases. We will endeavour to fully address your request within the first four weeks of receipt of your request. Please note that due to statutory storage periods, we may still be obliged to store certain personal data from you even after a request for deletion or "forgetting". The supervisory authority responsible for us for data protection is: State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate You can reach the supervisory authority by post: P.O. Box 30 40 D-55020 Mainz By phone +49 (0) 6131 208-2449

14 Data Protection Officer

You can contact our Data Protection Officer via datenschutz@sucurema.de

15 Validity

This Privacy Policy will continue to apply for an indefinite period of time from the date of publication. By announcing a successor data protection declaration, the validity of this data protection declaration will be revoked.