This data protection declaration describes how Sucurema GmbH handles your personal data and ensures the implementation of data protection. It is supplemented by explanatory notes.
The protection of the personal data processed in our company, in particular the protection of its confidentiality, integrity and availability, is our duty and is regularly monitored by the Board of Management, the Data Protection Officer and other persons of Sucurema GmbH. The Board of Management of Sucurema GmbH is aware of the high importance of data protection and its personal responsibility. With the introduction, implementation and continuous improvement of the data protection management system, we want to underline the high importance that the processing of personal data has for us.
In order to be able to process your data securely with us, we have integrated data protection aspects deeply into our company. Therefore, in addition to this data protection declaration, you will also find explanations about our data protection concept and our technical and organizational measures. All data protection-relevant documents can be accessed at any time on our website www.sucurema.com.
The fulfillment of the legal requirements represents the minimum of our data protection efforts. Measures necessary to fulfill legal obligations must be implemented with priority. All measures must be based on whether a proportionate use of funds can achieve their goal. The aim is always to adequately control the risks associated with processing, but if possible, without unduly restricting the company's own interests. The following principles apply to the processing of personal data: We only process personal data if and as long as there is a clear permission or obligation! The specifically pursued purpose of processing and the legal basis claimed for this are documented in the list of processing activities. Processing of data that is not dealt with here is not permitted! We avoid the processing of personal data as much as possible! Data will only be used to the extent necessary to achieve a legitimate purpose. Data that is not relevant to achieve a specific purpose will not be processed. If a purpose can also be adequately achieved with anonymous or pseudonymous data, this must be used. The processing of general or generalized information also applies to the processing of detailed information. The duration of processing must also be limited to the required extent. Data must be deleted as early as possible, taking into account any retention requirements. We always take the interests of all concerned into account! Any processing that takes place, only takes into account the interests and expectations of those affected. Personal data is only used insofar as this is unavoidable to achieve a legitimate purpose and is reasonable for the person concerned. We ensure the processing that we carry out is understandable for the data subject and respect the rights of the data subjects, in particular the right to information. We restrict access to personal data! We treat all personal data as strictly confidential! Data is only made accessible to people or processes insofar as and as long as this is necessary in individual cases. This restriction applies both to data collections as a whole and to the detailed information contained therein. We pay attention to the correctness of the personal data that we process! If we learn that such data are incorrect, we will correct them immediately. We ensure security in data processing! The state of the art technical and organizational measures ensures adequate protection against data protection violations. We take into account the respective risk associated with processing. We can prove our data protection efforts! We assess and measure the success of our data protection measures to the necessary extent and correct any undesirable developments
In principle, all employees are called upon to actively support the company's data protection efforts and to ensure the correct implementation of requirements in their area of responsibility. They are trained accordingly and constantly educated in this area. Employees are properly guided. All employees are also personally responsible in this respect.
We process personal data from different groups of people (e.g. employees, candidates, experts, cooperation/business partners, suppliers). Individuals can also belong to more than one group of people.
We process personal data that we receive from applicants, our customers and interested parties in the course of our business relationship. Furthermore, if this is necessary for the provision of our services, we process personal data that we legitimately obtain from publicly available sources or which are legitimately transmitted to us by other companies within Sucurema GmbH or by other third parties (e.g. an information agency). Certain data may also be processed automatically if, for example, you read us emails or newsletters or visit our website.
We process the following categories of personal data: master data (e.g. name, address), order data, data to fulfill our contractual obligations, advertising and sales data (e.g. potentially interesting projects for you) as well as other data comparable to the categories mentioned.
The purpose of the processing is always based on the group of people to which you belong. Employees: We process your data for the purpose of fulfilling our obligations as an employer from the employment relationship between you and us. Applicants / Candidates / Experts / etc.: We process your data in order to find the right job for you or the project that suits you. You control what data we can use from you for this purpose and what data you provide to us. The more we know your skills, experiences and interests, the more tailor-made employment opportunities or projects we can find for you. Cooperation partners / business partners / contact persons / suppliers / etc.: We only process the data that we need to ensure a smooth flow of the contractual relationship between you and us. Furthermore, data of third parties may be processed insofar as they may be processed lawfully, such as vendor information. Further information and data we receive from you may also be processed.
The legal basis for the processing of your data depends on the respective group of people. In principle, we only process personal data if:
Processing could also, in theory, take place if the processing were in the public interest or if it were the exercise of official authority (Article 6 I 1 lit e) GDPR).
We process your data on servers and computer systems within the European Union or within the European Economic Area. In individual cases, your personal data may also be processed in third countries, for example when using certain software. Before introducing such processing, we always check the maintenance of an adequate level of protection by our external data protection officer and adhere to the recommendations of the Federal Office for Security in Information Technology.
We have taken a variety of technical and organisational measures to ensure the security, confidentiality, integrity and availability of your data in our company as part of our data protection concept, which is aligned with the internationally recognized standards of DIN ISO/IEC 27001.
We only transmit data of our employees to the tax office or our payroll within the scope of our obligations under the existing employment relationship, for example to the health insurance company. In the case of temporary workers or employees employed by third parties, further personal data, such as profiles or working hours, will be transmitted between us and third parties for the purpose of positioning and for the purpose of obligations arising from the existing employment relationship.
In order to find the right project or employment for you, we may not forward your profile anonymously to potential clients or potential employers for decision-making. These third parties are exclusively customers, business partners or cooperation partners of ours, i.e. partners with whom we are in contact.
In fulfilment of our contractual obligations, personal data of cooperation partners / business partners / contact persons / suppliers may also be transmitted to third parties, insofar as this is necessary for the fulfilment of the contract.
We are obliged to provide personal data to authorities in certain cases regulated by law. This presupposes a written request by the requesting authority for information and a duty of participation, at least probably, which is likely to be in place. We also reject manifestly inadmissible requests for information against the authorities.
We are legally obliged to work with up-to-date data and to keep our data sets up-to-date.
To the extent required by law, procedures are identified on the basis of predefined risk criteria and levels before they are put into operation and compared with the protective measures. The data protection assessments thus made are incorporated into the implementation of the measures and are documented accordingly.
In principle, we only process your data for as long as we are legally obliged to do so or if you have consented to the processing.
We do not use automated decision-making procedures.
When you visit our website www.sucurema.com information is automatically sent to the server of our website by the browser used on your device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:
The above data will be processed by us for the following purposes:
The legal basis for data processing is a reference of Art. 6 Abs. 1 S. 1 lit. f GDPR. Our legitimate interest follows for the purposes of data collection listed above. In no case will we use the data collected for the purpose of drawing conclusions about you.
As a data controller, you have the following rights towards us as a processing agency:
Information about your right to object under Article 21 general data protection regulation (GDPR)
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you on the basis of Article 6 (1) (e) GDPR (data processing in the public interest) and Article 6 (1) (f GDPR) (data processing based on a balance of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR. If you object, we will no longer process your personal data unless we can prove compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
In individual cases, we process your personal data in order to conduct direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling in so far as it is related to such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes. You can exercise your rights simply by sending an e-mail to email@example.com or by fax to +49 6131 25006 29. We have a statutory deadline of four weeks for the processing of your request, which can be extended by a further four weeks in exceptional cases. We will endeavour to fully address your request within the first four weeks of receipt of your request. Please note that due to statutory storage periods, we may still be obliged to store certain personal data from you even after a request for deletion or "forgetting". The supervisory authority responsible for us for data protection is: State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate You can reach the supervisory authority by post: P.O. Box 30 40 D-55020 Mainz By phone +49 (0) 6131 208-2449
You can contact our Data Protection Officer via firstname.lastname@example.org
© 2021 Sucurema GmbH. All rights reserved.