Privacy policy

Privacy policy

Compliance with the current data protection laws is not only a legal obligation for our company, but also an important confidence factor which we would like to offer you as our customer. With the following data protection regulations, we would therefore like to inform you transparently about the type, scope and purpose of the personal data collected and processed by you within this Internet presence as well as your rights.

Should you have any questions, please do not hesitate to contact us at any time and we will answer them. The security of your data is the concern of all of us.

 

Responsibility for data processing and your rights

Responsible body  

candidus GmbH, located at Ismaninger Straße 65, 81675 Munich, Germany (hereinafter referred to as “We”), is the operator of the candidus.com website and is responsible pursuant to Art. 4 Para. 7 of the EU Data Protection Basic Regulation (GDPR).

If you have any questions, please feel free to contact us by e-mail at office@candidus.com at any time.

 

Your rights as a data subject 

As a person concerned, you have the following rights vis-à-vis candidus GmbH with regard to your personal data. You have:

  • A right of access to the categories of data processed, the purposes of processing, the duration of storage and the recipients of the data. (Art. 15 GDPR)
  • A right to correction or deletion of inaccurate or incomplete data. (Art. 17 GDPR)
  • A right to limit the processing, insofar as deletion is not possible or controversial. (Art. 18 GDPR)
  • A right to object to the processing if the data processing was carried out on the basis of a legitimate interest. (Art. 21 para. 1 GDPR)
  • A right to revoke a consent given with effect for the future. (Art. 7 para. 3 GDPR)
  • A right to data transferability in a common format. (Art. 20 GDPR)
  • A right to complain to a data protection supervisory authority about the processing of your personal data by us, in particular in the member state of your habitual residence, your place of work or the place of suspected infringement (Art. 77 GDPR) – you are welcome to contact us about this in advance, we take your concern very seriously.

 

Data protection measures

We secure our website and the other systems used by technical and organizational measures against loss, destruction, access, alteration or distribution by unauthorized persons. This also applies to your data.

In particular, your personal data will be transmitted in encrypted form via the Internet. We use the TLS (Transport Layer Security) coding system for this purpose. However, the transmission of information via the Internet is never completely secure, which is why we cannot guarantee 100% security of the data transmitted from our website.

 

Data processing

Transfer of data to third countries outside the EU  

All information that we receive from you or about you is generally processed on servers within the European Union. Your data will only be transferred to or processed in third countries without your express consent if this is provided for by law and an appropriate level of data protection is ensured in the third country.

 

Transfer of data, order data processing  

In principle, we do not pass on your personal data to third parties. However, there are two exceptions to this:

  1. You have consented to the data transfer or
  2. we are not liable for any damages due to legal regulations or official or court orders

is entitled or obliged to pass on data. In particular, this may involve providing information for the purposes of criminal prosecution, averting danger or enforcing intellectual property rights.

We may also transfer your data to external service providers (processors) in order to simplify our own data processing. In this case, this data processor will be contractually obliged in accordance with Art. 28 GDPR, i.e. in particular that the data processor must offer sufficient guarantees that it will carry out suitable technical and organisational measures in such a way that the processing is carried out in accordance with the requirements of the GDPR and the protection of your rights as a data subject is guaranteed.

Despite the commissioning of contract processors, we will continue to be the responsible body for the processing of your personal data within the meaning of the Data Protection Act.

 

Types, purpose and retention period of your data

Server log files  

Each time you access our website, the following general information is automatically transmitted from your browser to our server (so-called server log files): IP address, product and version information about the browser and operating system used, the website from which you accessed our website (so-called referrer), date and time of the request and, if applicable, your Internet service provider. In addition, the status and the amount of data transferred are recorded as part of this request.

The IP address of your computer will only be stored for the duration of your use of the website and will then be deleted immediately or made partially unrecognisable by shortening it. The remaining data is stored for a limited period of time (maximum 7 days).

The legal basis for the use of the server log files is Art. 6 Para. 1 S. 1 Letter f) GDPR (Legitimate Interest in Data Processing). The legitimate interest arises from the necessity for the operation of our website, in particular to detect and eliminate errors in the website, to determine the utilization of the website and to make adjustments or improvements and to ensure the security of the system.

 

Contact us  

Our website offers the possibility to contact us directly in several places. By sending the contact form or an email to us, you agree to the processing and storage of your entered data (especially your email address).   

We will only process the data you provide to us until the respective purpose of your contact has been achieved, but no later than 7 days after the purpose has been achieved. You can object to this processing at any time with effect for the future. Please use our contact data in the imprint for this purpose.

The legal basis for the use of the data transmitted to us by you by contacting us is Art. 6 Para. 1 S. 1 Letter a) GDPR (consent of the person concerned). You can revoke your consent at any time with effect for the future.

 

Third-party services

We use third-party services, such as plugins or APIs (Application Programming Interface), on our Web site to enhance the functionality of our Web site. This may involve transferring data to the provider of these services.

 

In detail we use the following services:  

Google Services 

Our website uses services of Google LLC (“Google”), 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

Google meets the requirements of the “EU Privacy Shield”. The Privacy Shield Agreement regulates the protection of personal data transferred from a member state of the European Union to the USA. It ensures that the data transferred there is also subject to a data protection level comparable to that of the European Union.

The list of certified companies can be found here: https://www.privacyshield.gov/list. You can find more information about the handling of user data in Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/.

 

Google Fonts 

Our website uses the external font service “Google Fonts” from Google. This service enables us to present our website in a uniform and appealing way, even if the user terminals are configured very differently, by loading fonts from an external server instead of from the user’s terminal.

For this purpose, the required fonts are usually requested from a Google server in the USA. This request sends the following information to the Google server and stores it there:

The Internet pages you have visited and the IP address of your terminal device.

The legal basis for the processing of your data in relation to the “Google Fonts” service is Art. 6 Para. 1 S. 1 Letter f) GDPR (Legitimate Interest in Data Processing). The legitimate interest results from our need for an appealing and uniform presentation of our online offer.

 

Google Maps 

Our website uses the external map service “Google Maps” from Google. Google Maps is used to provide an interactive map on our website that shows you how to reach us and where our location is located. This service enables us to present our website attractively by downloading map material from an external server. The data required is usually requested from a Google server in the USA.

As a result of this request, the following information is usually transferred to a Google server in the USA and stored there for several months:

The Internet pages you have visited and the IP address of your terminal device.

The legal basis for the processing of your data in relation to the “Google Maps” service is Art. 6 Para. 1 S. 1 Letter f) GDPR (Legitimate Interest in Data Processing). The justified interest results from our need for an appealing presentation of our online offer and the easy findability of the places indicated on our homepage.

 

Google reCAPTCHA 

Our website uses the abuse protection “Google reCAPTCHA” from Google. reCAPTCHA is used to prevent cyber attacks and harassment by so-called “bots” (artificial website users) by using an input field to check whether a real person is visiting the website. This service enables us to operate our website in a stable manner and to protect it from misuse.

For this purpose, the data entered is usually transferred to a Google server in the USA and processed there for verification. As a result of this request, the following information is usually transmitted and stored there for several months: The one of our Internet pages that you have visited, your input in the input field and the IP address of your terminal device.
The legal basis for the processing of your data in relation to the service “Google reCAPTCHA” is Art. 6 Para. 1 S. 1 Letter f) GDPR (Legitimate Interest in Data Processing). The legitimate interest arises from our need for effective protection of our online services against cyber attacks and misuse.

 

YouTube 

Our website uses videos from YouTube in various places. The videos are displayed by the “YouTube” service from Google. This service enables us to present our website in an appealing way by displaying videos from YouTube on our website and playing them back at the push of a button. When videos are played, the following information is usually transmitted to a Google server in the USA and stored there for several months: The one of our Internet pages that you have visited and the IP address of your terminal device. YouTube uses this data, among other things, to collect statistics and to improve the service. The playback of a video may also lead to a connection to Google’s own advertising network “DoubleClick”. We have therefore embedded our videos in advanced privacy mode to ensure that they do not connect to the servers until they are played. The legal basis for the processing of your data in relation to the service “YouTube” is Art. 6 Para. 1 S. 1 Letter f) GDPR (Legitimate Interest in Data Processing). The legitimate interest results from our need for an appealing presentation of our online offer. Further information about data protection at YouTube can be found in their privacy policy at: https://www.youtube.com/t/privacy_at_youtube

 

DoubleClick 

Our website uses Google’s “DoubeClick” service, in particular when playing videos from the YouTube service. DoubleClick uses a cookie which does not contain any personal data. However, the DoubleClick cookie contains a pseudonymous identification number that enables Google and its partner sites to evaluate which advertisements have so far been displayed or accessed.

This evaluation makes it possible to present advertisements that are relevant to you. You can prevent the evaluation of the DoubleClick cookie by clicking on the following opt-out link: https://adssettings.google.com/authenticated

If you have any questions regarding data protection, please feel free to contact us at any time.

 

Status of the data protection declaration: 24.05.2018