Privacy statement - Trigonum - Managementsysteme für Informationssicherheit und Datenschutz auf Basis Mircosoft 365

Privacy policy of our website

Trigonum GmbH (“Trigonum”) takes the protection of personal data very seriously. The protection of your privacy when using our website is important to us. Therefore, we strictly adhere to the rules of the data protection laws of the Federal Republic of Germany (BDSG-new) and the European General Data Protection Regulation (GDPR).

Responsible entity

The controller responsible for the processing of your personal data is:

Trigonum GmbH, Notkestraße 9, 22607 Hamburg
Telefon: +49 (0)40 31 99 16 18-0
Telefax: +49 (0)40 31 99 16 18-99
Email: info(at)trigonum.de

You can contact our data privacy officer at the above postal address, with the addition “To the data privacy officer” or at the e-mail address: datenschutz(at)trigonum.de. Our data protection officer will also be happy to listen to your questions, suggestions or criticism regarding data protection.

Data processing for the provision of contractual services

You can send us enquiries about orders for contractual services via our website (contact form) and the contact details provided there. If personal data is transmitted to us by you for this purpose or in any other way for enquiries about orders, we process your data to answer your enquiries, to execute the order/contract and for invoicing. We require your name, your address data and your e-mail address for this purpose. Without this data, we cannot fulfil the contract with you. We may ask for further data, such as your telephone number, so that we can communicate with you regarding the service you have ordered. Depending on the order/contract, we may also require additional data; we will inform you of this on a case-by-case basis.

In the case of suppliers/service providers, we process the personal data provided by you for our own ordering and retrieval of services and to pay for your services. For this purpose, we require the (company) name, address data and account data. Depending on the service/contract, we may also require additional data, which we will then clarify on a case-by-case basis.

The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

Further information on the processing of business partner data can be found here.

Data processing for communication with you

In addition to the contract data, we process your communication data (names of contact persons, address, telephone number, e-mail address, fax) in order to be able to contact and communicate with you. Personal data that you provide to us by e-mail, via the contact form or by telephone will only be processed for correspondence with you or only for the purpose for which you have provided us with the data.

The legal basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

Data processing in the exercise of data subject rights

We also process your communication data (name, address, telephone number, e-mail address) as well as all information that you voluntarily provide to us (e.g. by e-mail, telephone or via our contact form) for the purpose of exercising your rights as a data subject in accordance with Chapter 3 of the GDPR. Personal data that you provide to us in this context will only be processed for correspondence with you or only for the purpose for which you have provided us with the data.

The basis for data processing is Art. 6 para. 1 lit. c GDPR, as we are obliged to do so.

If we receive your data as part of our activities as an external data protection officer in connection with the assertion of data subject rights, we will process your personal data provided to us in this context for this purpose. It may be necessary to forward your enquiry to the respective customer or data controller to whom the exercise of your data subject rights relates so that your enquiry can be complied with.

Data processing is carried out on the basis of our contract with the customer pursuant to Art. 6 para. 1 lit. b GDPR and our legal obligation pursuant to Art. 6 para. 1 lit. c GDPR.

Data processing for job applications

You can send us applications for positions in our company using the contact details provided on our website. You can also apply to us via the “Careers” section of our applicant portal. We use the application tool from softgarden e-recruiting GmbH for this purpose. We have concluded an order processing contract with this service provider. The conclusion of the contract ensures the protection of your personal data. If you transmit personal data to us in this way or in any other way when applying, we process your data for the purpose of reviewing, processing and responding to your application and, if necessary, preparing the employment relationship.

Applicant data will be deleted after 6 months in the event of a rejection. If you have consented to further storage of your personal data, we will transfer your data to our talent pool. Your data will be deleted there after 2 years. If you are accepted, your personal data will be transferred from our applicant data system to our personnel information system.

The basis for data processing is Art. 6 para. 1 lit. b) GDPR, which permits the processing of data for the purpose of deciding on the establishment, justification and implementation of employment relationships.

Use of Microsoft Bookings

As part of job applicant management, we use the Microsoft Bookings Self-Service tool from the provider Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.

The following data is processed:
– Name
– e-mail address
– Time data (date, time)
– Content data in the context of the use of notes

A contract for order processing in accordance with Art. 28 GDPR was concluded with the provider as part of the licence agreement.

The purpose of the processing is to ensure simple and coordinated scheduling of introductory meetings. Once the introductory meeting has been held, the stored data will be deleted promptly.

The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the decision on the establishment, for the establishment and for the implementation of employment relationships.

Further information on the processing of applicant data can be found here.

Data processing for the fulfilment of legal obligations

In addition, we process your data to fulfil legal obligations (e.g. regulatory requirements, when exercising rights in accordance with Art. 12 to 22 GDPR, commercial and tax law retention and verification obligations).

The basis for data processing is Art. 6 para. 1 lit. c GDPR, which permits processing to fulfil a legal obligation.

Log files

Each time our website is accessed, usage data is transmitted by the respective Internet browser and stored in log files, the so-called server log files. The stored data records contain the following data: Date and time of access, name of the page accessed, IP address, referrer URL (origin URL from which you came to the web pages), the amount of data transferred, as well as product and version information of the browser used and the operating system of your PC. The IP addresses of the users are deleted or anonymised after the end of use. The data is not analysed in any other way, except for statistical purposes and then always in anonymised form. No personal “surfing profiles” or similar are created or processed.

The basis for data processing is Art. 6 para. 1 lit. f GDPR in conjunction with. § Section 25 (2) TDDDG, which authorises the processing of data to safeguard the legitimate interests of the controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail. We have a legitimate interest in the anonymised analysis of user behaviour in order to optimise our website and the services we offer there, as well as to ensure data security on the website.

Cookies and Consent-Management-Tool

We use cookies. Cookies are small text files that are stored by your browser when you visit a website. This identifies the browser used and can be recognised by our web server. You can delete the cookies in your browser’s security settings at any time.
We use the “pll_language” cookie. This cookie is used to determine the visitor’s preferred language and to set the language of our website accordingly. It is technically necessary for the use of our website.
The JSESSIONID cookie is set as a technically necessary session cookie on our career/applicant portal. This stores a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognised when you return to our website. This session cookie is deleted when you log out or close the browser. Optional cookies, which are based on consent, are only set after confirmation in the cookie banner.
We use a consent management tool to control cookies on our website. This enables users to give their consent to certain data processing operations or to withdraw their consent. It also helps us to provide evidence of the declaration of consent. For this purpose, we process information about the declaration of consent and further log data for this declaration. Cookies are also used to collect this data. The processing of this data is necessary in order to be able to prove that consent has been given. Information on the purposes, providers, technologies used, stored data and the storage duration of individual cookies can be found in the settings of our consent management tool. You can change and revoke a declaration of consent at any time via the respective settings.
The use of the consent management tool and the resulting cookie to manage the visitor’s cookie settings is carried out to ensure compliance with the legal obligations under Section 25 et seq. of the Act on Data Protection and Privacy in Telecommunications and Digital Services (TDDDG). The legal basis is Art. 6 para. 1 lit. c GDPR.
In addition, cookies are collected which are absolutely necessary to ensure the availability of our website and to provide the user with expressly requested telemedia services, in particular to manage the language setting. These cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR in conjunction with. § 25 para. 2 TDDDG.
We may obtain your consent for the use of other, non-essential cookies. The data processing then takes place on the basis of your consent in accordance with Art. 6 Para. 1 lit. a GDPR in conjunction with. § 25 para. 1 TDDDG. You can withdraw your consent at any time. The legality of the data processing already carried out remains unaffected by the revocation.

Cookie settings

Matomo

Some of our Internet pages may use the web analysis service Matomo to analyse the use and optimisation of the respective website. For this purpose, the information generated by a Matomo cookie about the use of this website is stored on our server. In contrast to other statistics programmes, Matomo does not transmit any data to a third-party server; the programme is installed on one of our servers located in the EU. IP addresses are anonymised before being saved. Matomo cookies remain on your end device until you delete them. The information generated by the cookie about the use of this website is not passed on to third parties. You can prevent the storage of cookies by setting your browser software accordingly by making the appropriate selection in our consent management tool.
Matomo may be used to collect data that can indicate which functions of the respective website are frequently used and where misunderstandings may occur. In addition, further data may be processed, such as country, federal state, city of the accessing IP, IP address, device type, device operating system, screen resolution, browser language, geographical location, browser type, subpages visited, usage data, number of visits, referrer URL. Statistics on user behaviour are then based on this data. Matomo itself is very transparent about which data is collected. You can read it for yourself on the official website at https://matomo.org/faq/general/faq_18254/
The processing takes place on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR i.V.m. § 25 TDDDG. You can revoke your consent at any time. You can declare your revocation by sending a message to the contact details provided or via the consent management tool used in each case. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

Categories of recipients of the personal data

Your contract and communication data will be forwarded to the responsible office and the responsible employees within our company in order to answer your enquiries, for communication or to carry out the order. The basis for this is again Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
Your personal data will only be passed on or otherwise transferred to third parties outside our company if this is necessary for the purpose of contract fulfilment or billing or if you have given your prior consent or if there is a legal basis for the transfer.
Insofar as we utilise the services of third parties (so-called processors) for the implementation and handling of processing procedures, the provisions of the GDPR are complied with. Service providers who support us in providing our services to you are
– Hosting provider
– Email service provider
– IT service provider
– IT service provider for applicant management software (SAS)
– Service provider for data destruction
We pass on personal data to the following third parties who process personal data under their own responsibility (so-called controllers, cf. Art. 4 No. 7 GDPR) within the scope of legal admissibility and necessity:
– Auditors
– public authorities
– tax consultants

Duration of data storage

In principle, we delete your data as soon as it is no longer required for the above-mentioned purposes, unless temporary storage is still necessary. For example, we store your data due to legal obligations to provide evidence and retain data, which arise from the German Commercial Code and the German Fiscal Code, among others. The storage periods are up to ten full years. We also store your data for the period in which claims can be asserted against our company (statutory limitation period of three or up to thirty years).

Data security

Your personal data is transmitted securely through encryption. We use the SSL (Secure Socket Layer) coding system for this. We also use technical and organisational measures to protect our websites and other systems against loss, destruction, access, modification or dissemination of your data by unauthorised persons. Our security measures are continuously improved in line with technical developments. However, we expressly point out that data transmission on the Internet is subject to security vulnerabilities and cannot be completely protected against access by third parties, which applies in particular and above all to unencrypted communication by e-mail.

Rights of data subjects

Every data subject has the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR and the right to data portability under Art. 20 GDPR. To exercise the aforementioned rights, you can contact the above-mentioned offices.
If you have given us your consent to data processing, you can revoke this at any time without any formal requirements. To do so, you can contact the above-mentioned office.
If we process your data to protect legitimate interests, you can object to this processing at any time for reasons arising from your particular situation. You can also contact the above-mentioned offices for this purpose.
If you exercise your rights in accordance with Art. 12 to 22 GDPR, we will process the personal data transmitted in this context for the purpose of implementing these rights and for the purposes of data protection control and otherwise restrict processing in accordance with Art. 18 GDPR. This processing is based on the legal basis of Art. 6 para. 1 lit. c GDPR.
In addition, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).