Privacy Policy
1. Responsible body
VPA Prüf- und Zertifizierungs GmbH
Papenberger Str. 49
42859 Remscheid
Germany
Phone.: +49(2191) 5921-0
Fax.: +49(2191) 5921-100
2. Privacy policy
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. The external data protection officer is Rennings Umsetzungsberatung Neuss.
The use of our website is generally possible without providing personal data. Insofar as personal data (e.g. name, address or e-mail addresses) is collected on our website, this is always done on a voluntary basis as far as possible. This data will not be passed on to third parties without your express consent.
We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.
3. Collection and processing of personal data on the website
You can use our online services without disclosing your identity. If we request personal data (such as name, address or e-mail address) on the website, e.g. in the context of contact forms or during registration, this is done on a voluntary basis. We use this information for our own business purposes (such as sending the requested materials/information).
Contact form
For questions of any kind, we offer you the opportunity to contact us via a form provided on the website. The data marked as mandatory is required in order to be able to assign and answer the request. Further information can be provided voluntarily. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent.
The personal data collected by us for the use of the contact form will be deleted after your inquiry has been dealt with and after the retention obligations under tax and commercial law have expired.
Forwarding of the data
Your data will not be passed on to third parties for commercial or non-commercial purposes without your express consent. We only pass on your personal data to third parties if this is legally permissible [e.g. on the basis of Article 6 GDPR] and/or necessary. In some cases, we use service providers for the legally required order processing of data; for example, the website is hosted by . The full responsibility for data processing remains with us. Furthermore, we sometimes use plugins from other providers on our website; you can find more details below.
We would like to point out that we may also pass on your personal data to other IT service providers within our network for the above-mentioned purposes. The data transfer takes place on the basis of a legitimate interest in order to be able to offer you a comprehensive range of our services.
Cookies
The website sometimes uses so-called cookies. If you have given your consent, these will be set. Without your consent, only technically necessary cookies are used, without which the website would not function.
Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
The aforementioned data is processed by us on the basis of our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR for the following purposes:
- Ensuring a smooth connection to the website
- Ensuring a comfortable use of our website
- to evaluate system security and stability and for other administrative purposes.
This data cannot be assigned to specific persons. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use.
The data will be deleted immediately if it is no longer required to achieve the purpose, but after six months at the latest.
4. Registration for VPA Academy offers
We offer training courses via our VPA Academy. If you would like to register for one of our e-learning offers via live web seminars or video or in-house training courses, we collect data about you via the registration form, which we need to carry out the registration for the event and to conduct it. The data processing is carried out on the legal basis of Art. 6 para. 1 lit. b) GDPR for the fulfillment of the contract and for sending the access data for the course content. In this way, we ensure that you can participate in the event. If the necessary data is not provided, registration is unfortunately not possible.
In the confirmation e-mail for your registration, you will receive further information in advance about data processing in connection with your participation in the VPA Academy event.
In some cases, external instructors carry out the training, so in this case your data will be passed on to the external instructor so that they can carry out the training. The external instructors work under their own responsibility and subsequently issue the invoice. Data may also be processed by our service providers if they work for us as processors. However, they are contractually bound to us and do not pursue their own purposes. We store the data for as long as it is necessary to carry out the event. Data required for invoicing is stored in accordance with the statutory provisions of tax and commercial law and then deleted.
5. Further information on technology and data protection in connection with our seminar offers
You can access the training courses and workshops via all common devices (PC, tablet, smartphone), operating systems (Windows, iOS, Android) and browsers and edit the quizzes. Your device only needs an audio output (speakers, headphones) to hear the sound of the videos.
If you are purchasing the workshop as a company, please enter the surname, first name and email address of the participant when ordering. The name is required for the certificate.
6. Customer data processing (private customers)
We hereby inform you about the processing of your personal data:
We process personal data relating to you in connection with the establishment, performance and execution of contracts and their initiation on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR and for the fulfillment of legal obligations (e.g. commercial and tax law) on the basis of Art. 6 para. 1 sentence 1 lit. c GDPR.
Furthermore, data is also processed for legitimate purposes in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, such as marketing, internal market research and marketing purposes, internal statistics, optimization of offers. The legitimate interests lie in particular in the optimization of processes and the cost-appropriate allocation; your interests, fundamental rights and freedoms are duly taken into account.
The data provided by you is required for the performance of the contractual relationship. Without this data, we cannot fulfill the concluded contract.
If you have given us your consent to do so, we will use your data to send you information about products, services, events and other interesting facts about our company. You can object to this sending at any time with effect for the future.
Transfer / Service provider
Some of your personal data will be passed on to external service providers (e.g. tax advisors, legal advisors). In some cases, external IT service providers may access your data (as part of commissioned data processing in accordance with Article 28 GDPR). In this case, the service providers are bound by instructions, which has been ensured by corresponding contracts. Some of these service providers are located outside the EU/EEA; these service providers ensure an appropriate level of data protection by concluding EU standard contractual clauses.
Storage and deletion of data
Your data will be stored for as long as is necessary for the respective above-mentioned purposes. The data will be deleted at the latest after termination of the contractual relationship and after expiry of the statutory retention periods under civil, commercial and tax law.
7. Customer data processing (business customers)
We hereby inform you about the processing of your personal data (personal data is all data that relates to you as a natural person): As a contractual partner of your company, we process personal data relating to you on the basis of our legitimate interest in preparing offers and fulfilling contracts on the basis of Art. 6 para. 1 lit. f GDPR. Processing for the purpose of bookkeeping and cost accounting as well as for the fulfillment of legal obligations (e.g. commercial and tax law) is based on Art. 6 para. 1 sentence 1 lit. c GDPR. The business relationship exists between us and your company. If you act as a natural person (e.g. as a sole trader or self-employed person), your data will be processed for the implementation of pre-contractual measures and fulfillment of contracts on the legal basis of Art. 6 para. 1 lit. b GDPR.
Furthermore, data is also processed for legitimate purposes in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, such as marketing, internal market research and marketing purposes, internal statistics. The legitimate interests lie in particular in the optimization of processes and cost-appropriate allocation; your interests, fundamental rights and freedoms are duly taken into account.
Only if you have given us your consent to do so or if we have informed you appropriately in the context of data collection in accordance with Section 7 of the German Act Against Unfair Competition (UWG) do we use your data for the following purposes
Forwarding
Some of your personal data will be passed on to external service providers (e.g. tax consultants, legal advisors). In some cases, external IT service providers may access your data (as part of commissioned data processing in accordance with Article 28 GDPR). In this case, the service providers are bound by instructions, which has been ensured by corresponding contracts. Some of these service providers are located outside the EU/EEA; these service providers ensure an appropriate level of data protection by concluding EU standard contractual clauses.
Storage and deletion of data
Your data will be stored for as long as is necessary for the respective above-mentioned purposes. The data will be deleted at the latest after termination of the contractual relationship and after expiry of the statutory retention periods under civil, commercial and tax law.
8. Data processing in the context of a video conferencing system (without webinars)
We hereby inform you about the processing of your personal data:
We use the MS Teams video conferencing system. This involves processing your login data, video and audio data, shared documents and, when using the chat function, textual information. We process the information provided by you for the purpose of conducting a video conference on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR or, in the case of a job interview, on the basis of Section 26 BDSG / Art. 6 para. 1 sentence 1 lit. a GDPR.
In addition, log data may be collected by the provider of the video conferencing software (MS Teams). The logs contain the following information:
- IP address, surname, first name, email address, any group membership
- Date, time and duration of access” Browser, operating system, installed plug-ins and screen resolution
No other personal data is stored in the Microsoft cloud, in particular no performance data or behavioral and/or health data.
The aforementioned data is processed by the provider on the basis of the legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR for the following purposes:
- Ensuring a smooth connection to the conference system
- Ensuring convenient use of the conference system
- Evaluating system security and stability and for other administrative purposes
Some of your personal data will be passed on to external service providers (e.g. tax advisors, legal advisors). In some cases, external IT service providers may access your data (as part of commissioned data processing in accordance with Article 28 GDPR). In this case, the service providers are bound by instructions, which has been ensured by corresponding contracts. Some of these service providers are located outside the EU/EEA; these service providers ensure an appropriate level of data protection by concluding EU standard contractual clauses.
Forwarding / service provider
The provider of the video conferencing system – Microsoft Corporation – is partly based outside the EU/EEA. An order processing agreement has been concluded with this provider, which binds the service provider to us. Data processing takes place exclusively in the EU in accordance with a contractual commitment by Microsoft. The additional conclusion of EU standard contractual clauses ensures an appropriate level of data protection if a data transfer to a third country is necessary.
Your personal data will not be passed on to other third parties outside the described framework without your express consent.
Storage and deletion of data
We do not record, save or stream any image and/or audio data during the video conference. Your data will only be stored for as long as it is required to conduct the video conference.
9. Data processing as part of the application process
We process your personal data with regard to your person in connection with the implementation of your application procedure and to check your potential work-related employability. In doing so, we process the information provided by you for the purpose of making an informed personnel decision on the basis of Section 26 BDSG and Art. 6 para. 1 sentence 1 I lit. b GDPR. In addition, assessments are stored on the basis of objective, non-discriminatory criteria; if this is permitted in individual cases, publicly accessible personal data about you will also be stored.
The data you provide is required to carry out the application process. We cannot consider your application without this data.
Forwarding / service providers
Your personal data will be passed on to other companies in our group of companies as external service providers in order to support us in the personnel selection process. In some cases, external IT service providers may have access to your data. In all cases, the service providers are bound by instructions, which is ensured by corresponding contracts. Some of these service providers are located outside the EU/EEA; these service providers ensure an appropriate level of data protection by concluding EU standard contractual clauses.
Storage and deletion of data
Your data will be stored for as long as is necessary for the above-mentioned purposes of the personnel selection process. If you object to data processing during the personnel selection process, the data will be deleted – provided there are no other statutory retention obligations to the contrary.
The data will then be deleted at the end of the application process and after the expiry of any time limits for taking legal action, unless you have given your consent to save your application for further vacancies. Unsolicited applications will be stored for a maximum of up to six months or until you withdraw your consent and then deleted.
10. Liability for own content
The contents of these pages have been created with the utmost care. However, we cannot accept any liability for the accuracy, completeness and topicality of the content. As a service provider, we are responsible for our own content on these pages in accordance with general legislation.
11. Liability for links (contents of external providers)
Cross-references (“links”) to content provided by other providers are to be distinguished from our own content. We have no influence on their content; the respective provider or operator of the pages is always responsible for the content of the linked pages.
12. GoogleMaps
On the legal basis of your consent (Art. 6 para. 1 lit. a GDPR), we offer you the use of Google Maps to facilitate your journey, to display maps and to create directions. Google Maps is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. These pages are marked accordingly. When you access a website on which Google Maps is embedded on our website and you activate it, a connection to Google’s servers is established and your IP and browser data are transmitted to Google. By using this service, you also consent to the processing of the data you enter by Google. You can find the terms of use for Google Maps at http://www.google.com/intl/de_de/help/terms_maps.html [external page].
13. Consent with Borlabs Cookie
Our website uses Borlabs Cookie consent technology to obtain your consent to the storage of certain cookies in your browser or to the use of certain technologies and to document these in compliance with data protection regulations. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter referred to as Borlabs).
When you enter our website, a Borlabs cookie is stored in your browser, in which the consent you have given or the revocation of this consent is stored. This data is not passed on to the provider of Borlabs Cookie.
The data collected will be stored until you ask us to delete it or delete the Borlabs cookie yourself or until the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Details on data processing by Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.
Borlabs cookie consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.
14. Kununu
Social media plugins from Kununu are used on our website. We use the “Kununu” button for this purpose. This is an offer from Kununu. When you visit a page on our website that contains such a plugin, your browser establishes a direct connection with Kununu’s servers. The content of the plugin is transmitted by Kununu directly to your browser, which integrates it into the website.
By integrating the plugin, Kununu receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Kununu account or are not currently logged in to Kununu. This information (including your IP address) is transmitted directly from your browser to a Kununu server in Europe and stored there.
If you are logged in to Kununu, Kununu can assign your visit to our website directly to your Kununu account. If you interact with the plugins, the corresponding information is also transmitted directly to a Kununu server and stored there. The information is also published on Kununu and displayed to your Kununu contacts.
Kununu may use this information for the purposes of advertising, market research and the needs-based design of the Kununu pages. For this purpose, Kununu creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Kununu, to inform other Kununu users about your activities on our website and to provide other services associated with the use of Kununu.
If you do not want Kununu to assign the data collected via our website to your Kununu account, you must log out of Kununu before visiting our website. The purpose and scope of the data collection and the further processing and use of the data by Kununu as well as your rights in this regard and setting options to protect your privacy can be found in the data protection information from Kununu.
15. SSL encryption
This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
16. Rights of the data subjects
We hereby inform you that pursuant to Article 15 et seq. GDPR, under the conditions defined therein, you have the right to information about the personal data concerned and to rectification or erasure or restriction of processing or a right to object to processing and the right to data portability. In accordance with Article 77 GDPR, you also have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates this regulation. If the processing is based on Article 6(1)(a) GDPR or Article 9(2)(a) GDPR (consent), you also have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
17. Changes to our privacy policy
We reserve the right to amend this privacy policy from time to time so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.
18. Questions and contact to the data protection officer
If you have any questions regarding the processing of your personal data, you can contact our data protection officer directly, who is also available with her team in the event of requests for information, applications or complaints:
External data protection officer
Rennings Umsetzungsberatung Neuss
Daniela Rennings
Am Hagelkreuz 6
41469 Neuss
Germany
Phone: +49 (0) 211-87 939 160
Email: dsb@run-neuss.de
19. Processing of (personal) data by the operator of the Personio recruiting site
General (Personio)
This recruiting site is operated by Personio SE & Co. KG, a company based in Germany that offers personnel administration and application management software (https://www.personio.de/impressum/). The data transmitted as part of your application is transferred using TLS encryption and stored in a database. The company that carries out this online application process is solely responsible for this data within the meaning of Art. 24 GDPR. Personio is merely the operator of the software and this recruiting page and, in this context, a processor in accordance with Art. 28 GDPR. The basis for processing by Personio is an order processing contract between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may also be personal data, in order to provide its services, in particular for the operation of this recruiting site. This is discussed in more detail below.
Responsible body (Personio)
The responsible body within the meaning of data protection law is
Personio SE & Co. KG
Seidlstraße 3
80335 München
Germany
Phone: +49 (89) 1250 1005
Entry in the commercial register
Register number: HRA 115934
Register court: Munich Local Court
Data protection officer: datenschutz@personio.de
Access logs (“server logs”) (Personio)
Every time this recruiting page is accessed, general log data, so-called server logs, are automatically recorded. These data are generally pseudonyms and therefore do not allow any conclusions to be drawn about a natural person. Without this data, it would not be technically possible in some cases to deliver and display the content of the software. In addition, the processing of this data is absolutely necessary for security reasons, in particular for access, input, transmission and storage control. In addition, the anonymous information can be used for statistical purposes and to optimize the offering and technology. In addition, the log files can be subsequently checked and analyzed in the event of suspected unlawful use of the software. The legal basis for this can be found in §25 para. 2 sentence 2 TDDDG. Data such as the domain name of the website, the web browser and web browser version, the operating system, the IP address and the time stamp of access to the software are generally recorded. The scope of this logging does not exceed the usual scope of any other website on the Internet. The storage period of these access logs is up to 7 days. There is no right of objection.
Error logs (Personio)
Error logs are created for the purpose of identifying and rectifying errors. This is absolutely necessary in order to be able to react as promptly as possible to possible problems in the presentation and implementation of content (legitimate interest). These data are generally pseudonyms and therefore do not allow any conclusions to be drawn about a natural person. The legal basis for this can be found in §25 para. 2 sentence 2 TDDDG. If an error message occurs, general data such as the domain name of the website, the web browser and web browser version, the operating system, the IP address and the time stamp when the corresponding error message/specification occurred are recorded. These error logs are stored for up to 7 days. There is no right of objection.
Use of cookies (Personio)
In some cases, so-called cookies are used on this recruiting page. These are small text files that are stored on the device you use to access this recruiting site. Cookies are generally used to ensure security when visiting a website (“strictly necessary”), to implement certain functionalities such as standard language settings (“functional”), to improve the user experience or performance on the website (“performance”) or to display target group-based advertising (“marketing”). On this recruiting page, only strictly necessary, functional and performance cookies are used, in particular to implement certain default settings such as the language, to identify the application channel or to analyze the performance of a job advertisement through which a user has reached this recruiting page. The use of cookies is absolutely necessary for the provision of our services and thus for the fulfillment of the contract (Art. 6 (1) b) GDPR). Storage duration: Up to 1 month or until the end of the browser session Right to object: You can use your browser settings to determine whether you want to allow cookies or object to the use of cookies. Please note that deactivating cookies may result in limited or completely disabled functionality of this recruiting site.
Rights of data subjects (Personio)
If personal data is processed by Personio SE & Co. KG processes personal data as the controller, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and purpose of the processing, in particular the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to data portability (Art. 20 GDPR) and the right to object (Art. 21 GDPR). If the processing of personal data is based on your consent, you have the right to withdraw this data protection consent in accordance with Art. 7 III GDPR. To assert your rights as a data subject with regard to the data processed for the operation of this recruiting site, please contact the data protection officer of Personio SE & Co. KG (see section B.).
Final provisions (Personio)
Personio reserves the right to amend this privacy policy at any time to ensure that it always complies with current legal requirements or to implement changes to the services in the privacy policy, e.g. when introducing new services. If you visit this recruiting page again or submit a new application, the new privacy policy will then apply.
