Privacy Policy

As of December 2020

Table of contents

  1. Name and address of the person responsible

  2. Contact details of the Data Protection Supervisor

  3. General information on data processing

  4. Rights of the data subject

  5. Use of cookies

  6. Contact

  7. Use of corporate appearances in professional networks

  8. hosting

1. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:

Apworks Ltd.

Willy-Messerschmitt-Str. 1

82024 Baptismal Churches

Germany

+4989954738766

2. Contact details of the Data Protection Officer

The data protection officer of the controller is:

DataCo Ltd.

Dachauer Straße 65

80335 Munich

Germany

+49 89 7400 45840

3. General information on data processing

3.1 Scope of processing of personal data

In principle, we only process personal data of our users insofar as this is necessary for the provision of a functional website as well as our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in cases where prior consent is not possible for actual reasons and the processing of the data by legal regulations is required.

 

3.2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing transactions of personal data, Art. 6 sec. 1 p. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.

In the case of the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 sec. 1 lit.b GDPR serves as the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures.

Insofar as processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 sec. 1 p. 1 lit.c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 sec. 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first interest, Article 6 sec. 1 p. 1 lit. f GDPR serves as the legal basis for the processing.

 

3.3. Data erasure and storage time

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is omitted. Storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion of a contract or a fulfilment of the contract.

4. Rights of the data subject

If personal data is processed by you, you are a data protection in the social security of the GDPR and you have the following rights towards the controller:

4.1. Right of access

You may request confirmation from the controller as to whether personal data concerning you is processed by him or her.

If such processing is available, you may request the following information from the controller:

  1. the purposes for which the personal data are processed;

  2. the categories of personal data that are processed;

  3. the recipients or categories of recipients to whom the personal data concerning you has been or is still being disclosed;

  4. the planned duration of the storage of the personal data concerning you or, if specific information is not possible, criteria for determining the storage period;

  5. the existence of a right to rectification or erasure of personal data concerning you, a right to restrict processing by the controller or a right to object to such processing;

  6. the existence of a right of appeal to a supervisory authority;

  7. all available information on the origin of the data if the personal data are not collected from the data subject;

  8. the existence of automated decision-making, including profiling in accordance with Article 22(1) and (4) GDPR and, at least in such cases, meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organisation. In this context, you may request that you be informed of the appropriate guarantees in accordance with Article 46 GDPR in connection with the transmission.

4.2. Right to correction

You have the right to rectification and/or completion to the controller if the personal data processed concerning you is inaccurate or incomplete. The controller must make the correction without delay.

4.3. Right to restrict processing

You may request the restriction of the processing of personal data concerning you under the following conditions:

  • if you dispute the accuracy of the personal data concerning you for a period that allows the controller to verify the accuracy of the personal data;

  • the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;

  • the controller no longer needs the personal data for the purposes of the processing, but you need it to assert, exercise or defend legal claims, or

  • if you have objected to the processing in accordance with Art. 21 sec. 1 GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.

Where the processing of personal data concerning you has been restricted, such data may be processed only with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State, except for their storage.

If the restriction of processing has been restricted according to the above conditions, you will be informed by the controller before the restriction is lifted.

4.4. Right to erasure

a) Obligation to delete

You may require the controller to immediately delete the personal data concerning you, and the controller is obliged to delete such data immediately, provided that one of the following reasons applies:

  1. The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.

  2. You revoke your consent, on which the processing was based in accordance with Art. 6 sec. 1 p. 1 lit. a or Art. 9 sec. 2 lit. a GDPR, and there is no other legal basis for the processing.

  3. You object to the processing in accordance with Art. 21 sec. 1 GDPR and there are no primary legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 sec. 2 GDPR.

  4. The personal data concerning you has been processed unlawfully.

  5. The erasure of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.

  6. The personal data concerning you have been collected in relation to the information society services offered in accordance with Article 8(1) GDPR.

b) Information to third parties

If the controller has made the personal data concerning you public and is obliged to delete them in accordance with Art. 17 sec. 1 GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested from them the deletion of all links to such personal data or from copies or replications of that personal data.

c) Exceptions

The right to erasure does not exist if the processing is necessary

  1. to exercise the right to freedom of expression and information;

  2. to fulfil a legal obligation requiring processing under the law of the Union or the Member States to which the controller is subject, or to carry out a task which is in the public interest or in the exercise of official authority delegated to the controller;

  3. for reasons of public interest in the field of public health in accordance with Article 9(2) lit. h and i and Article 9(3) GDPR;

  4. for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) GDPR, insofar as the law referred to in section (a) is likely to make the achievement of the objectives of such processing impossible or seriously impairs, or

  5. for the assertion, exercise or defence of legal claims.

4.5. Right to information

If you have asserted the right to rectification, erasure or restriction of the processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed, this rectification or deletion of the data or restriction of the processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed of these recipients in respect of the controller.

4.6. Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance by the controller to whom the personal data was provided, provided that:

  1. the processing is based on a consent pursuant to Art. 6 sec. 1 p. 1 lit. a GDPR or Art. 9 sec. 2 lit. a GDPR or on a contract pursuant to Art. 6 sec. 1 p. 1 lit.b GDPR and

  2. processing is carried out using automated procedures.

In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.

4.7. Right of objection

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which takes place pursuant to Article 6 (1) p. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

The controller no longer processes the personal data concerning you, unless he can prove compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling in so far as it is related to such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the opportunity to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

4.8. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing that has been carried out on the basis of the consent until the revocation.

4.9. Automated decision-making on a case-by-case basis, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effect against you or similarly significantly affects you. This does not apply if the decision

  1. necessary for the conclusion or performance of a contract between you and the controller,

  2. is permitted by Union or Member State legislation to which the controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or

  3. with your express consent.

However, these decisions may not be based on specific categories of personal data under Article 9(1) GDPR, unless Article 9(2) lit. a or b GDPR applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.

With regard to the in 1. and 3. the controller shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, including at least the right to the intervention of a person on the part of the controller, to express his or her point of view and to challenge the decision.

4.10. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, place of work or place of the alleged infringement, if you believe that the processing of personal data concerning you is in breach of the GDPR.

The supervisory authority to which the complaint was lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

5. Use of cookies

5.1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or the internet browser on the user's computer system. When a user accesses a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is re-accessed.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

The following data is stored and transmitted in the cookies:

  • Language

  • Log-in information

The data collected in this way of the users are pseudonymized by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data will not be stored together with other personal data of the users.

5.2. Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

We require cookies for the following applications:

  • Transfer of language settings

  • Remembering search terms

The user data collected by technically necessary cookies will not be used to create user profiles.

5.3. Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 sec. 1 p. 1 lit. f GDPR.

5.4. Duration of storage, possibility of rebutting and disposal

Cookies are stored on the user's computer and transmitted by the user to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, all functions of the website may no longer be able to be used in full.

If you use a Safari browser version 12.1 or later, cookies will be automatically deleted after seven days. This also applies to opt-out cookies, which are set to prevent tracking measures.

Please send your request to the

6. Contact form

6.1. Description and scope of data processing

A contact form is available on our website, which can be used for electronic contact. If a user takes advantage of this possibility, the data entered in the input mask will be transmitted to us and stored.

At the time the message is sent, the following data is stored:

  • Email

  • name

  • forename

  • Telephone/mobile number

  • Date and time of contact

For the processing of the data, your consent will be obtained during the sending process and reference will be made to this data protection declaration.

Alternatively, it is possible to contact us via the provided e-mail address. In this case, the personal data of the user transmitted with the email will be stored.

The data is used exclusively for the processing of the conversation.

6.2. Purpose of data processing

The processing of personal data from the input mask is used solely for the processing of contact. In the case of contact by e-mail, this also includes the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process are used to prevent misuse of the contact form and to ensure the security of our information technology systems.

6.3. Legal basis for data processing

The legal basis for the processing of the data is Art. 6 sec. 1 p. 1 lit. a GDPR in the presence of the consent of the user.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 sec. 1 lit. f GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 sec. 1 p. 1 lit.b GDPR.

6.4. Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For the personal data from the input form of the contact form and those sent by email, this is the case when the respective conversation with the user is finished. The conversation ends when it can be inferred from the circumstances that the facts in question have been finally clarified.

The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.

6.5. Possibility of opposition and disposal

The user has the possibility to revoke his/her consent to the processing of personal data at any time. If the user contacts us via email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

Please send your request to the

All personal data stored in the course of contacting us will be deleted in this case.

Use of corporate appearances on social networks

7. Use of corporate appearances in professional networks

7.1. Scope of data processing

We use the possibility of corporate appearances on professionalnetworks. We maintain a corporate presence on the following professional networks:

LinkedIn:

LinkedIn, Unlimited Company Wilton Place, Dublin 2, Ireland

On our site we provide information and offer users the possibility of communication.

The company's website is used for applications, information/PR and active sourcing.

We do not have any information on the processing of your personal data by the companies responsible for the company's presence. For more information, see the privacy policy of:

LinkedIn:

https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

If you perform an action on our company website (e.g. comments, posts, likes, etc.), you may thereby make personal data (e.g. clear name or photo of your user profile) public.

7.2. Legal basis for data processing

The legal basis for the processing of your data in connection with the use of our corporate presence is Art.6 sec.1 p.1 lit.f GDPR.

7.3. Purpose of data processing

Our corporate presence serves us to inform the users about our services. Every user is free to publish personal data through activities.

7.4. Duration of storage

We store your activities and personal data published via our corporate presence until consent has been revoked. In addition, we respect the statutory retention periods.

7.5. Possibility of opposition and disposal

You may object at any time to the processing of your personal data, which we collect in the course of your use of our corporate presence, and assert your data subject rights referred to in IV. this data protection declaration. Send us an informal email to the email address mentioned in this privacy policy.

More information on possible objections and disposals can be found here:

LinkedIn:

https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

8. Hosting

The website is hosted on servers by a service provider commissioned by us.

Our service provider is:

Wix.com Ltd., 40 Namal Tel Aviv Street, Tel Aviv 6701101, Israel

The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The information stored is:

  • Browser type and browser version

  • Operating system used

  • Referrer URL

  • Host name of the accessing machine

  • Date and time of the server request

  • IP address

Data can be transferred to servers of Wix.com  Ltd. in Israel. The European Commission has decided that Israel provides an adequate level of protection under Article 45(1) GDPR. You can find the adequacy decision here:

 

https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A32011D0061

This data is not merged with other data sources. The collection of this data is based on Art. 6 sec. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, the server log files must be recorded.

The location of the website's server is geographically located in the European Union (EU) or the European Economic Area (EEA).

This Privacy Statement was created with the support of DataGuard.