privacy policy

Social media channels and job portals

As at July 21, 2023

The following privacy policy applies to the

social media channels and job portals of Provectus Technologies GmbH.

1. General conditions of processing

1.1 CONTROLLER

The parties jointly responsible for the operation of the social media channels are the respective social media provider and:

Provectus Technologies GmbH

Leopoldstr. 250b
80807 Munich, Deutschland
datenschutz@provectus.de

+49 (89) 7104092 0
Managing directors: Christian Jupe, Josef Lang

 

As the data protection officer, we have appointed:

activeMind AG Management- und Technologieberatung
Potsdamer Str. 3
80802 Munich
E-Mail: datenschutz@provectus.de

 

2. Social media channels

2.1 FACEBOOK

We operate a company profile on Facebook. The service provider is US company Meta Platforms Inc. For Europe, the company Meta Platforms Ireland Limited (4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland) is the controller. We also inform you that as the operator of a Facebook fan page we are the joint controller along with Facebook for the processing of the personal data of visitors to the page (Article 26 GDPR).

As a user, you use the Facebook corporate page and its functions at your own responsibility. This applies in particular to the interactive functions (e.g., comments, sharing, likes). Facebook processes personal data relating to your account, your IP address, and also the end devices you use. Cookies are also used for data collection. These are small data records which are installed on your end devices. Facebook describes in its privacy policy what data it receives and how it is processed.

In it, you will also find further information on the legal bases for the data processing and how you can assert your data subject rights with respect to Facebook in accordance with Chapter V GDPR.

Facebook does not conclusively and clearly specify how it uses the data that arises in connection with visits to Facebook pages for its own purposes, the extent to which activities on the Facebook corporate page are attributed to individual users, how long Facebook stores that data, and whether data arising from a visit to the Facebook page is passed on to third parties, and we therefore have no knowledge of that information.

When you access a Facebook page, the IP address allocated to your end device is transmitted to Facebook. According to Facebook’s information, that IP address is anonymized and erased after 90 days. Facebook also stores information concerning the end devices of its users (e.g., in connection with the “login alert” function); Facebook may therefore be able to ascribe IP addresses to individual users.

If you as a user are currently logged into Facebook, a cookie is installed on your end device with your Facebook ID. It enables Facebook to detect that you have visited this page and how you used it. This also applies to all other Facebook pages. Via Facebook buttons integrated into websites, Facebook can record your visits to those websites and ascribe them to your Facebook profile. Based on that data, content or advertising can be tailored to your interests and offered to you.

If you would like to prevent this, you should log out of Facebook/deactivate the “stay logged in” function, erase the cookies on your device, and close and restart your browser. In this way, Facebook information that allows you to be directly identified is deleted. You can thus use our Facebook corporate page without your Facebook ID being disclosed. If you access interactive functions of the page, a Facebook login screen appears. If you log in, you can once again be identified by Facebook as a specific user. Alternatively, you can use a browser other than the one you usually use to visit our Facebook corporate page.

If you have a user account, you can also independently adjust your advertising settings. For that purpose, click on the following link and log in: https://www.facebook.com/settings?tab=ads.

 

2.2 INSTAGRAM

Instagram is an online service for sharing photographs and videos that belongs to the Meta group, formerly known as Facebook. For the offered information service, we make use of the technical platform and services of Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. We also inform you that as the operator of an Instagram fan page we are the joint controller along with Instagram for the processing of the personal data of visitors to the page (Article 26 GDPR).

You use the Instagram corporate page and its functions at your own responsibility. This applies in particular to the use of the interactive functions (e.g., comments, sharing, likes).

When you visit our Instagram corporate page, Instagram records, among other things, your IP address and further information available on your PC in the form of cookies. That information is used to provide us, as the operator of the Instagram corporate page, with statistical information on the use of the Instagram page. Instagram describes in a general manner in its privacy policy what information it receives and how it is used.

Instagram does not conclusively and clearly specify how it uses the data that arises in connection with visits to Instagram pages for its own purposes, the extent to which activities on the Instagram corporate page are attributed to individual users, how long Instagram stores that data, and whether data arising from a visit to the Instagram page is passed on to third parties, and we therefore have no knowledge of that information.

When you access an Instagram corporate page, the IP address allocated to your end device is transmitted to Instagram. According to Instagram’s information, that IP address is anonymized and after 90 days erased. Instagram also stores information concerning the end devices of its users (e.g., in connection with the “login alert” function); Instagram may therefore be able to ascribe IP addresses to individual users.

If you as a user are currently logged into Instagram, a cookie is installed on your end device with your Instagram ID. It enables Instagram to detect that you have visited this page and how you used it. This also applies to all other Instagram pages. Via Instagram buttons integrated into websites, Instagram can record your visits to those websites and ascribe them to your Instagram profile. Based on that data, content or advertising can be tailored to your interests and offered to you.

If your would like to prevent this, you should log out of Instagram/deactivate the “stay logged in” function, erase the cookies on your device, and close and restart your browser. In this way, Instagram information that allows you to be directly identified is deleted. You can thus use our Instagram corporate page without your Instagram ID being disclosed. If you access interactive functions of the page (like, comments, messages, etc.), an Instagram login screen appears. If you log in, you can once again be identified by Instagram as a specific user.

 

2.3 LINKEDIN

We maintain a company profile on LinkedIn. That platform is operated by LinkedIn Unlimited Company, Wilton Place, Dublin 2, Ireland. We maintain that LinkedIn corporate page in order to inform users, interested parties, and customers about our company on it. Via our LinkedIn profile, we provide information and offer users a possibility of communicating with us.

When you visit our LinkedIn corporate profile, follow this page, or interact with it, LinkedIn processes personal data. As a result, LinkedIn provides us, in anonymized form, with insights and statistics, through which we are informed about the types of actions that visitors perform on our page (so-called page insights). We are not able to draw any inferences regarding individual members from the information from the page insights. On the one hand, LinkedIn processes data that you have recorded in your profile based on your own published information. In addition, LinkedIn processes, in particular, data on how you interact with our LinkedIn corporate page, for example, whether you are a follower of our LinkedIn corporate page.

We also inform you that as the operator of a LinkedIn company profile we are the joint controller along with LinkedIn for the processing of the personal data of the visitor to the page (Article 26 GDPR). For that purpose, we have concluded an appropriate contract with LinkedIn on joint responsibility, which regulates the distribution of the obligations under data protection laws between us and LinkedIn. You can access that contract here. Pursuant to that contract, LinkedIn is primarily responsible for answering inquiries submitted by data subjects. In order to assert your data subject rights, you can contact LinkedIn online or via the contact details in its privacy policy. You can also contact LinkedIn’s data protection officer.

You may also contact us in this connection for the purpose of exercising your data subject rights. For that purpose, it is sufficient that you contact us via the contact form or by email with regard to the matter in question. In such a case, we will pass your inquiry on to LinkedIn.

You can find further information on the processing of your data by LinkedIn in its privacy policy.

 

2.3.1 LinkedIn-Insights

In addition, LinkedIn processes data on how you interact with our LinkedIn corporate page, for example, whether you are a follower of our page.

That data is processed in anonymized form, particularly in the form of statistics. As a result, we are informed about the behavior of persons who are interested in our page (so-called page insights). With the page insights, LinkedIn only provides us with summarized page insights. That means it is not possible for us to draw inferences regarding individual persons through that information.

We have concluded an agreement on the processing with LinkedIn Ireland Unlimited Company as joint controllers, which regulates the distribution of the obligations under data protection laws between Provectus Technologies GmbH and LinkedIn. You can access that agreement here: https://legal.linkedin.com/pages-joint-controller-addendum

 

2.3 XING

We maintain a company profile on XING. That platform is operated by New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. We maintain that XING corporate page in order to inform users, interested parties, and customers about our company on it. Via our XING profile, we provide information and offer users a possibility of communicating with us.

In order to fulfill our obligations under data protection laws, we have concluded appropriate contracts with XING. In order to assert your data subject rights, you can contact XING online or via the contact details in its privacy policy.

When you visit our XING corporate profile, connect to this page, or interact with it, XING processes personal data. As a result, XING provides us, in anonymized form, with insights and statistics, through which we are informed about the types of actions that visitors perform on our page. We are not able to draw any inferences from that information regarding individual members.

On the one hand, XING processes data that you have recorded in your profile based on your own published information. In addition, XING processes, in particular, data on how you interact with our XING corporate page.

You can find further information on the processing of your data by XING in its privacy policy.

You can also restrict the processing of your data in the privacy settings of your profile. You can find information on the privacy settings here: XING privacy settings.

 

2.4 KUNUNU

We maintain a company profile on Kununu. That platform is operated by Kununu as a service of New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. We maintain that Kununu corporate page in order to inform users, interested parties, and customers about our company on it. We provide information via our Kununu profile.

When you visit our Kununu corporate profile or interact with this page, Kununu processes personal data. We have no influence on the type and scope of the data processed by Kununu.

On the one hand, Kununu processes data that you have recorded in your profile based on your own published information. In addition, Kununu processes, in particular, data on how you interact with our Kununu corporate page, for example, whether you are a follower of our Kununu corporate page.

We inform you that you use the Kununu channel offered here and its functions at your own responsibility. This applies in particular to the use of the interactive functions.

In this context, Kununu processes your voluntarily entered data and evaluates any content shared or viewed by you.

You can find information on what data is processed by Kununu and for what purposes in Kununu’s privacy policy.

 

2.5 TWITTER

We use the platform Twitter, which is distributed in the EU by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland. We operate our Twitter page in order to inform you about news in our company and our area of business and to interact with you.

If you visit our company’s Twitter profile, Twitter collects usage data. In this context, Twitter uses particular data that it has collected from users of the Twitter platform in order to create aggregated usage statistics and provide them to the respective operators of the Twitter profile (so-called “Twitter Analytics”). The information that we receive through Twitter Analytics does not enable us to draw any inferences regarding individual users. We ourselves have no access to personal data that Twitter processes for Twitter Analytics. Twitter alone determines what data is processed for Twitter Analytics and how. Twitter provides information on this subject in its privacy policy.

You can contact Twitter via the Twitter data protection form in order to request information or exercise your rights.

3. Transmission of personal data to third countries

3.1 FACEBOOK AND INSTAGRAM

The data concerning you which is collected in this context is processed by Meta Platforms Inc. and transferred to countries outside the EU.

You can find Facebook’s and Instagram’s data processing conditions, which correspond to the standard contractual clauses, at

https://www.facebook.com/legal/terms/dataprocessing and
https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect

 

3.2 LINKEDIN

Please note that according to LinkedIn’s privacy policy, personal data is also processed by LinkedIn in the USA or other third countries. According to its own information, LinkedIn transfers personal data in this context only to countries for which the European Commission has issued an adequacy decision in accordance with Article 45 GDPR or on the basis of appropriate guarantees in accordance with Article 46 GDPR.

LinkedIn has published further information in this respect at:

https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=de

 

3.3 TWITTER

When you access our Twitter page, Twitter can obtain access to your data. We cannot rule out the possibility that when you access our corporate presences a transmission to third countries will occur, for example, to servers located in the USA, where Twitter’s parent company is based.

In order to fulfill our obligations under data protection laws, we have concluded appropriate contracts with the provider.

 

3.4 LEGAL BASIS

Our legitimate interest (in the meaning of Article 6(1)(f) GDPR) in the operation of our corporate pages on the social media channels specified herein and the use of the insights consists of conducting effective marketing via popular platforms. We process personal data in this context in order to raise awareness of our company and to protect our legitimate interests in an up-to-date possibility of providing information to users and interacting with them.

If you use our corporate pages in order to contact us (e.g., through the creation of your own posts, by reacting to our posts, or through private messages to us), we will use the data that you provide us with exclusively for the purpose of contacting you. We erase stored data as soon as its storage is no longer necessary or you request that we erase it. In the event of statutory retention requirements, we restrict the processing of the stored data accordingly.

If you have granted your consent to the respective providers in the course of logging in to/registering for/accessing the page, the processing is based on that consent in accordance with Article 6(1)(a) GDPR.

4. Job portals

4.1 LINKEDIN

4.1.1 Type and purpose of the processing

On LinkedIn, you can transmit your application to Provectus online. We process the data provided by you exclusively for the purpose of evaluating your professional suitability and making contact with you. That platform is operated by LinkedIn Unlimited Company, Wilton Place, Dublin 2, Ireland. Provectus is the joint controller with that company. You can find further information on the processing of your data by LinkedIn in its privacy policy.

4.1.2 Legal basis

In the course of logging in to/registering for/accessing LinkedIn, you granted your consent in accordance with Article 6(1)(a) GDPR.

The processing by Provectus occurs for the purpose of establishing an employment relationship in the course of the implementation of pre-contractual measures in response to an inquiry and on the basis of the legitimate interest, Article 6(1)(b) and (f) GDPR.

 

4.1.3 Recipients

Within the company, the bodies that need your data for the purpose of fulfilling contractual and statutory obligations and obligations under supervisory laws are given access to it. We make use of service providers, which act as our contract processors. All service providers are contractually obliged to handle your data confidentially.

 

4.1.4 Transfer to third countries

Please note that according to LinkedIn’s privacy policy, personal data is also processed by LinkedIn in the USA or other third countries. According to its own information, LinkedIn transfers personal data in this context only to countries for which the European Commission has issued an adequacy decision in accordance with Article 45 GDPR or on the basis of appropriate guarantees in accordance with Article 46 GDPR. You can find further information in this respect in LinkedIn’s privacy policy.

A transfer to third countries does not occur in the course of the further processing of your documents and data by Provectus.

 

4.1.5 Storage period

If your application is rejected, erasure will be carried out six months after the announcement of the decision.

If an employment relationship is established, the application documents will be filed for at least the period of employment.

 

4.1.6 Objection

Please see the information below on your right to object under Article 21 GDPR.

 

4.1.7 Provision required or necessary

The provision of personal data is neither legally nor contractually required. However, it will not be possible to process the application unless you provide it

 

4.2 INDEED

4.2.1 Type and purpose of the processing

On Indeed, you can transmit your application to Provectus online. We process the data provided by you exclusively for the purpose of evaluating your professional suitability and making contact with you. That platform is operated by Indeed Ireland Operations Limited, 124 St. Stephen’s Green, Dublin 2, Ireland, with which Provectus is the joint controller. You can find further information on the processing of your data by LinkedIn in Indeed’s privacy policy.

4.2.2 Legal basis

In the course of logging in to/registering for/accessing LinkedIn, you granted your consent in accordance with Article 6(1)(a) GDPR.

The processing by Provectus occurs for the purpose of establishing an employment relationship in the course of the implementation of pre-contractual measures in response to an inquiry and on the basis of the legitimate interest, Article 6(1)(b) and (f) GDPR.

 

4.2.3 Recipients

Within the company, the bodies that need your data for the purpose of fulfilling contractual and statutory obligations and obligations under supervisory laws are given access to it. We make use of service providers, which act as our contract processors. All service providers are contractually obliged to handle your data confidentially.

 

4.2.4 Transfer to third countries

The data will be processed exclusively in the EU/EEA.

 

4.2.5 Storage period

If your application is rejected, erasure will be carried out six months after the announcement of the decision.

If an employment relationship is established, the application documents will be filed for at least the period of employment.

 

4.2.6 Objection

Please see the information below on your right to object under Article 21 GDPR.

 

4.2.7 Provision required or necessary

The provision of personal data is neither legally nor contractually required. However, it will not be possible to process the application unless you provide it.

5. What data protection rights do you have?

Every data subject has the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR, and the right to data portability under Article 20 GDPR.

In addition, there is the right to lodge a complaint with the competent data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 of the German Data Protection Act (Bundesdatenschutzgesetz – BDSG). You can find a list of supervisory authorities (for the non-public sector) with their address at: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

As a rule, you may exercise your data subject rights both with respect to us and with respect to the operator of the respective social media channel.

Please note that we have no influence on the data processing by the individual social networks. The corporate policy of the respective provider has a decisive impact on our possibilities. In the event that you assert data subject rights, we can only forward those inquiries to the operator of the social network.

You can find more detailed information on how you can exercise your data subject rights under Chapter V GDPR with respect to the social media channels we use in the linked data use policies/privacy policies in the section of the respective providers.

6. Data security

We only handle personal data insofar as this can be done in compliance with data protection laws. In this context, we also shall make every effort to implement all necessary technical and organizational security measures in order to adequately protect your personal data at all times against unauthorized access and misuse.

Insofar as we store or process personal data, this is done within a high-security computer center. To protect the security of your data during transfer, we use encryption processes (e.g., TSL) via HTTPS. Our servers are secured with a firewall and virus protection. Backup and recovery procedures and role and authorization concepts are a matter of course for us.

When handling data, our employees are obliged to comply with the provisions of the GDPR and BDSG.

7. Amendments to our privacy policy

We reserve the right to modify this privacy policy so that it is always in line with current legal requirements or in order to implement amendments to the privacy policy, for example, upon the introduction of new social media channels. When you visit our site again, the new privacy policy will then apply.

8. Information on your right to object under Article 21 GDPR

8.1 INDIVIDUAL RIGHT TO OBJECT

You have the right, for reasons that arise from your particular situation, to at any time lodge an objection to the processing of personal data concerning you that occurs on the basis of Article 6(1)(f) GDPR (data processing on the basis of weighing of interests). This also applies to any profiling in the meaning of Article 4 No. 4 GDPR based on that provision.

If you lodge an objection, we will then no longer process your personnel data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or the processing serves the purpose of the establishment, exercise, or defense of legal claims.

8.2 RECIPIENTS OF THE OBJECTION

An objection can be lodged informally with the subject “Objection,” stating your name, address, and date of birth, and should be addressed to:

Provectus Technologies GmbH
Leopoldstr. 250b
80807 Munich
E-Mail: datenschutz@provectus.de
Telefon: +49 (0) 89 710 409 20