Privacy policy
2024-06-08 EN Privacy Terms vaylens GmbH
We provide the English version of our privacy policy as an information service. In case of doubt, the German language version shall always prevail.
Controller
vaylens GmbH
Geschäftsadresse:
Ezzestraße 8
44379 Dortmund
Deutschland
USt-ID: DE352928826
Geschäftsführung: Jörg Lohr (Vorsitz), Peter Hamela
Inhaltlich verantwortlich im Sinne des § 18 Abs. 2 MStV: Philipp Graf
Data Protection Officer
Dipl.-Inf. (FH) Karsten Schulz (GDDcert.EU)
M: +49 151 22631968
Website and Hosting
Purposes of processing
We log technical data in the web server logs for each access of our website in order to ensure operational security and to be able to investigate and rectify faults. The access logs of the web servers record which page views have taken place and when. They contain the following data: IP address, date, time, accessed pages, logs, status code, amount of data, referrer, user agent, accessed host name.
Legal base
Art. 6 (1f) GDPR, our legitimate interest in being able to operate the website securely and to ensure a defined external presentation.
Legitimate interest
To ensure the operational security of our website and to be able to defend ourselves against cyber attacks.
Recipients or categories of recipients
Our web services are administered within the framework of order processing in accordance with Art. 28 GDPR.
Data Transfer to Third country
No.
Storage periods
The IP addresses are stored for 6 month. Error logs, which record faulty page views, are deleted after seven days. In addition to the error messages, these contain the accessing IP address and, depending on the error, the accessed website.
For further investigations into unusual activities or attacks, the data will remain stored until the investigation has been completed and any legal claims have been clarified.
Contact and communication with you
Purposes of processing
If you contact us by email, contact form, telephone or post, we will process your data to fulfill your request and any subsequent activities that may result. These activities may include: Processing enquiries, applications, service requests as well as maintaining contact, providing advice and advertising our products and services, analyzing our processes and taking measures to improve process quality.
In doing so, we process the information you provide to us, such as names, contact details, e-mail addresses and telephone numbers and, of course, the content of your enquiry.
Legal base
The legal basis may be Art. 6 (1f) GDPR, our legitimate interest in communicating with you and processing your enquiry, or Art. 6 (1b) GDPR, to carry out necessary pre-contractual or contractual measures. Where you have given us consent, Art. 6 (1a) GDPR is the applicable legal basis.
Legitimate interest
Our legitimate interest in responding to enquiries, including those of an informal nature, as well as providing comprehensive advice on our products and services and drawing attention to identical or similar products and services.
Recipients or categories of recipients
Furthermore, we use services of service providers within the scope of order processing according to Art. 28 GDPR, for example to secure e-mail traffic and to comply with quality features as well as to process your service requests. Some of the processing may take place in the USA. In order to ensure the level of data protection at EU standard, the EU standard data protection clauses are generally agreed with the respective service providers and special technical and organisational protection measures are provided.
Data Transfer to Third country
We may transfer your personal data to third countries outside the European Economic Area (EEA) in accordance with applicable data protection laws. When transferring personal data to countries that do not provide an adequate level of data protection as determined by the European Commission, we implement Standard Contractual Clauses (SCC) to ensure appropriate safeguards are in place. For transfers to the United States, we may use service providers who are participants in the EU-U.S. Data Privacy Framework. This framework ensures that these service providers meet the necessary standards for data protection and have committed to complying with the privacy principles set forth by the framework.
Storage periods
As a general rule, a deletion process is started when the processing operation is completed. In certain cases, further processing, such as required retention periods, follow the actual processing. For example, e-mails with tax-relevant content are stored in accordance with the statutory retention periods (e.g. 6 years for commercial letters in accordance with the German Commercial Code (HGB), 10 years for tax documents in accordance with the German Fiscal Code (AO)) and then deleted.
Your application to us
Purposes of processing
When you send us an application, we process your data to the extent necessary until the application process is completed.
Legal base
Art. 6 (1b) GDPR, to process your application, which constitutes a request for the conclusion of an employment contract, as part of our application process.
Recipients or categories of recipients
We use services of service providers in the context of order processing according to Art. 28 GDPR to carry out personnel administration.
Data Transfer to Third country
No.
Storage periods
In the event of recruitment, required data from your application will be stored in the personnel file. Data that is not required will be deleted. In the event of a rejection, your data will be deleted 2 months after completion of the application process.
Social media
Purposes of processing
We also communicate with you via various social media channels. When using these platforms, the respective data protection declarations always apply as well.
In particular, these are (as of 2023-06-02):
- Youtube (privacy policy: policies.google.com/privacy)
- LinkedIn (privacy policy: www.linkedin.com/legal/privacy-policy)
- Instagram (privacy policy: help.instagram.com/519522125107875)
- Twitter (privacy policy: twitter.com/de/privacy)
- Facebook (privacy policy: www.facebook.com/policy.php)
- Xing and Kununu (privacy policy: privacy.xing.com/de/datenschutzerklaerung)
Legal base
Art. 6 (1f) GDPR and for the cases for which you have given us your consent, Art. 6 (1a) GDPR.
Legitimate interest
Carrying out company communications and ensuring a defined external presentation.
Recipients or categories of recipients
The social media platforms listed above, some of which also process personal data in third countries such as the USA. All of these services pass on personal data, for example to commissioned third-party providers for the provision of outsourced services, to authorities if you are legally obliged to do so or if there is suspicion of a violation of the law, and to new business owners in the event of a company acquisition or insolvency.
Storage periods
In accordance with the privacy statements of the social media platforms.
Newsletter
Purposes of processing
We use a newsletter service for communication and external presentation.
Legal base
Art. 6 (1a) GDPR, your consent to the newsletter with double opt-in.
Recipients or categories of recipients
We use the services of Mailchimp from The Rocket Science Group, LLC as part of an order processing according to Art. 28 GDPR to send the newsletter. Some of the processing takes place in the USA. In order to ensure the level of data protection at EU standard, the EU standard data protection clauses have been agreed with the service provider DPA.
Data Transfer to Third country
We implement Standard Contractual Clauses (SCC) with Mailchimp to ensure appropriate safeguards are in place.
Storage periods
After unsubscribing from the newsletter, your relevant personal data will be deleted.
Postal direct advertising for the acquisition of new customers
Purposes of processing
The personal data is processed for the purpose of acquiring new customers.
Legal base
Art. 6 (1f) GDPR, our legitimate interest to carry out direct advertising. The source of the personal data is Deutsche Post Direkt GmbH, Junkersring 57 in 53844 Troisdorf, Germany.
Legitimate interest
Direct marketing
Recipients or categories of recipients
None
Data Transfer to Third country
No
Storage periods
The personal data will be deleted immediately after the purpose has been fulfilled or after the postal mailing has been sent.
Credit assessment
Purposes of processing
Checking the creditworthiness of customers
Legal base
Art. 6 (1f) GDPR
Legitimate interest
The legitimate interest to protect against payment defaults.
Recipients or categories of recipients
Service providers for creditworthiness information, for example Creditsafe Berlin, Deutsche Factoring Bank Bremen.
Storage periods
The information is stored for the duration of the business relationship.
Cookies
Purposes of processing
We use the Cookiebot service to use cookies in a legally compliant way. The service gives you the opportunity to object to the setting of certain cookies and to consent to the setting of other cookies. Your preferences are stored in your browser in the form of required cookies.
We use cookies to personalize content and ads, provide social media features and analyze traffic to our website. We also share information about your use of our website with our social media, advertising and analytics partners. Our partners may combine this information with other data that you have provided to them or that they have collected in the course of your use of the Services.
Legal base
The legal bases for setting cookies are Art. 6 (1f) GDPR for necessary cookies and Art. 6 (1a) GDPR for marketing and analytics functions.
Legitimate interest
Please see the information in the consent dialog.
Recipients or categories of recipients
Please see the information in the consent dialog.
Data Transfer to Third country
Please see the information in the consent dialog.
Storage periods
Please see the information in the consent dialog.