Privacy Policy

1. Introduction
This privacy policy informs you about the type, scope and purpose of the processing of personal data within our online offer and the associated websites, functions and content as well as via external online presences. Your personal data is collected and processed in accordance with the applicable data protection provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

1.1 Responsible body
The controller within the meaning of the GDPR is:

Assyst GmbH
Max-Planck-Str. 3
85609 Aschheim-Dornach
Deutschland
Phone:  +49 89 90505 0
E-Mail: contact@assyst.de
Imprint: https://www.assyst.de/en/footer/impressum.html
represented by the Managing Director Hans Peter Hiemer

1.2 Data Protection Officer
If you have any questions regarding the handling of your personal data, please do not hesitate to contact us by e-mail.
Alternatively, you can also contact the responsible data protection officer: Marco Peters, Nextwork GmbH, datenschutz@nextwork.de

1.3 Changes to the privacy policy
We reserve the right to adapt this privacy policy in such a way that it always complies with the current legal requirements or in order to implement changes to our services in the data protection notice, e.g. when introducing new services. This privacy policy is for your information. You do not need to agree to this at any point on our websites.
Last Updated: 07.02.2024

1.4 Rights of the data subject
You can exercise the following rights at any time via the contact details of our data protection officer:
Article 15 GDPR, Right of access: The right to be informed about and to request information about the personal data we process about you.
Art. 16 GDPR, Right to rectification: The right to request that we amend or update your personal data if it is incorrect or incomplete.
Art. 17 GDPR, Right to erasure: The right to demand that we permanently delete your personal data, unless other legal provisions or an overriding interest on our part contradict this.
Art. 18 GDPR, Right to restriction of processing: The right to request that we temporarily or permanently cease processing your personal data.
Art. 20 GDPR, Right to data portability: The right to request a copy of your personal data in electronic format and the right to transfer such personal data to a third party for use.
Article 21 GDPR, Right to object: The right to object at any time to the processing of your personal data by us for reasons arising from your particular situation. This right of objection presupposes the existence of special circumstances relating to your personal situation, whereby our rights may conflict with your right of objection in individual cases.
Art. 7 para. 3 GDPR, Right to withdraw consent: You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Art. 77 GDPR, Right to lodge a complaint with a supervisory authority: You also have the right to lodge a complaint with a competent data protection supervisory authority. For a list of supervisory authorities (for the non-public sector) and their addresses, please visit https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html

2. Data security
In order to protect the security of your data during transmission, this website is encrypted and authenticated with TLS 1.3. We use HTTPS as standard.

3. Types and purposes of data processing

3.1. Server log files
When you access our website, information of a general nature is automatically collected - even if you do not register or otherwise transmit information. It is processed for the following purposes:

• Ensuring a smooth connection of the website
• Ensuring a smooth use of our website
• To assess system security and stability
• To optimize our website

The server log files include, for example, the IP address, the browser type used, the subpage accessed, the date and time of access. We use service providers in order processing for the provision of services, in particular for the provision, care and maintenance of IT systems. For this purpose, the agreements required by the GDPR are subject to Art. 28 GDPR.
The data is deleted as soon as it is no longer required for the purpose of processing. This is usually the case for the data used to provide the website when the respective session has ended.
The provision of personal data is not required by statutory or contractual provisions.  Without the IP address and the cookie identifier, however, the service and functionality of our website is not guaranteed. In addition, individual services and services may not be available or may only be available to a limited extent.
The processing is carried out on the basis of Art. 6 para. 1 lit. f) GDPR due to our legitimate interest in improving the stability and functionality of our website.

3.2. Contact
Our website (https://www.assyst.de/en/index.html) contains contact information that enables you to communicate with us quickly. We process your personal data for the purpose of processing your request. If you contact us by e-mail, telephone, post or contact form, the personal data transmitted by the data subject will be automatically stored or, if necessary, manually transferred to our systems.
The legal basis for processing the data that you transmit to us when you send us an email or call us is Art. 6 para. 1 lit. b) GDPR, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f) GDPR) or on your consent (Art. 6 para. 1 lit. a) GDPR), if this has been requested.

In individual cases, we may disclose personal data to third parties. In these cases, we have taken all necessary measures (e.g. data processing agreements or joint controller agreements) to protect your personal data. A general transfer does not take place.
The provision of your personal data is voluntary. However, we cannot contact you if you do not provide this data.

3.3. User login (closed customer area)
The exchange of relevant information regarding our contractual relationship with customers takes place in our customer area.  Registration or login is required to use the customer area. This is done for secure identification to prevent unauthorized access to data and to detect, track and rectify cases of misuse. The following personal data are processed for the use of the customer area: Title, first name, last name, company, e-mail address. This personal data will not be passed on to third parties. The registration data and the content in the customer portal, which are made available in relation to the performance of the agreement, are retained in accordance with the legal retention periods and stored for as long as is necessary to achieve the respective purposes.
The provision of your personal data is a mandatory part of the contractual relationship. Without the provision of this data, we cannot comply with the contractual agreements. The legal basis for the processing of the data is Art. 6 para. 1 lit. b) GDPR (contractual measure). No cookies requiring consent are set on the website of the closed customer area.

3.4 Processing of customer/prospective customer data, supplier data, data from cooperation partners

We process your personal data (last name, first name, position in the company, address, telephone number, e-mail address) if this is necessary for the conclusion, execution, and performance of an agreement and for the implementation of pre-contractual measures. Insofar as personal data is required for the initiation or execution of a contractual relationship or in the context of the implementation of pre-contractual measures, processing is lawful pursuant to Art. 6 para. 1 lit. b) GDPR.  If you give us your express consent to process personal data for certain purposes (e.g. disclosure to third parties, evaluation for marketing purposes, customer satisfaction surveys or advertising by e-mail), the lawfulness of this processing is given on the basis of your consent in accordance with Art. 6 para. 1 lit. a) GDPR. A given consent can be revoked at any time with effect for the future (see paragraph "Rights of data subject"). If necessary and permitted by statutory law, we process your data beyond the actual contractual purposes to fulfill legal obligations in accordance with Art. 6 para. 1 lit. c) GDPR. In addition, processing may take place in order to safeguard our legitimate interests and to defend and assert legal claims pursuant to Art. 6 para. 1 lit. f) GDPR. If necessary, we will inform you separately, stating the legitimate interest, insofar as this is required by statutory law. We process personal data that we receive from you in the context of establishing contact or establishing a contractual relationship or in the context of pre-contractual measures for the purpose of carrying out the entire sales and delivery process.

This data remains with us until the purpose for data storage/processing is no longer applicable. Mandatory legal provisions – in particular retention periods – remain unaffected.

3.5 Applicant management
We are pleased that you are interested in us and would like to apply for a position in our company. We would like to provide you with the following information on the processing of your personal data in connection with your application. 
We process the data you send us in connection with your application in order to check your suitability for the job (or other open positions in our companies, if applicable) and to carry out the application process. 
Processing may also be carried out electronically. This is particularly the case if you send us corresponding application documents, for example by e-mail or via our contact form. In this context, we process the following categories of personal data from you: Details in your CV, title, first name, last name, address, phone, email address, and the content of a personal message you have written. When your personal data is transmitted via the contact form, it is secured using TLS 1.3 transport encryption, provided that you meet the technical requirements. 
The legal basis for the processing of your personal data in this application process is primarily Art. 6 para. 1 lit. b) (fulfillment of our (pre-)contractual measures). Accordingly, the processing of data required in connection with the decision on the establishment of an employment relationship is permitted. Should the data be required for legal prosecution after completion of the application process, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR. In this case, our interest lies in the assertion of or defense against claims under the General Equal Treatment Act (AGG). 
Applicant data will be deleted after six months in the event of a rejection. In the event that you have agreed to a further storage of your personal data, we will transfer your data to our applicant pool. There, the data is deleted after twelve months. If you have been accepted for a position as part of the application process, the data will be transferred from the applicant data system to our personnel information system. 
Your applicant data will be reviewed by the Human Resources department after receipt of your application. Suitable applications are then made available for inspection by the internal department managers responsible for the position to be filled. Within the company, only those persons have access to your data who need it for the proper course of our application process. 
No automated decision-making or profiling takes place as part of the application process. 
The provision of personal data is not required by statutory or contractual provisions. However, you will not be included in the application process without the provision of your data. If you withdraw your consent, we will no longer be allowed to process your data and you will be removed from the application process.

3.6 Social Media
Assyst GmbH is present on social networks. We share content, offers, and present our products via social media channels. The respective operators of the social networks use cookies and similar technologies to record your usage behavior in the event of any interaction. This includes general statistics on interests and demographic characteristics (such as age, gender, region). However, the scope and purpose of the processing of your personal data is determined by the operator of the social network.  If you have given your consent to the operators of the respective networks in the form of your own user account, the legal basis for the lawful processing of your personal data is Art. 6 para. 1 lit. a) GDPR (consent). Otherwise, the legal basis is Art. 6 para. 1 lit. f) GDPR, whereby our legitimate interests lie in enabling communication with customers and interested persons as well as in the presentation and marketing of our products and software.

Further information on data protection can be found in the data protection notices of the respective social networks:

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; https://de.linkedin.com/legal/privacy-policy?[AF1] 

Google/YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; https://policies.google.com/privacy
Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA. http://instagram.com/about/legal/privacy/ help.instagram.com/155833707900388 and help.instagram.com/519522125107875

3.7. Newsletter
In order to send you our newsletter, we collect personal data that is transmitted to us via an input mask. For your registration, we need a valid e-mail address and the information for the personalized address (title, first name/last name). We use the "double opt-in" process to verify that the registration is actually being made by the owner of an e-mail address. For this purpose, we log the registration for the newsletter, the sending of a confirmation e-mail and the receipt of the requested response. On the basis of your express consent (Art. 6 para. 1 lit. a) GDPR), we will regularly send you our newsletter to the e-mail address provided by you.  You have the right to withdraw your consent to the storage of your personal data and its use for sending the newsletter at any time with effect for the future (Art. 7 para. 3 GDPR). You can unsubscribe via the link contained in each e-mail, the aforementioned data protection officer or by contacting us. The recipient of your data is Hubspot. We have an data processing contract with Hubspot. More information about Hubspot's processing of personal data can be found here: https://legal.hubspot.com/de/privacy-policy[AF4] . In this context, the data will only be processed for as long as your consent has been given. The provision of your personal data is voluntary and is based solely on your consent. Unfortunately, we cannot send you our newsletter without your consent.

4 Use of Cookies
Like many other websites, we use so-called "cookies". Cookies are small text files that are stored on your device (laptop, tablet, smartphone or similar) when you visit our website. You can delete individual cookies or the entire cookie inventory, view cookies, and renew or change your cookie consent.

4.1 Technically Necessary Cookies   
Cookies do not contain any personal information. These cookies are also used if you are surfing the Internet completely anonymously. However, you can specify in your browser settings whether and which cookies the browser should accept. However, rejecting cookies has the disadvantage that a session is realized via a technical way, which means more insecurity for you.
The processing of data using technically necessary cookies is based on the legitimate interest in providing a functional website (Art. 6 para. 1 lit. f) GDPR). 
The provision of personal data is not required by statutory or contractual provisions. However, the service and functionality of our website cannot be guaranteed without this data. In addition, some services may not be available or may be limited.

4.2 Cookies: Analytics, Personalization, Other
For all other cookies that are not technically necessary, we need your consent (Art. 6 para. 1 lit. a) GDPR). You can configure these via the Cookie Settings link.

5 Google Analytics (with anonymization)
If you have given your consent, this website uses Google Analytics, a web analytics service provided by Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Scope of processing
Google Analytics uses cookies to help the website analyze how users use the site. The information generated by the cookie about your use of the website is transmitted to and stored by Google on servers in the United States.
We use the "anonymizeIP" function (so-called IP masking): By enabling IP anonymization on this website, your IP address will be automatically shortened by Google within the member states of the European Union and other countries that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA where it will be abbreviated. Google will not merge the IP address transmitted by your browser with any other data held by Google.

During your visit to the website, the following data is recorded, among others:

The pages you visit, your "click path
Achievement of "website goals" (conversions, e.g., newsletter signups, downloads, purchases)
Your user behavior (e.g. clicks, time spent, bounce rates)
Your approximate location (region)
Your IP address (in a shortened form)
Technical information about your browser and the devices you use (e.g. language setting, screen resolution)
Your Internet provider
the referrer URL (which website/advertising medium referred you to this website)
Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.
The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For this purpose, we have entered into a data processing agreement with Google. Google LLC, based in California, USA, as well as U.S. authorities may access the data stored by Google.
The transfer of data to the USA cannot be excluded.
The data sent by us and linked to cookies are automatically deleted after 14 months. Data that has reached the end of its retention period is automatically deleted once a month.
You may also refuse the use of cookies by selecting the appropriate settings on your browser to prevent Google from collecting and processing information about your use of this website (including your IP address) by
a. refusing to consent to the setting of the cookie; or
b. downloading HERE and installing the browser add-on to disable Google Analytics.
You may also refuse the use of cookies by selecting the appropriate settings on your browser. However, if you configure your browser to reject all cookies, this may limit the functionality of this and other websites.

Legal basis and right to withdraw

The legal basis for this data processing is your consent, Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time with effect for the future by calling up the cookie settings and changing your selection there.
For more information about the terms of use for Google Analytics and Google's privacy policy, visit https://marketingplatform.google.com/about/analytics/terms/de/ and https://policies.google.com/?hl=de[AF5] .

6 Cookie Consent Manager
Our website uses the CCM19 Cookie Consent technology to obtain your consent to the storage of certain cookies in your browser and to document this in accordance with data protection regulations. This technology is provided by Papoo Software & Media GmbH - Dr. Carsten Euwens. Bornschein, Auguststr. 4, 53229 Bonn (hereinafter CCM19).
When you visit our website, a CCM19 cookie is placed in your browser, which stores your consent or withdrawal of this consent. This data will not be shared with CCM19.
The collected data will be stored until you request deletion or delete the CCM19 cookie itself or the purpose for data storage is no longer applicable. Mandatory statutory retention periods remain unaffected.
CCM19 cookie consent technology is used to obtain the statutory consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c) GDPR.

7 Routine erasure and blocking of personal data
Assyst GmbH processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations applicable to the controller of the processing of personal data. If the storage purpose no longer applies or if a statutory retention period expires, the personal data will be blocked or deleted regularly and in accordance with the statutory provisions.

8 Automated decision-making / profiling
Assyst GmbH does not use automated decision-making or profiling.