Data Protection Information pursuant to Art. 13 and Art. 14 GDPR

The protection of your data and transparency regarding its processing is very important to us.
We therefore fulfill our obligation to provide information about the circumstances of the processing
in accordance with Art. 13 and Art. 14 of the General Data Protection Regulation (GDPR).

The processing of your personal data gives you the following rights:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to object (Art. 21 GDPR)
• Right to data portability (Art. 20 GDPR)

Right of Withdrawal

If the processing is based on Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR,
you have the right to withdraw your consent at any time.
Data processed up to that point remains unaffected by the withdrawal.

Controller Responsible for Data Processing

You have the right to lodge a complaint with a supervisory authority if you believe
that the processing of your personal data is unlawful.

Supervisory Authority

The responsible body is the natural or legal person who, alone or jointly with others,
decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Data will only be transferred to third countries (countries outside the European Economic Area – EEA)
if this is necessary for the execution of the service contract, if you have given us your consent,
or if this is otherwise permitted by law.
In this case, we will take measures to ensure the protection of your data,
for example through contractual provisions.
We only transfer data to recipients who ensure the protection of your data in accordance with
the provisions of the GDPR for transfers to third countries (Articles 44 to 49 GDPR).

1. Communication

In order to contact you, we may send you an email with further information regarding the processing
of your inquiry, your order, or within the scope of our general business relationship.
For this purpose, your email address, the email content, and the history of communication will be recorded.

The processing of the data is based on the fulfillment of the contract in accordance with
Art. 6 (1) lit. b GDPR.

2. Contact and Address Management

To manage all contact information for business partners and customers,
we store personal data in our central database.
This includes name, contact person (if applicable), address, telephone number,
mobile number, and email address, as well as application documents
(resume, certificates, references).

Data collection is based on a legitimate interest pursuant to Art. 6 (1) lit. f GDPR
in order to manage contact information in an organized manner.
Only our employees have access to this system.

Your contact details will be stored for the duration of the business relationship
and beyond in accordance with legal provisions.

Application data is generally deleted six months after completion of the project
unless legitimate interests prevent deletion.
Such interests may include the burden of proof in proceedings under the
General Equal Treatment Act (AGG).

Applicants may consent to storing their data for future projects.
Consent can be revoked at any time, which will result in automatic deletion of the data.

3. Project Management / Application Process

Applications are stored centrally in our system.
Surname, first name, contact details, and application documents are processed.
After pre-selection, data may be forwarded to customers as part of the
application process with your consent.

Processing is based on a pre-contractual measure pursuant to
Art. 6 (1) lit. b GDPR.

Storage is based on voluntary consent pursuant to Art. 6 (1) lit. a GDPR.
Consent can be revoked informally at any time.
Processing already carried out remains unaffected by the revocation.

4. IT Security

An external IT service provider has been commissioned to protect our network
against unauthorized access and attacks and to administer our IT systems.

FastRocket GmbH
Unterer Sand 9
94209 Regen

For maintenance and support purposes, this provider may have access to personal data.
A data processing agreement has therefore been concluded.

Processing is based on legitimate interest pursuant to Art. 6 (1) lit. f GDPR
to protect the IT system against unauthorized access.

5. Who Receives Your Data?

Personal data is stored in our central database to fulfill contractual,
legal and legitimate interests.

The following recipients may also receive your data:

• Processors employed by us (Art. 28 GDPR), especially IT service providers
• Public bodies and institutions where a legal obligation exists
• Authorities, lawyers, courts or experts based on legitimate interest
• Clients or recipients authorized by you after your consent

6. Automated Decision-Making

We do not use purely automated decision-making processes in accordance with Art. 22 GDPR.

7. Disposal of Paper Files and Data Carriers

Paper documents and data carriers containing personal data that are no longer required
are destroyed in compliance with statutory retention periods.

Data destruction is carried out internally or by a certified disposal company
commissioned by the controller.

8. Data Protection Management

You may contact the internal data protection officer at any time via email:
datenschutz [at] nistler-consulting [dot] de

Your name, reason for the request, facts of the case, and any stored data
relating to the data subject may be collected and stored.

Processing is based on contract fulfillment pursuant to Art. 6 (1) lit. b GDPR.
Information will only be shared with your consent.

Your personal data will only be stored for as long as necessary for the purpose.
Statutory retention obligations remain unaffected.