Privacy Policy Information pursuant to Art. 13 and Art. 14 GDPR

The protection of your data and transparency regarding its processing are of utmost importance to us. Therefore, we hereby fulfill our obligation to provide information on the circumstances of processing in accordance with Art. 13 and Art. 14 of the General Data Protection Regulation (GDPR).

The processing of your personal data gives rise to the following rights for you:

Right of access (see Art. 15 GDPR)
Right to rectification (see Art. 16 GDPR)
Right to erasure (see Art. 17 GDPR)
Right to restriction of processing (see Art. 18 GDPR)
Right to object (see Art. 21 GDPR)
Right to data portability (see Art. 20 GDPR)

Right of Withdrawal

If the processing is based on Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, you have the right to withdraw your consent at any time. Data processed up to the time of withdrawal remains unaffected by the withdrawal.

The Controller responsible for data processing is:

NISTLER CONSULTING Birgit Nistler
Altenstein 5
D-94234 Viechtach
Germany
Phone: +49 9942 801757
Email: office [at] nistler-consulting [dot] de

Contact details of the Data Protection Officer:

Birgit Nistler, NISTLER CONSULTING, Altenstein 5, D-94234 Viechtach
Email: datenschutz [at] nistler-consulting [dot] de

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is unlawful.

Bayerisches Landesamt für Datenschutzaufsichts (BayLDA)
Promenade 18
91522 Ansbach
Germany
Phone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
Email: poststelle [at] lda [dot] bayern [dot] de

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).

A transfer of data to third countries (states outside the European Economic Area – EEA) only takes place to the extent necessary for the execution of the service contract, if you have given us your consent, or if it is otherwise legally permissible. In this case, we take measures to ensure the protection of your data, for example through contractual regulations. We exclusively transfer data to recipients who ensure the protection of your data in accordance with the provisions of the GDPR for transfers to third countries (Art. 44 to 49 GDPR).

1 Communication

In order to contact you, we may send you an email containing further information to process your inquiry, your order, or within the framework of our general business relationship. For this purpose, your email address, the content of the email, and the communication history will be recorded.

The processing of the data is based on the performance of a contract pursuant to Art. 6 (1) (b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures (customer relationship, contracts with business partners, authorities, employees).

Data will only be passed on if this has been coordinated with you or is necessary for the current business transaction.

Your data will be stored on our systems within the framework of the statutory retention obligations.

2 Contact and Address Management

To manage all contact information of business partners and customers, we store your personal data in our central database, in which name, contact person (if applicable), address, telephone number, mobile number, and email address are stored, as well as complete application documents (such as CV, certificates, references).

The collection of data is based on a legitimate interest pursuant to Art. 6 (1) (f) GDPR in order to manage contact information of employees and business partners in an organized manner.

Only our employees have access to this system.

Your contact details will be stored in our system for the duration of the business relationship and beyond within the scope of statutory provisions.

Where necessary, we process your personal data for the duration of the application process in a specific project. As a rule, your data will be deleted six months after final project completion, provided that deletion does not conflict with any other legitimate interests. Other legitimate interest in this sense includes, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

As an applicant or candidate, you may grant us your consent—until revoked—to retain your data in our central database for consideration in other projects. You can withdraw this consent at any time, after which your data will be deleted automatically.

3 Project Handling / Application Process

Your application will be stored centrally in our system. Your last name, first name, contact details, and application documents (e.g., CV, certificates, references, etc.) will be processed.

After the pre-selection process has been completed, your data will be forwarded to our clients within the scope of the application process with your consent.

The processing is based on a pre-contractual measure regarding the employment contract pursuant to Art. 6 (1) (b) GDPR.

The storage of the data is based on voluntary consent pursuant to Art. 6 (1) (a) GDPR. Consent can be withdrawn at any time without any specific form. Processing that has already taken place remains unaffected by the withdrawal.

4 IT Security

An external IT service provider has been commissioned to protect our network against unauthorized access and attacks, as well as to administer our IT systems.

Our IT service provider is FastRocket GmbH, Unterer Sand 9, 94209 Regen, Germany.

For maintenance and support purposes, it may happen that this provider has access to your personal data. We have therefore concluded an order processing agreement (Data Processing Agreement / DPA) with the service provider.

The data processing is based on a legitimate interest pursuant to Art. 6 (1) (f) GDPR. The controller has a legitimate interest in protecting its IT system and securing it against unauthorized access.

5 Who Receives Your Data?

We store your personal data in our central database because we require this data to fulfill contractual and legal obligations or to implement our legitimate interest.

In addition, the following entities may receive your data:

Processors employed by us (Art. 28 GDPR), particularly in the area of IT services
Public bodies and institutions in the event of a statutory or official obligation according to which we are obliged to provide information, report, or pass on data, or if the disclosure of data is in the public interest
Bodies and institutions based on our legitimate interest or the legitimate interest of the third party (e.g., authorities, lawyers, courts, experts)
Subject to your respective prior consent, interested clients and other recipients authorized in this context (e.g., within corporate structures, their (external) advisors or subcontractors) in compliance with confidentiality and secrecy obligations

6 Automated Individual Decision-Making (Including Profiling)

We do not use purely automated decision-making procedures pursuant to Art. 22 GDPR.

7 Disposal of Paper Files / Data Media

The destruction of paper documents and data media that are no longer required and contain personal data is carried out. This ensures compliance with deletion periods following the retention period.

All data from the customer relationship may be contained on the documents and paper media.

The processing of data is based on a legal requirement pursuant to Art. 6 (1) (c) GDPR; the processing is necessary for compliance with a legal obligation to which the controller is subject.

The data is destroyed internally; alternatively, it is passed on to a certified disposal company commissioned by the controller with the destruction and disposal.

8 Data Protection Management

You can contact the internal Data Protection Officer at any time by email at datenschutz [at] nistler-consulting [dot] de.

In doing so, your name, reason for the inquiry, facts of the matter, as well as any data of the data subject stored in the system will be collected and stored.

The information will only be passed on with your consent.

Your personal data will be stored for as long as required for the purpose. Statutory retention obligations remain unaffected by this.