Data Protection Advice Notes
The protection of the personal data of visitors to our website operated under the domain www.handy-games.com (hereinafter referred to as “handy-games.com”) is an important concern of www.handy-games.com GmbH (hereinafter referred to as “Handy-Games” or “we”/”us”). The protection of your privacy is for us an essential basis for a trustworthy provision of information as well as a mutually open communication and cooperation. Therefore, we take the protection of your personal data very seriously.
Below we inform you about the processing of your personal data when visiting handy-games.com.
1. Responsible entity
(1) The responsible person in the sense of Art. 4 No. 7 DSGVO is:
www.handy-games.com GmbH
i_Park Klingholz 13
97232 Giebelstadt
Telefon: +49 (0) 9334 9757 – 0
Fax: +49 (0) 9334 9757 – 19
E-Mail: info@handy-games.com
(2) You also have the option of contacting our data protection officer at any time regarding data protection and data security:
Thorsten Krietsch
Datenschutzbeauftragter (TÜV)
Carstennstraße 47
12205 Berlin
E-Mail: mail@thorsten-krietsch.de
Tel.: + (0)30 47 03 32 15
Mobil: + (0)151 22 08 88 55
Fax: +49 (0)30 50 17 56 50
Internet: https://www.tedeka-consulting.com
2. Data processing, processing purposes and legal bases
In the following, we present to you all the operations of data processing during the use of handy-games.com, explaining the exclusive purposes of processing and the legal bases for each processing.
2.1 Visit handy-games.com without interaction
2.1.1 Processed data
(1) When you visit our website, the web server of our hoster, Rockenstein AG, Schleehofstr. 16, 97209 Veitshöchheim, Germany, processes the following data by collecting and storing it in log files:
- Your IP address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request comes (so-called referrer)
- Browser
- Operating system and its interface
- language and version of the browser software
- unique device identifiers (MAC addresses or, in the case of mobile devices, the IMEI)
(2) A log file is a log file that automatically registers all or certain actions of processes on a computer system. As a website operator, we can access the data processed in the log files, but we only receive the IP address or alternatively the host name in anonymized form. Accordingly, we cannot draw any conclusions about your person from them.
2.1.2 Purpose of processing
The processing of the data described in section 2.1.1 (1) of this privacy policy serves the purpose of providing handy-games.com. It is exclusively essential data processing without which the contents of handy-games.com cannot be displayed and the functions of the website cannot be offered.
2.1.3 Legal basis for the processing
The processing of the data referred to in section 2.1.1 (1) of this privacy policy is based on Art. 6 para. 1 sentence 1 lit f DSGVO, i.e. our legitimate interest in the presentation of handy-games.com on the Internet, which overrides your interests or fundamental rights and freedoms that require the protection of personal data.
Our legitimate interest lies exclusively in the presentation of the website and its content.
3. Collection and storage of personal data in applications and based on applicant profiles on applicant portals and type and purpose of such data and their use
3.1 Collection and storage
If
- you initiate contact with us for the first time,
- you submit an application to us,
- we contact you for the first time based on your applicant profile on applicant portals or
- we contact you for the first time based on your profile on professional social media platforms such as LinkedIn and/or XING,
then we will usually process the following information:
- salutation, first name, surname,
- address,
- a valid e-mail address,
- telephone number (landline and/or mobile),
- all other details you have included in your application documents (in particular: curriculum vitae, certificates),
- all other data you have uploaded to your applicant profile on applicant portals,
- all other data you indicate in the course of the application (in application questionnaires, interviews etc.),
- special categories of personal data which you have voluntarily provided
3.2 What do we process your data for (purpose of processing) and on what legal basis?
In the text which follows, we will inform you of the purpose for which we process your data and the legal basis for doing so.
3.2.1. For performance of contractual obligations and pre-contractual measures (Art. 6 (1) (b) GDPR)
We process your data to perform contractual obligations and to take steps prior to entering into a contract with you, i.e. in particular
- for internal processing of your application
- for implementing the application process
- for corresponding with you
- for implementing or terminating an employment relationship
- for exercising or fulfilling rights and obligations arising from law or a collective agreement, works agreement or employment agreement
for settling any liability claims which may exist and for asserting any claims against you.
3.2.2 Processing based on your consent (Art. 6 (1) (a) GDPR)
In principle, we will erase your data no later than 6 months after the end of the application process, provided there are no other reasons for retaining the data, see sec. 5. If you have given us your consent to process your personal data in connection with an “applicant pool”, we will erase those data no later than three years after the data are provided to us. The purpose of such “applicant pools” is to enable us to consider you for future vacancies.
You may withdraw your consent at any time with future effect. The foregoing also applies to declarations of consent you have given to us prior to the applicability of the GDPR, i.e. prior to 25 May 2018. We hereby inform you that withdrawal of consent will not affect the lawfulness of the processing carried out on the basis of consent prior to its withdrawal.
3.2.3. Processing due to legal requirements (Art. 6 (1) (c) GDPR)
We are subject to various legal obligations, such as statutory commercial retention and documentation obligations (under the German Commercial Code, the German Criminal Code or the German Tax Code).
3.2.4. Processing of special categories of personal data (Art. 9 (2) (GDPR)
We process the special categories of personal data you have provided to us if you have given us your consent pursuant to Art. 9 (2) (a) of the GDPR, or if processing is necessary to enable us to honour your rights under employment and social security and social protection law and to fulfil our obligations in this respect.
3. Recipients of your personal data
The data collected about you will not be passed on to third parties. If our hoster or Google receive this data, this is only due to the respective company’s own measures, over which Handy-Games has no influence.
4. Transfer of personal data to a third country or an international organization
All personal data on your part is stored on servers within the European Economic Area. A transfer to third countries or international organizations is not advised and is not actively pursued by Handy-Games.
5. Storage duration
(1) The duration of the storage of your personal data varies depending on the type and purpose of the data processing. However, your personal data will be irretrievably deleted in any case when the purpose of processing ceases to apply (so-called purpose continuation within the meaning of Art. 5 Para. 1 lit b DSGVO).
(2) Paragraph 4, (1) does not apply to data that is subject to statutory retention periods (in particular § 147 of the German Tax Code (AO) and § 257 of the German Commercial Code (HGB)) and to such data that is required for the defense against and assertion of legal claims against you or third parties and in the event of a conflicting official or court order. In these cases, only the necessary personal data remains stored and is only accessible to persons authorized in accordance with the purpose of storage (so-called data minimization in the sense of Art. 5 (1) lit c DSGVO). After the purpose of storage has ceased to exist, the data shall be irretrievably deleted without delay.
(3) A deletion concept is available and can be proven at any time upon request.
6. Data subject rights
6.1 Right to information
You have the right to receive confirmation from us free of charge as to whether we are processing personal data relating to you. If this is the case, you have a right to information about this personal data and to further information, which you can obtain from Art. 15 DSGVO. We will provide you with a copy of the personal data processed about you, as long as this does not affect the rights and freedoms of third parties.
6.2 Right to rectification
You have the right to request that we correct any inaccurate personal data concerning you without undue delay. Likewise, you have the right – taking into account the purposes of the processing mentioned above – to request the completion of incomplete personal data, also by means of a supplementary declaration.
6.3. Right to erasure (“being forgotten”).
You have the right to request the deletion of your data if the conditions set out in Article 17 (1) DSGVO are met. This right exists in particular if the data is no longer required for the processing purpose (purpose continuation), you revoke the consent underlying the data processing pursuant to Art. 7 (3) DSGVO, you have objected to the data processing pursuant to Art. 21 (1) DSGVO or the data processing by us is not lawful.
6.4 Right of objection
Insofar as we process your data on the basis of Art. 6(1) p. 1 lit. f DSGVO (i.e. because of our legitimate interest), you have the right to object to the processing of personal data concerning you by us at any time on grounds relating to your particular situation in accordance with Art. 21 DSGVO. If we cannot demonstrate compelling legitimate grounds for further processing that override your interests, rights and freedoms, we will no longer process your data on the basis of Art. 6 (1) sentence 1 lit. f DSGVO.
6.5 Right of revocation when consent is granted.
You may revoke a granted consent to the processing of your personal data at any time with effect for the future without giving reasons. The lawfulness of the processing based on the consent in the past remains unaffected.
6.6 Right to restriction of processing
You have the right to demand that we restrict processing if one of the conditions of Art. 18 DSGVO applies.
6.7 Right to portability of your data
You have the right to receive the personal data concerning you in a structured, common and machine-readable format. You must be able to transfer this data to another controller without hindrance from us if the requirements of Art. 20 (1) DSGVO are met.
6.8 Exercising your rights
To exercise your rights, you may contact us by mail, fax or by e-mail, among others, using the contact details provided in section 1 of this Privacy Policy. In case of serious doubts about your identity, we reserve the right to request proof of identity from you.
7. Right of complaint to a supervisory authority
(1) Without prejudice to any other rights, you have the right to lodge a complaint with a supervisory authority for data protection at any time, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of personal data relating to you by us violates data protection law.
(2) The supervisory authority responsible for us is:
Das Bayerisches Landesamt für Datenschutzaufsicht
Hausanschrift:
Promenade 18
91522 Ansbach
Deutschland
Postanschrift:
Postfach 1349
91504 Ansbach
8. Necessity of providing your personal data
(1) The provision of your personal data as described in section 2.1.1 (1) and 2.1.3 (2) of this privacy policy is neither contractually nor legally binding.
9. Automatic decision making
Automatic decision-making, including profiling, does not take place.
Stand: 11.10.2023