Privacy Policy for the Companies of the ANTES Group
Data protection is an important issue for us. We treat your personal data confidentially and in accordance with the European General Data Protection Regulation and this privacy policy (EU-GDPR).
The processing of data takes place in particular to fulfil our contractual obligations towards our clients and users. Notwithstanding this, we process your data to protect our legitimate interests, weighing them against your interests. And, of course, in some cases we are legally obliged to process data (e.g. to disclose data to investigating authorities). In all other cases, we will obtain separate consent from you for data processing. As part of the performance of our contractual obligations, we always try to adapt our products and services to the needs of the client and user.
In order to use our online-based analysis process, it is necessary to provide personal data. The personal data on our homepage (first and last name and email address) is always collected on a voluntary basis. This data will not be passed on to third parties without your express consent. This consent is always requested before starting the analysis and when entering your data.
We point out that data transmission over the Internet (e.g. when communicating by email) can have security gaps. Complete protection of the data against access by third parties is not possible. We observe the regulations of the EU-GDPR and would like to inform you in this privacy policy in detail and transparently about the processing of your data within the framework of ANTES.
1. Responsible controller
The collection, processing and use of personal data in connection with the use of ANTES PROFILE is carried out by
ANTES Solutions GmbH
Buchenweg 157
22926 Ahrensburg
2. Collection, processing and use of personal data
We only collect, process and/or use personal data if the user has consented or if this is permitted by law.
The use of personal data based on a legal permission takes place in particular in connection with the fulfilment of contractual obligations of ANTES towards the client. The processing and use of personal data of the user is necessary in order to be able to provide our services.
The processing of personal data takes place exclusively in Germany.
3. Type of personal data collected, processed and used
Access data
In the context of the applications of ANTES that require registration, we must collect and process certain personal data from you as your access data.
Example: ANTES PROFILE analysis procedure
We collect, process and use the following personal data as part of the operation of ANTES PROFILE:
Salutation (gender)
First and Last Name
Email address
Company
Other categories that are not required and optional for access:
Profile data (e.g. company name, industry, training, contact options, interest in possible job areas, training opportunities, etc.)
We offer our users an analysis of their behavioural preferences. Based on your voluntary information, which is collected through a questionnaire, the behavioural preferences (strengths, development, motivation and areas of application/career of the user are asked for).
On the basis of your input, a formulated results report is generated that contains your first and last name and the correct salutation. Based on the email address you have provided, we can send you the results report.
4. Purpose of the collection, processing or use of personal data
We collect your personal data in different ways, e.g. via our websites and social media channels, via telephone and email, for applications and in connection with personally conducted interviews as well as in the course of interacting with customers. Unless otherwise stated, we collect, process or use the data that you have provided to us as a participant in personal diagnostic procedures (such as analyses, tests or assessments) and/or as an applicant to fulfil our contractual and/or legal obligations. Unless otherwise stated, we collect, process or use the personal data you have provided:
To process your registration with ANTES;
At your request and on the basis of your inputs, in order to be able to carry out personal diagnostic procedures (such as ANTES PROFILE);
In order to be able to provide and transmit result reports and further information in an appropriate form based on the results of the aforementioned procedures;
At your request, to make the results of the diagnostic procedures available to participating companies;
For anonymous internal statistical evaluation in order to carry out further validations of our ANTES PROFILE procedure;
To get in touch with you and keep in touch (e.g. name, postal address, email address and telephone number);
Username and password when you log in to our websites;
For providing personnel placement services;
To process and defend legal claims or to defend against lawsuits;
To join a specialised network in order to be able to offer you suitable job or project offers;
For information about our services (e.g. dates for workshops)
In addition, if you apply for a position or a project, we can collect the following types of personal data (to the extent permitted by local legal regulations):
Professional career and educational path; Project listing;
Language skills and other job-related skills;
Date of birth;
Gender;
Nationality;
Information contained in letters of recommendation;
Information contained on your resume, information you provide to us about your professional interests and other information about your professional qualifications;
In order to provide further vacancies or project offers to you, even after the end of the first application phase, in which you could not be placed. After completing the first application phase and in the event of a corresponding offer, we will of course contact you beforehand and obtain your consent;
To contact you with any queries in connection with ANTES;
To inform you about changes to this data protection notice or our terms of use.
5. Passing on of your data to third parties
Who receives your personal data?
We only pass on your personal data to third parties if this is necessary for the fulfilment of our own business purposes (i.e. in particular to provide the services owed to you or our customers) (e.g. if we have your profile or your results from diagnostic procedures, e.g. in the course of your application process, to a company to which you are applying and which is our client), you have given your consent or we are obliged to do so by law or due to a judicial or official order.
If we work with external service providers in the context of data processing (e.g. in software development), this is usually done on the basis of so-called commissioned data processing, in which we remain the controller responsible for the data processing. We check each of these service providers beforehand for the measures they have taken for data protection and data security and ensure statutory contractual provisions are in place for the protection of personal data.
Other categories of recipients
State agencies and courts
Technical service providers
Hosting service provider
Ad server operator
Email dispatch service provider
CRM service provider
Software developer
Your personal data will not be passed on, for example to address traders or other companies for advertising purposes.
* * * *
We use the following service providers to run the ANTES PROFILE behavioural preference analysis:
Ingress GmbH
Weidestraße 122a
22083 Hamburg
The service provider processes the data exclusively in accordance with our instructions and has been obliged to comply with the applicable EU-GDPR. The use of the service provider does not change the fact that we are the responsible controller within the meaning of the Federal Data Protection Act. We and the service providers commissioned by us take appropriate technical and organisational measures to protect our users’ data. We only transfer your personal data to third parties if we are obliged to do so by law (e.g. to courts or law enforcement authorities), if you have given us your consent or if this is legally permissible.
Security and data protection:
keyingress survey and telemarketing software (excerpt)
In the following, you will find an excerpt from the security and data protection concept of our contracted service provider Ingress. If you have a justified interest, we will be happy to provide you with the detailed privacy policy.
The Ingress company
Ingress is an IT service provider and develops software solutions for market research, human resources and telemarketing. All software solutions from Ingress are web-based and are used as rental solutions (OnDemand) or as in-house solutions. In addition to the software, Ingress offers its customers various software-related services such as questionnaire programming or the management of online surveys.
Background
When used as an on-demand solution, the software is accessed via the Internet. Ingress guarantees extensive security measures so that only authorised persons can access the system. These can be divided into the areas of technical and spatial security, server security, data security and personnel security.
Technical and spatial security
The Ingress servers are located in a German high-performance data centre certified according to ISO 27001 with several spatially separated locations in the Nuremberg and Falkenstein/Vogtland area, which are connected to each other as a ring. The multiple redundant Internet connections, including those at the largest German exchange node DE-CIX and the direct connection to Telekom, ensure smooth operation.
The details of the connection are listed below:
Transit
• 400 GBit/s Core-Backbone
• 300 GBit/s Telia
• 200 GBit/s NTT
• 100 GäBit/s GTT
• 100 GBit/s TATA
Peering-Points
• 300 GBit/s DE-CIX
• 100 GBit/s AMS-IX
• 100 GBit/s NL-IX-FFM
• 100 GBit/s ECIX
• 20 GBit/s FICIX
• 20 GBit/s Netnod
• 10 GBit/s NL-IX-AMS
• 10 GBit/s N-IX
• 10 GBit/s STH-IX
• 10 GBit/s VIX
Private Peerings
• 240 GBit/s Google
• 200 GBit/s Facebook
• 100 GBit/s OVH
• 80 GBit/s Amazon
• 40 GBit/s KabelDeutschland
• 40 GBit/s RETN
• 40 GBit/s Rostelecom
• 20 GBit/s Init7
• 20 GBit/s Leaseweb
• 20 GBit/s Megafon
• 20 GBit/s Microsoft
• 20 GBit/s NetAssist
• 20 GBit/s Telefonica
• 20 GBit/s Worldstream
• 10 GBit/s Aixit
• 10 GBit/s Cloudflare
• 10 GBit/s Dropbox
• 10 GBit/s Enviatel
• 10 GBit/s Fiord
• 10 GBit/s GlobalCloudXchange
• 10 GBit/s LWLcom
• 10 GBit/s myLoc
• 10 GBit/s Rascom
• 10 GBit/s Serverius
A redundant uninterruptible power supply (UPS) with a battery buffer of 15 minutes and an emergency power generator ensure smooth server operation even in the event of a power failure. The data centres are air-conditioned with an average temperature of 22 degrees Celsius.
Surveillance cameras
24/7 monitoring and special door and locking systems prevent unauthorised access. The data centres are equipped with a modern early fire detection system with a direct connection to the local fire brigade. The data centres are spatially distributed and cannot be recognised as such from the outside.
Server security
The server is set up exclusively by Ingress without the use of a premade operating system image. Only the services required to operate the keyingress software are activated on the servers. These services are the web server and the database server. Other services such as email or FTP are deactivated on the Ingress servers. In addition, all servers are secured from the outside by means of a firewall. The reduction to the required services prevents unauthorised access to the server via additional services. Permanent server monitoring ensures that unauthorised server access is recognised in good time and suitable countermeasures are taken. All servers are checked monthly for security gaps.
Direct server access for the purpose of server configuration can only be carried out by trained Ingress employees. Direct server access is only possible via Ingress’ local IT systems.
All Ingress employees who have direct access to the servers are committed to data confidentiality and data protection. The “Server administration” work instruction regulates which employee has which rights. The employees in the data centres have no access to the servers and the data on the servers. Ingress guarantees permanent availability of 99.5% of the keyingress software over the Internet.
Data security and anonymity
Ingress servers are equipped with a RAID1 hard drive system, which reduces the likelihood of data loss to a minimum. Ingress ensures a daily backup of the data on the server on a backup server. The backups/logs are saved for 30 days and then completely deleted. Ingress also guarantees real-time data mirroring on a second productive system. In the event of a server failure, work can be continued on the second system via a replacement link with a time delay of approx. 120 minutes. Ingress anonymises personal data as early as possible for the implementation of the respective research project. Until then, personal data will be stored separately from the survey data so that the information from the respondents cannot be assigned to individual persons. The individual survey links in online surveys with email invitations cannot be used to identify the persons from outside. The disclosure of information by manipulating this link is also excluded. No macros or program code, e.g. SQL or PHP code, can be executed in open questions in online surveys. PHP code cannot be executed in layout HTML templates either.
Personnel security
Ingress observes the data protection regulations. In addition, the persons working at Ingress have been obligated in writing in accordance with the GDPR to comply with the data protection requirements of the General Data Protection Regulation. Insofar as Ingress processes personal data when carrying out projects, Ingress acts on behalf of the client within the meaning of Art. 28 GDPR. Ingress will therefore use the personal data only within the framework of the agreements made or other written instructions from the client and in accordance with data protection regulations. Ingress also guarantees that all information received will be kept secret indefinitely. In addition to the operational organisational processes, this applies in particular to all information that is considered confidential or is identifiable as a trade or business secret. As far as the projects do not require it, no records and notifications are transmitted to third parties.
* * * *
6. Use of analysis tools on our websites
On our website (www.antes-group.com), the SalesViewer® technology from SalesViewer® GmbH is used to collect and save data for marketing, market research and optimisation purposes based on the legitimate interests of the website operator (Art. 6 (1) (f) GDPR).
For this purpose, a JavaScript-based code is used, which is used to collect company-related data and the corresponding use. The data collected with this technology is encrypted using a non-recalculating one-way function (so-called hashing). The data is immediately pseudonymised and not used to personally identify the visitor to this website.
Functionality: As part of the SalesViewer®, a JavaScript-based tracking code is used on the website of a company, with the help of which the following information (hereinafter visitor data) is determined as part of the procedure described below:
Name, origin and industry of the visiting company
Referrer
Keyword
Visitor behaviour (e.g. subpages visited, time of visit, duration of visit)
No cookies or similar files are stored on the website visitors’ end devices. Instead, the visiting company is identified by comparing it with generally accessible information as described below. For this purpose, the website visitor’s online identification is encrypted using a one-way function that can no longer be recalculated (so-called hashing) and, after a preselection through which private access is filtered out, transferred to the provider in a pseudonymised manner. These online identifiers are compared by the provider with a database limited to company-related data. As far as company-related accesses can be identified within the scope of this procedure, the website operator is provided with corresponding company-related data about the website visit on an internet platform of the provider, on which it is also possible to research further generally accessible data (e.g. address and contact data) about the companies visiting the website. The SalesViewer® is designed to identify the companies on the visiting website. If only company data is collected and processed, it is not relevant under data protection law due to the lack of personal reference. Otherwise, visitor data is only collected and processed in pseudonymised form.
The data collection and storage can be objected to at any time with effect for the future by clicking this link https://www.salesviewer.com/opt-out to prevent future collection by SalesViewer® within this website. An opt-out cookie for this website is stored on your device in this case. If you delete your cookies in this browser, you will have to click on this link again.
7. What rights can you assert?
You have, among other things, legal claims to information, rectification, erasure, restriction of processing, objection to processing as well as a right to data portability. You can also revoke any consent you may have given to the processing at any time and lodge a complaint with a supervisory authority.
Right to object
You can object at any time to the processing of your personal data based on Art. 6 (1) (f) EU-GDPR.
Right to be informed
On request, you will receive clear information about the processing of your personal data.
You also have the right to the following information:
The processing purposes
The categories of personal data that are processed
The recipients or categories of recipients to whom the personal data has been disclosed or is still being disclosed, in particular to recipients in third countries or to international organisations
If possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
The existence of a right to rectification or erasure of the personal data concerning you or to restriction of processing by the responsible controller or a right to object to this processing
The existence of a right to lodge a complaint with a supervisory authority
If the personal data is not collected from the data subject, all available information on the origin of the data
The existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) EU-GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject
If personal data is transmitted to a third country or to an international organisation, you as the data subject have the right to be informed about the appropriate guarantees (pursuant to Art. 46 EU-GDPR) in connection with the transmission.
Right to rectification
You have the right to request that we correct and, if necessary, complete your personal data.
Right to erasure
You have the right to request that we delete personal data concerning you immediately if one of the following reasons applies: The personal data is no longer necessary for the purposes for which it was collected or otherwise processed. You revoke your consent on which the processing was based in accordance with Art. 6 (1) (a) or Art. 9 (2) (a) EU-GDPR, and there is no other legal basis for the processing. You object to the processing in accordance with Art. 21 (1) EU-GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 (2) EU-GDPR. The personal data was processed unlawfully. The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the member states to which we are subject. The personal data was collected in relation to information society services offered directly to a child in accordance with Art. 8 (1) EU-GDPR. Upon your request, we are obliged to delete the relevant data immediately. The legality of the processing carried out on the basis of the consent up to the point of revocation remains unaffected.
Right to restriction of processing
In certain cases, you can request that the processing of your personal data be restricted. You are entitled to request a restriction on the processing of your personal data if you dispute the correctness of the personal data, for the duration that enables the responsible controller to check the correctness of the personal data. If the processing is unlawful and you decline to delete the personal data and instead request us to restrict the use of the personal data, we will follow the request. The processing will also be restricted if we no longer need your personal data for the purposes of processing, but you need it to assert, exercise or defend your own legal claims, or if you have objected to processing in accordance with Art. 21 (1) EU-GDPR, as long as it has not yet been determined whether the legitimate reasons of the responsible controller outweigh your reasons. You will be informed by us before the restriction is lifted.
Right to data portability
A request by you for information on your data can also be transmitted to third parties.
You have the right to receive the personal data relating to you that you have provided to us in a structured, common and machine-readable format, and you have the right to have this data transferred to another responsible controller without hindrance by us, to whom the personal data was provided. The prerequisite is that a) the processing is based on consent in accordance with Art. 6 (1) (a) EU-GDPR or Art. 9 (2) (a) EU-GDPR or on a contract in accordance with Art. 6 (1) (b) EU-GDPR, and b) the processing is carried out using automated procedures. When exercising the right to data portability, you have the right to request that the personal data be transmitted directly from us to another responsible controller, insofar as this is technically feasible.
Right of revocation of consent
If the processing is based on your consent, you have the right to revoke your consent at any time. This does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.
Right to lodge a complaint
You are free to lodge a complaint with a supervisory authority.
The supervisory authority responsible for our company is: Schleswig-Holstein, Independent State Centre for Data Protection Schleswig-Holstein. The Schleswig-Holstein Commissioner for Data Protection and Freedom of Information:
Marit Hansen, Postfach 71 16, 24171 Kiel or: Holstenstraße 98, 24103 Kiel, Telefone: 04 31/988-12 00,
Telefax: 04 31/988-12 23, E-Mail: mail@datenschutzzentrum.de,
Homepage: http://www.datenschutzzentrum.de
If you are of the opinion that the processing of your personal data violates the EU-GDPR, you can lodge a complaint with a supervisory authority. In particular, you can also contact the supervisory authority of your habitual residence, your place of work or the place of the alleged violation. Further regulations on the complaint procedure can be found in Art. 77 EU-GDPR.
8. Termination of participation in ANTES PROFILE
You can end your participation in ANTES DISC at any time. Please let us know in writing if you would like us to delete your personal data. Your personal data will then be completely anonymised, with the exception of the data that must be stored by law, for example due to retention requirements under commercial or tax law.
9. Change of privacy policy
We reserve the right to adapt the privacy policy at regular intervals to the underlying processes. You will be informed of any changes to the privacy policy by email.
10. Questions, comments, suggestions
We are happy to answer your questions about data protection and look forward to your comments and suggestions. Write to us by email office@antes-group.com or by post to the following postal address within the ANTES Group:
ANTES Solutions GmbH
Buchenweg 157
22926 Ahrensburg
* * * *
Google Analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland („Google“), for the purpose of demand-oriented design and ongoing optimisation of our pages. In this context, pseudonymised usage profiles are created and cookies (see under point 4) are used. The information generated by the cookie about your use of this website such as
browser type/version
operating system used
Referrer URL (the previously visited page)
Host name of the accessing computer (IP address)
Time of the server request
are usually transmitted to a Google server and stored there; this may also involve transmission to Google LLC. servers in the USA. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services associated with the use of the website and the Internet for the purposes of market research and the design of these Internet pages in line with requirements. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymised so that an allocation is not possible (IP masking).
Due to the certification according to the EU-US Privacy Shield
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Google guarantees that the data protection requirements of the EU are also complied with when processing data in the USA.
The Google Analytics service is used to analyse the usage behaviour of our website. The legal basis is Art. 6 para. 1 lit. f DSGVO. Our legitimate interest lies in the analysis, optimisation and economic operation of our website.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on this link. An opt-out cookie will be set, which prevents the future collection of your data when visiting this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
Deactivate Google Analytics
Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).
Google Adwords Conversion Tracking
In order to statistically record the use of our website and to evaluate it for the purpose of optimising our website for you, we also use Google Conversion Tracking. Google Adwords sets a cookie on your computer if you have accessed our website via a Google advertisement.
These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer’s website and the cookie has not yet expired, Google and the customer can recognise that the user clicked on the ad and was redirected to this page.
Each Adwords customer receives a different cookie. Cookies can therefore not be tracked via the websites of Adwords customers. The information obtained using the conversion cookie is used to create conversion statistics for Adwords customers who have opted for conversion tracking. The Adwords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
If you do not wish to participate in the tracking procedure, you can also refuse the setting of a cookie required for this – for example, by means of a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser so that cookies from the domain „www.googleadservices.com“ are blocked. Google’s privacy policy on conversion tracking can be found here (https://services.google.com/sitestats/de.html).
Google reCAPTCHA
We use Google reCAPTCHA on our website to check and prevent interactions on our website by automated access, e.g. by so-called bots. This is a service provided by Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as „Google“.
Through the certification according to the EU-US Privacy Shield
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Google guarantees that the data protection requirements of the EU are also complied with when processing data in the USA.
This service enables Google to determine from which website a request is sent and from which IP address you use the so-called reCAPTCHA input box. In addition to your IP address, Google may also collect other information that is necessary for offering and guaranteeing this service.
The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the security of our website as well as in the defence against unwanted, automated access in the form of spam or similar.
Google offers a service at
https://policies.google.com/privacy
for further information on the general handling of your user data.
Google Fonts
We use Google Fonts on our website to display external fonts. This is a service provided by Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as „Google“.
Through the certification according to the EU-US Privacy Shield („EU-US Privacy Shield“)
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Google guarantees that the data protection requirements of the EU are also complied with when processing data in the USA.
To enable the display of certain fonts on our website, a connection to the Google server in the USA is established when our website is accessed.
The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the optimisation and economic operation of our website.
The connection to Google established when you call up our website enables Google to determine which website sent your request and to which IP address the display of the font is to be transmitted.
Google offers at
https://adssettings.google.com/authenticated
https://policies.google.com/privacy
for further information, in particular on the possibilities of preventing the use of data.
Hotjar
This website uses Hotjar. The provider is Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).
We use Hotjar to better understand the needs of our users and to optimise this service and experience. Hotjar is a technology service that helps us better understand our users‘ experience (e.g. how much time they spend on which pages, which links they click on, what users do and don’t like, etc.) and enables us to build and maintain our Service with user feedback. Hotjar uses cookies and other technologies to collect data about the behaviour of our users and their devices. This includes a device’s IP address (which is processed during your session and stored in a non-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only) and the preferred language in which our website is displayed. Hotjar stores this information on our behalf in a pseudonymised user profile. Hotjar is contractually prohibited from selling the data collected on our behalf. For more information, please see the „About Hotjar“ section on Hotjar’s support page.
The use of Hotjar and the storage of Hotjar cookies is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.
1) Deactivating Hotjar
If you wish to deactivate the data collection by Hotjar, click on the following link and follow the instructions there: https://www.hotjar.com/opt-out.
Please note that deactivating Hotjar must be done separately for each browser or end device.
For more information about Hotjar and the data it collects, please see Hotjar’s privacy policy at the following link: https://www.hotjar.com/privacy
2) Contract for order processing
We have concluded an order processing contract with Hotjar in order to implement the strict European data protection regulations.