Information Privacy Declaration (Datenschutzerklärung)
Information Privacy Declaration
This information privacy declaration applies to the website of the DS Crewing GmbH. Here you will find information in conformity with Article 13 of the General Information Privacy Regulation [Datenschutz-Grundverordnung - DSGVO] covering information related to the access and use of our website and how this information will be used, processed and shared.
Name and contact of data controller in conformity with DSGVO Article 4 Par. 7
DS Crewing GmbH
20457 Hamburg - Germany
Tel. +49 (40) - 76 79 61-0
Fax +49 (40) - 76 79 61-260
Information privacy representative
Thilo Noack, SharedIT Proffessional GmbH & Co. KG,
Saebystr. 17a, 24576 Bad Bramstedt
Information privacy representative
Mr Thilo Noack, SharedIT Professional GmbH & Co. KG, Saebystrasse 17a, 24576 Bad Bramstedt
Security and protection of your personal information
We consider that our most important task is to safeguard the confidentiality of the personal information you make available and to protect it against unauthorised access. For this reason, we take the greatest care and apply the most modern security standards to ensure maximum protection of your personal information.
As a privately owned and operated company, we are subject to the provisions of the European General Information Privacy Regulation (DSGVO) and the regulations of the Federal Information Privacy Act [Bundesdatenschutzgesetz - BDSG]. We have developed technical and organisational measures to ensure that the provisions regarding information privacy are observed not only by us but also by our external service providers.
The legislation requires that personal information be processed lawfully, in good faith and in a manner that is comprehensible to the data subject (“lawfulness, good-faith processing, transparency”). To ensure this, we inform you regarding the individual legal definitions that are also used in this Information Privacy Declaration:
- Personal information
“Personal information” includes all information relating to an identified or identifiable natural person (hereinafter “data subject”; a natural person is deemed identifiable if he or she can be directly or indirectly identified, especially through assigning an identifier such as a name, identification number, location information, on-line identifier or one or more particular characteristics that express the physical, physiological, genetic, mental, economical, cultural or social identity of this natural person.
“Processing” describes each operation performed with or without the assistance of automated processes or each such sequence of operations associated with personal information such as collecting, recording, organizing, arranging, storing, adapting or changing the readout, query, application, dissemination through transfer, distribution or any other form of provision, comparing or linking, restricting, deleting or erasing.
- Restriction of processing
“Restriction of processing” covers the marking of stored personal information for the purpose of restricting its future processing.
“Profiling” is any form of automated processing of personal information that allows this personal information to be used to assess specific individual aspects related to a natural person, especially to analyse or predict aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, behaviour, place or residence or change of location of this natural person.
“Pseudonymisation” is the processing of personal information in a such a way that the personal information can no longer be associated with a specific data subject without the consultation of additional information, to the extent that this additional information is maintained separately and subject to technical and organisational measures that ensure that the personal information cannot be associated with an identified or identifiable person.
- File system
“File system” is any structured compilation of personal information that is accessible according to certain criteria, regardless whether the arrangement of this compilation is guided in a centralised or decentralised manner or according to functional or geographic factors.
- data controller
“data controller” is a natural person or legal entity, authority, establishment or other place that makes decisions, whether on its own or jointly with others, regarding the purposes and means of processing personal information; if the purposes and means of this processing are prescribed by European Union law or the law of its Member States, the data controller and/or the specific criteria for designating the data controller can be prescribed by European Union law or the law of its Member States.
- Information processor
“Information processor” refers to a natural person or legal entity, authority, establishment or other place that processes personal information on behalf of the data controller.
“Receiver” is a natural person or legal entity, authority, establishment or other place to which personal information is disclosed, regardless whether a third party or not. Authorities who receive possibly personal data in the context of a specific investigatory assignment under European Union law or the law of its Member States are not, however, considered as receivers; the processing of this information by the designated authorities takes place consonant with applicable information privacy provisions in accordance with the purposes of the processing.
- Third party
“Third party” refers to a natural person or legal entity, authority, establishment or other place other than the data subject, the data controller, the information processor and the persons who hold authorisation under the direct or indirect responsibility of the data controller or the information processor to process personal information.
“Consent” of the data subject is any voluntary, case-specific, informed and unmistakeable expression of willingness provided in the form of a statement or another clearly confirming action by means of which the data subject lets it be known that he or she agrees to the processing of the relevant personal information.
Lawfulness of processing
The processing of personal information is only lawful in the existence of a legal basis for the processing. In accordance with DGSVO Article 6 Par. 1 letters a - f , legal bases for such processing can include the following:
- The data subject has given his her consent to the processing of the personal information relating to him or her for one or more specific purposes:
- the processing is required for the purpose of fulfilling a contract to which the data subject is a party, or carry outing pre-contractual measures at the request of the data subject;
- the processing is to required for the fulfilment of a legal oblation to which the data controller is subject;
- the processing is required to protect the vital interests of the data subject or another natural person;
- the processing is required to perform a duty that has been assigned to the data controller in the public interest or is carried out in the exercise of official authority that has been assigned to the data controller;
- the processing is required to safeguard the legitimate interests of the data controller or a third party unless outweighed by the interests or basic rights and basic freedoms of the affected party that require the protection of personal information, especially in cases where the data subject is a child.
Information regarding the collection of personal data
(1) In the following items, we inform you regarding the collection of personal information when you use our website: Examples of personal information include name, address, email addresses, user behaviour.
(2) When you contact us via email or a contact form, the information you share (your email address, if necessary your name and telephone number) are stored by us for the purpose of responding to your questions. The legal basis for this data collection and data processing is your consent pursuant to Article 6 paragraph 1 lit. a GDPR. We delete the information resulting from this association once its storage is no longer required or its processing is restricted, in cases involving legal retention requirements.
Collection of personal information through visits to our website
If you use the website for purely informational purposes - in other words, if you do not register or transmit information to us in other ways, we only collect the personal information that your browser transmits to our server. If you would like to view our website, we collect the following information that we require for technical purposes in order to display our website and ensure stability and security. This data collection serves the protection of our legitimate interests in accordance with Article 6 paragraph 1 lit. f GDPR in a correct representation of our offer, which predominate within the scope of a weighing of interests. The following data is logged in this way:
- IP address
- Date and time of request
- Time-zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- of the respectively transmitted data volume
- Website where the request originates
- Operating system and its interface
- Browser software language and version
The website operator or page provider collects data about access to the page and saves it as server log files. The following data is logged in this way:
• Visited website
• Time at moment of access
• IP address used (in anonymized form)
The collected data are only used for statistical evaluations, to improve the website, or to defend against cyber attacks. However, the website operator reserves the right to subsequently check the server log files if there are specific indications of illegal use. In this respect, log files are stored for 7 days. This data collection serves in accordance with Article 6 paragraph 1 lit. f GDPR to safeguard, in a balancing of interests, our predominant legitimate interest in the correct presentation of our products and services and in improving security against cyber attacks.
(2) This website uses the following types of cookies, the scope and functionality of which is explained below:
- Transient cookies (a.)
- Persistent cookies (b.).
- Transient cookies are automatically deleted when you close the browser. These especially include session cookies. These store what is known as a session ID with which various queries from your browser can be arranged in a common session. In this way, your computer can be recognised again if you return to our website. The session cookies will be deleted when you log out or close the browser.
- Persistent cookies are automatically deleted after a given time that can vary according to the cookie. You can delete cookies at any time in the security settings of your browser.
- You can configure your browser setting according to your preferences and, for example, accept third-party cookies or reject all cookies. So-called “third-party cookies” are cookies that were placed by a third party, thus not by the actual website where you are at that moment. We point out to you that if you deactivate cookies you will not be able to use all the functions of this website.
- We place cookies to be able to identify you in subsequent visits in case you have an account with us. Otherwise you would have to log in again each time you visit our site.
- The flash cookies we use are collected not by your browser but by your flash plug-in. In addition, we use HTML5 storage objects that are stored on your terminal. These objects store the required information no matter what browser you use, and they have no automatic expiry data. If you prefer not to have flash cookie processing, you will need to install a corresponding add-on such as “Better Privacy” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or theAdobe Flash Killer cookie for Google Chrome. Use of HTML5 storage objects can block you from setting your browser to private mode. In addition, we recommend manually deleting your cookies and browser history on a regular basis.
Additional functions and offerings of our website
(1) Besides the purely information use of our website, we offer various services that you can access if you are interested. To do this, you generally must provide personal information that we use in delivering the respective servie and for which the above-mentioned principles of data processing apply.
(2) Sometimes we use external service providers to process your information. We have carefully selected and instructed them, they are bound by our directives and are regularly audited.
(3) We furthermore can share your personal information with third parties if we offer special offers, sweepstakes, contracting or other services in conjunction with partners. You can obtain more information about these by providing your personal information or by reading the offer description below.
(4) Where our service providers maintain their headquarters in a country outside the European Economic Area (EEA), we inform you in the description of the offer regarding the consequences of this situation.
The Dr. Peters Group collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant sends corresponding application documents to the controller by electronic means, for example by e-mail or via a web form on the website. If Dr. Peters concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be automatically deleted no later than six months after notification of the rejection decision, provided there are no other legitimate interests to the contrary. Other legitimate interests in this sense include, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).
In principle, our offer is intended for adults. Persons under 18 years of age should not send personal information to us without the permission of parents or guardians.
Rights of the data subject
(1) Revocation of consent
Where the processing of personal information is based on the provision of consent, you have the right to revoke that consent at any time. By revoking your consent, the lawfulness of the processing that has taken place based on the consent you gave and up to your revocation is not affected.
To exercise your revocation right, you can contact us at any time.
(2) Right to confirmation
You have the right to demand that the data controller to provide a declaration stating whether we are processing affected personal information. You may demand the declaration at any time by means of the contact information provided above.
(3) Right to information
When personal information is processed, you are entitled at any time to demand disclosure of the following facts about this personal information:
- The purpose of the processing;
- the categories of personal information that are being processed;
- the receivers or categories of receivers to which the personal information was or is still disclosed, especially concerning receivers in third countries or at international organisations;
- where possible, the planned duration over which the personal information is being stored or, where this is not possible, the criteria for determining this duration;
- the existence of a right to correct or delete the affected personal information or to restrict its processing by the data controller, or a right to object to this processing;
- the existence of a right of appeal before a supervisory authority;
- where the personal information was not collected by the data subject, all available information regarding the information source;
- the existence of automatic decision making including profiling in accordance with DGSVO Article 22 Paragraphs 1 and 4 and -- at least in these cases -- meaningful information regarding the logic involved, the scope and the desired effects of such processing for the data subject.
Where personal data are transmitted to a third country or to an international organisation, you have the right to learn about the applicable guarantees in accordance with DGSVO Article 46 associated with the transmission of the information. We make available a copy of the personal information that is the object of the processing. For all additional copes that you may personally request, we are entitled to ask for a reasonable fee based on administrative costs. If you apply electronically, the information will be made available in a common electronic format unless otherwise indicated. The right under Paragraph 3 to receive a copy may not compromise the rights and freedoms of other persons.
(4) Right to rectification
You have the right to demand that we promptly correct affected incorrect personal information. In consideration of the purposes of the processing, you have the right to demand the completion of incomplete personal information -- even by means of a supplementary declaration.
(5) Right to erasure (“right to be forgotten”)
You have the right to demand of the data controller that personal information affecting you be promptly deleted, and we are obligated to delete personal information promptly, if any of the following reasons apply:
- The personal information is no longer necessary for the purposes for which it was collected or otherwise processed.
- The data subject revokes his or her consent underlying the processing in accordance with DGSVO Article 6 Paragraph 1 letter a or Article 9 Paragraph 2 letter a and there is no further legal basis for the processing.
- The data subject lodges an objection to the processing in accordance with DGSVO Article 21 and there is no overriding legal basis for the processing, or the data subject files an objection to the processing in accordance with DGSVO Article 21.
- The personal information was unlawfully processed.
- The deletion of the personal information is for the purpose of fulfilling a legal obligation under European Union law or the law of its Member States to which the data controller is subject.
- The personal information was collected in relation to the information company’s services offered in accordance with DGSVO Article 8 Paragraph
If the data controller has disclosed the personal information and he or she is obligated to delete it in accordance with Paragraph 1, he or she is subject to appropriate measures, taking into consideration the available technology and the costs of implementation as well as the technical nature, to inform those responsible for data processing who are processing the personal data that a data subject has demanded the deletion of all links to this personal information or to copies or replicas of this personal information.
The right to deletion (“right to be forgotten”) does not apply to the extent that the processing is required:
- For the exercise of the right to freedom of expression and information;
- for the fulfilment of a legal obligation under European Union law or the law of its Member States to which the data controller is subject or for performance of a duty that has been assigned to the data controller in the public interest or is carried out in the exercise of official authority that has been assigned to the data controller;
- for reasons of public interest in the area of public health in accordance with DGSVO Article 9 Paragraph 2 letters h and i as well as Article 9 Paragraph 3;
- For archiving, historical research or statistical purposes falling within the public interest in accordance with DGSVO Article 89 Paragraph 1 to the extent that the right conferred in Paragraph 1 is anticipated to make the realisation of the goals of this processing impossible or to affect them substantially, or
- to assert, carry out or defend a legal claim.
(6) Right to restrict processing
You have the right to demand the restriction of our processing of your personal information if one of the following conditions applies:
- The correctness of the personal information of the data subject is challenged, including a duration of time required for the data controller to assess the correctness of the personal information,
- The processing is unlawful and the data subject declines the deletion of the personal information, demanding instead that the use of the personal information be restricted;
- The data controller no longer needs the personal information for the purposes of processing but the data subject needs the information for the purpose of asserting, carrying out or defending a legal claim, or
- The data subject has lodged an objection against the processing in accordance with DGSVO Article 21 Paragraph 1 until it is established whether the data controller’s justifying reasons outweigh those of the data subject.
If processing was restricted in accordance with the conditions described above, this personal information -- apart from its storage -- may only be processed with the consent of the data subject or for the purpose of asserting, carrying out or defending a legal claim or to protect the rights of another natural person or legal entity or based on an important official interest of the European Union or one of its Member States.
To assert a claim to restrict processing, the data subject can contact us at any time using the contact information provided above.
(7) Right to data portability
You have the right to receive the relevant personal information that you made available to us in a structured, commonly accessible and machine-readable format, and you have the right to transmit it to another data controller without obstruction by the data controller to which the personal information was made available to the extent that:
- The processing is based on consent in accordance with DGSVO Article 6 Paragraph 1 letter a or Article 9 Paragraph 2 letter a or on a contract in accordance with Article 6 Paragraph 1 letter b and
- the processing takes place by means of automated procedures.
In exercising the right to data portability in accordance with Paragraph 1, you have the right for the personal information to be transmitted directly from one data controller to another data controller to the extent that this is technically feasible. The exercise of the right to data portability does not affect the right to deletion (“right to be forgotten”). The processing is required to perform a duty that has been assigned to the data controller in the public interest or is carried out in the exercise of official authority that has been assigned to the data controller;
(8) Right of objection
For reasons arising from your specific situation, you have the right at any time to lodge an objection to the processing of personal information affecting you based on DGSVO Article 6 Paragraph 1 letter e or f; this also applies to profiling based on these provisions. The data controller will not process any further personal information unless he or she can establish compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject or unless the processing serves the purpose of asserting, carrying out or defending a legal claim.
If personal information is processed to carry out direct advertising, you have the right at any time to lodge an objection against the processing of personal information affection you for the purpose of such advertising; this also applies to profiling if it is related to such direct advertising. If you object to the processing for the purpose of direct advertising, the personal information will no longer be used for these purposes.
In connection with the use of the services of the information company, you can, notwithstanding Guideline 2002/58/EC, exercise your right to object through automated procedures that use technical specifications.
For reasons arising from your specific situation, you have the right to lodge an objection against the relevant processing of personal information affecting you for the purpose of scientific or historical research or for statistical purposes in accordance with DGSVO Article 89 Paragraph 1 unless the processing is for the purpose of performing a task falling within the public interest.
You may exercise your right of objection at any time by contacting the respective data controller.
(9) Automatic decision making including profiling
You have the right not to be subjected to a decision based exclusively on automated processing -- including profiling -- that has a legal effect on you or that significantly affects you in a similar way. This does not apply if the decision is:
- required for the conclusion or fulfilment of a contract between the data subject and the data controller,
- authorised based on the provisions of European Union law or the law of its Member States to which the data controller is subject and these legal provisions contain appropriate measures for safeguarding the rights and freedoms as well as legitimate interests of the data subject or
- carried out with the express consent of the data subject.
The data controller will take reasonable steps to safeguard the rights and freedoms as well as legitimate interests of the data subject, which minimally include the right to obtain human intervention on the part of the data controller, to express his or her point of view and to contest the decision.
The data subject may exercise this right of objection at any time by contacting the respective data controller.
(10) Right of appeal before a supervisory authority
Notwithstanding other administrative or legal remedies, you additionally have the right to appeal before a supervisory authority, especially in the Member State of your place of residence, workplace or site of the presumed violation, if the data subject is of the opinion that the processing of the personal information affecting him or her violates this regulation. Your competent supervisory authority is the authority with jurisdiction over your place of residence. You will find a list of all supervisory authorities here
(11) Right to effective legal remedy
Notwithstanding an available administrative or out-of-court legal remedy including the right to appeal before a supervisory authority in accordance with DSGVO Article 77, you have the right to an effective legal remedy if you are of the opinion that the rights accruing to you under this regulation were violated as a result of a processing of your personal information that is not consistent with this regulation.
Use of Matomo
(1)This website uses the Matomo web analysis service to be able to analyse our website use and constantly improve it. Through the statistics we gather, we can improve our offerings and design them to be more interesting to you, the user. The use of Matomo is based on the legal basis of Article 6 paragraph 1 lit. f GDPR and serves to safeguard, in a balancing of interests, our predominant legitimate interest in continuous improvement of our products.
(2) Cookies are stored on your computer to perform this assessment. Information collected in this way is stored by the data controller exclusively on his or her server in [Germany]. You can block the assessment by deleting existing cookies and blocking the storage of cookies. If you block the storage of cookies, we point out that you may not be able to use this website to its fullest extent. It is possible to block the storage of cookies by adjusting the setting in your browser. It is possible to block the use of Matomo by un-ticking the following boxes, which will activate the opt-out plug-in: [Matomo iFrame].
(3) This website uses Matomo with the “AnonymizeIP”.extension. In this way, abbreviated IP addresses will be further processed, eliminating personal references. (2) The IP address transmitted from your browser in the context of Matomo will not be merged with other data we collect.
(4) The Matomo program is an open-source project. You may learn more about this third-party information privacy provider at https://matomo.org/privacy-policy/.
Use of social media plug-ins
(2) We have no impact on the collected data or the data processing procedures, and we do not know the full scope of data collection, purposes of processing or length of storage time. Nor do we have any information regarding deletion of the collected data by the plug-in provider.
(3) The plug-in provider stores your collected data as a user profile and uses it for advertising purposes, market research and/or needs-driven design of its website. Such assessment especially takes place (even for users who are not logged in) through the presentation of needs-driven advertising and to inform other users of the social network regarding your activities on our website. You have the right to object to the creation of this user profile; this objection must be lodged directly with the respective plug-in provider. Regarding the plug-ins, we offer you the opportunity to interact with the social networks and other users in helping us to improve our offering and to be able to create more interesting designs for you, the user. The use of social media plug-ins, in accordance with Article 6 paragraph 1 lit. f GDPR, serves to safeguard, in a balancing of interests, our predominant legitimate interest in continuous improvement and in designing our products and services in an interesting way for you as a user.
(4) Information transfer takes place regardless whether you maintain an account with the plug-in provider and are logged into it there. If you are logged into the plug-in provider, the information we collected on you will be mapped by the plug-in provider directly at your existing account. When you click the activated button and link to the page, for example, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that after using a social network you regularly log out, especially before clicking to activate the button, since in this way you will be able to avoid being mapped by the plug-in provider.
(5) Further information on the purpose and extent of data collection and its processing by the plug-in provider can be obtained via the following shared information privacy statements by these providers. There you will also receive additional information regarding your rights concerning this matter and possible settings to protect your private sphere.
(6) Addresses of the respective plug-in providers and URLs with their information privacy statements:
- Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google has subscribed to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has subscribed to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- Xing AG, Gänsemarkt 43, 20354 Hamburg, GERMANY; http://www.xing.com/privacy.
- LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn has subscribed to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Integration of Google Maps
(1) We use the Google Maps offer at this website. In this way, we can display interactive maps directly at the website and provide you with convenient use of the map function. The use of Google Maps, in accordance with Article 6 paragraph 1 lit. f GDPR, serves to safeguard, in a balancing of interests, our predominant legitimate interest in enabling our company to be quickly and easily located.
(2) When you visit the website, Google retains the information that you have requested at the bottom of the corresponding page of our own website. In addition, the information described in Sec. 3 is sent. This takes place regardless whether Google has provided a user account and you have logged into it or whether there is no user account. If you are logged into Google, your information is mapped directly to your account. If you prefer not to have this information mapped with your Google profile, you must log out before activating the button. Google stores your data as a user profile and uses it for advertising purposes, market research and/or needs-driven design of its website. Such assessment especially takes place (even for users who are not logged in) through the presentation of needs-driven advertising and to inform other users of the social network regarding your activities on our website. You have the right to object to the creation of this user profile; this objection must be lodged directly with Google.
(3) Further information on the purpose and extent of data collection and its processing by the plug-in provider can be obtained via the shared information privacy statements of these providers. There you will also receive additional information regarding your rights concerning this matter and possible settings to protect your private sphere: http://www.google.de/intl/de/policies/privacy. Google also processes your personal information in the United States and has subscribed to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Recipient/Disclosure of data
Unless already mentioned above, data you provide to us will not be passed on to third parties. In particular, your data will not be disclosed to third parties for their advertising purposes.
We make use of external service providers (processors) for assignments such as the sending of goods, newsletters or payment transactions. A separate assignment information processing agreement is concluded with the service provider to protect your personal information.