A. Data processing on our website

In this section we inform you about the processing of your data when you visit our website.

A.I. Operation of the website

Scope of data processing
When you call up our website, the following data is transmitted to our web server and stored in a log file:

• IP address
• date and time of the respective access to a page of the website
• amount of data transferred to your device
• files retrieved via the homepage
• URL of the page/homepage from which you accessed our website
• Browser used by you (type and version)
• operating system used by you (type and version)

Purposes of the data processing
The processing of this data is necessary to display the contents of the website in the best possible way on your device. In addition, we process this data to defend against, investigate and clarify attacks on our IT.

Legal basis of data processing
The processing of this data is carried out in accordance with Art. 6 (1) lit. f DSGVO based on our legitimate interest already mentioned above in being able to display the website to you in the best possible way and to be able to track attacks on our IT.

Recipients of the data
Our web hosting service provider processes the aforementioned data strictly in accordance with instructions on our behalf on the basis of a contract for commissioned processing pursuant to Art. 28 DSGVO. These are: Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp.
As part of the operation of the website, we are supported by the advertising agency ARTWORXX - Anne Pralle, An der Reeperbahn 10, 28217 Bremen with whom we have also concluded a contract for order processing in accordance with Art. 28 DSGVO.

Storage period
The log data is stored for a period of 7 days and then deleted, unless it is necessary to keep it longer by way of exception in order to follow up on an identified attack.

A.II.Use of cookies

When you visit our websites, we set so-called cookies. These are small text files that are stored on your terminal device. Cookies usually contain a characteristic sequence of characters, the so-called cookie ID, with which your browser can be identified when you call up our web pages again.
The cookies of the website contain personal data. Cookies save you from having to enter data several times, facilitate the transmission of specific content and help us to identify particularly popular areas of our website. They thus enable us to continuously improve the structure and content of our website.
The data processing involved in the use of cookies is described in more detail below.

1. technically necessary cookies

Scope of data processing
Technically necessary cookies enable basic functions and are required for the proper functioning of the website. On our website, we use the session cookie PHPSESSID, which can only be used by the current website. No information is stored in the user's browser.

Purposes of data processing
This cookie is used to increase the user experience.

Legal basis of data processing
The legal basis for the use of the cookie is Art. 6 para. 1 sentence 1 lit. f DSGVO.
We use the cookie to increase the usability of the website. This session cookie saves your current session with regard to PHP applications and thus ensures that all functions of the site based on the PHP programming language can be fully displayed. This is also where the particular interest in data processing lies.

Storage period
The information is stored only until the end of the browser session.

2. analysis cookies (statistics)

Scope of data processing
We use Matomo (formerly Piwik) for web analytics, a service provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769, ("Matomo"). Matomo is disabled when you visit our website. Only if you actively consent, your usage behavior is recorded anonymously. The protection of your data is important to us, which is why we have additionally configured Matomo so that your IP address is only recorded in abbreviated form. The Matomo analysis tool works by setting a cookie that is stored as a so-called "persistent cookie" as a small text file on your terminal device beyond the end of your visit. The cookie has a duration of two weeks and allows not only the recognition of visitors who have already been on the website, but also the non-personal analysis of the behavior of visitors on the website.

Purpose of data processing
Matomo is used to increase the user-friendliness of our website.

Legal basis
The legal basis for the use of Matomo is your consent according to Art. 6 para. 1 sentence 1 lit. a DSGVO. You can revoke your consent at any time and without giving reasons for the future. To do so, you can set the Matomo cookie to inactive in the cookie settings on our website.

Recipients of the data
We operate our own Matomo server and therefore do not transmit any analysis data to third parties.

3. deactivation of cookies

You have full control over the use of cookies and can delete cookies in your browser, disable the storage of cookies altogether, selectively accept certain cookies and, if necessary, set your browser to notify you if a cookie is to be set. Please use the help functions of your browser to learn how to change these settings. This may limit the functionality of our websites.

Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en
Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Edge: https://support.microsoft.com/en-us/topic/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d
Internet Explorer: https://support.microsoft.com/en-us/topic/how-to-delete-cookie-files-in-internet-explorer-bca9446f-d873-78de-77ba-d42645fa52fc

A.III. contact form

Scope of data processing
You can contact us via a contact form on the website. In doing so, we collect the following data:

• First name, last name
• E-mail address
• Telephone number
• Street, No.
• Postal code, city
• Company, position
• Message

Purpose of data processing
We process your data in order to be able to handle your inquiry, registration and/or appointment with us in the best possible way.

Legal basis of data processing
We process your data on the basis of Art. 6 para. 1 sentence 1 lit. f DSGVO. Our legitimate interest lies in responding to your inquiry directed to us.

Recipients of the data
The data is only processed by the abat AG contact persons responsible internally for the contact inquiries.

Storage period
The storage period depends on the content of your contact request. In principle, the data is deleted as soon as it is no longer required to achieve the purpose for which it was collected and any statutory retention obligations have expired.

A.IV. Data security

To protect your personal data against manipulation, loss, destruction or access by unauthorized persons, ongoing technical and organizational security measures are taken. In particular, we use TLS encryption when transmitting data via our website. You can recognize this by the fact that the lock symbol is closed in the status bar of your browser and the address bar begins with http://https://.

A.V. Data Analysis

Google reCAPTCHA
We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our websites. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
The purpose of reCAPTCHA is to verify whether data entry on our websites (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run entirely in the background. Website visitors are not made aware that an analysis is taking place.
The data processing is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM.

For more information on Google reCAPTCHA and Google's privacy policy, please see the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

C. Applicants

The application process requires that applicants provide us with the data necessary for their assessment and selection. The information required can be found in the job description or, in the case of online forms, in the information provided there.
In principle, the required information includes personal information such as the name, address, a means of contact and proof of the qualifications required for a position. Upon request, we will be happy to provide additional information as to what information is required.
If provided, applicants can submit their applications to us using an online form. The data is transmitted to us in encrypted form in accordance with the state of the art. Applicants can also send us their applications by e-mail. Please note, however, that e-mails sent via the Internet are generally not encrypted. As a rule, e-mails are encrypted in transit, but not on the servers from which they are sent and received. Therefore, we cannot assume any responsibility for the transmission path of the application between the sender and the reception on our server.
For purposes of applicant search, submission of applications, and selection of applicants, we may use third-party applicant management, or recruitment software and platforms and services, subject to legal requirements.
Applicants are welcome to contact us regarding the method of submission of the application or to send us the application by mail.

Processing of special categories of data
Insofar as special categories of personal data within the meaning of Art. 9 (1) DSGVO (e.g. health data, such as severely disabled status or ethnic origin) are requested from applicants in the context of the application process in order for the controller or the data subject to exercise the rights accruing to him or her under labor law and social security and social protection law and to comply with his or her obligations in this regard, their processing is carried out in accordance with Art. 9 (2) letter b. DSGVO, in case of protection of vital interests of the applicants or other persons according to Art. 9 para. 2 lit. c. DSGVO or for the purposes of preventive health care or occupational medicine, for the assessment of the employee's ability to work, for medical diagnostics, for care or treatment in the health or social sector or for the management of systems and services in the health or social sector pursuant to Art. 9 para. 2 lit. h. DSGVO. In the case of notification of the special categories of data based on voluntary consent, their processing is based on Art. 9 para. 2 lit. a. DSGVO.

Deletion of data
The data provided by applicants may be further processed by us for the purposes of the employment relationship in the event of a successful application. Otherwise, if the application for a job offer is not successful, the applicants' data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. Subject to a justified withdrawal by the applicants, the deletion will take place at the latest after the expiry of a period of six months so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the regulations on equal treatment of applicants. Invoices for any reimbursement of travel expenses will be archived in accordance with tax law requirements.

Inclusion in an applicant pool
Inclusion in an applicant pool, if offered, is based on consent. Applicants are informed that their consent to inclusion in the talent pool is voluntary, has no influence on the current application process and that they can revoke their consent at any time for the future.

Duration of data retention in the applicant pool in months: 6 months

• Types of data processed: applicant data (e.g. personal details, postal and contact addresses, the documents belonging to the application and the information contained therein, such as cover letter, CV, certificates and other information provided with regard to a specific position or voluntarily by applicants regarding their person or qualifications).
• Data subjects: Applicants.
• Purposes of processing: application procedure (establishment and possible subsequent implementation as well as possible subsequent termination of the employment relationship.).
• Legal basis: Art. 9 para. 1 p. 1 lit. b DSGVO (application procedure as a pre-contractual or contractual relationship) (Insofar as special categories of personal data within the meaning of Art. 9 para. 1 DSGVO (e.g. health data, such as severely disabled status or ethnic origin) are requested from applicants so that the data controller or the data subject can exercise the rights accruing to him or her under labor law and social security and social protection law and fulfill his or her obligations in this regard, their processing is carried out in accordance with Art. 9 (2) lit. b. DSGVO, in case of protection of vital interests of the applicants or other persons according to Art. 9 para. 2 lit. c. DSGVO or for the purposes of preventive health care or occupational medicine, for the assessment of the employee's ability to work, for medical diagnostics, care or treatment in the health or social sector or for the management of systems and services in the health or social sector pursuant to Art. 9 para. 2 lit. h. DSGVO. In the case of communication of special categories of data based on voluntary consent, their processing is based on Art. 9 para. 2 lit. a. DSGVO.).

Services used and service providers

Stepstone: Recruiting platform and services; service provider: StepStone Deutschland GmbH, Völklinger Straße 1, 40219 Düsseldorf, Germany; Website: https://www.stepstone.de/en/ Datenschutzerklärung: https://www.stepstone.de/ueber-stepstone/legal-notes/data-protection-policy/
Xing: Service provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany; Website: https://www.xing.com; privacy policy: https://privacy.xing.com/en/privacy-policy.

©Section C: Dr.Schwenke

E. Data subject rights

As a data subject, you have the following rights:

1. right to information
You have the right, upon request and free of charge, to receive information about whether data concerning you is being processed and, if this is the case, which data we are processing concerning you (Art. 15 DSGVO). You can make this request again within a reasonable time frame. In addition, you have the right to obtain a copy of your data that is the subject of our processing.

2. right to rectification
You can also request the correction of incorrect data concerning you in accordance with Art. 16 DSGVO. In addition, you have the right thereafter to request the completion of incomplete data concerning you, taking into account the purposes of the processing.

3. right to erasure
Under the conditions of Art. 17 DSGVO, you can demand the deletion of your data.

4. right to restriction of processing
You have the right to request the restriction of processing from us if the conditions of Art. 18 DSGVO are met. This is the case, for example, if the processing of your data is no longer necessary for our purposes, but you need it to assert, exercise or defend legal claims. If the processing of your data is restricted, this data - apart from storage - may only be processed by us with your consent or in the special cases mentioned in Art. 18 (2) DSGVO.

5 Right to data portability
You may, under the conditions of Art. 20 DSGVO, demand the surrender of your data in a structured, common and machine-readable format. In this case, you may also request that we transfer this data to another responsible party.

6. right of revocation
If we process your data on the basis of your consent, you have the right to revoke the granted consent at any time with effect for the future (Article 7 (3) DSGVO).

7 Right of objection
You have the possibility to object to data processing for direct advertising purposes at any time. In addition, you may object at any time to data processing based on a legitimate interest pursuant to Art. 6 (1) (f) DSGVO, Art. 21 DSGVO, if there are special reasons.

8. assertion of your data subject rights
To assert your data subject rights, please contact our data protection officer by e-mail or by letter (contact details below).

9. contact channels
Sie können Ihre Rechte über folgende Kontaktwege ausüben:
Mail:
abat+ GmbH
Kaiserstraße 170-174
66386 St. Ingnbert
Germany

E-mail:
datenschutz@abatplus.de

10. right of complaint to a data protection supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement (Art. 77 DSGVO).

11. other notices
The provision of personal data is in no case required by law or contract or necessary for the conclusion of a contract. Furthermore, we do not use automated decision-making (including profiling).