Privacy Policy and Security Information

The protection and responsible handling of personal data is a top priority at CTcon. The following policy explains which data are collected for which purposes and which protective measures are applied.

Definition of personal data

Personal data means any information relating to an identified or identifiable natural person (“data subject”). Personal data can be identified by means of identifiers or distinguishing characteristics or by information associated with the data subject (Article 4(1) GDPR).

Collection of Personal Data, Storage Period

Personal data collected via this website will be deleted as soon as the legal basis for processing no longer applies. This is in particular the case when statutory retention obligations no longer apply, consent has been withdrawn, or the original purpose of processing no longer exists and the data are no longer required for that purpose. 

Where deletion is precluded because the data are still required for other lawful purposes, processing shall be restricted to those purposes. In such cases, the data will be blocked and will not be available for any other use. Such continued storage may arise, for example, from retention requirements under commercial or tax law, or may be necessary if the data is required to assert, exercise, or defend legal claims, or to protect the rights of other natural or legal persons.

General right to object (Art. 21 GDPR) 

Where we process personal data on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR, you have the right to object to such processing at any time in accordance with Article 21(1) GDPR.

If you object, we will no longer process your personal data for the relevant purpose unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Where your personal data are processed for direct marketing purposes, you have the right to object at any time without giving reasons pursuant to Article 21(2) GDPR.

You may submit your objection informally using the contact details provided in this privacy policy.

Recipients of personal data 

All data technically generated when accessing and using our website, as well as any information you provide when contacting us, are stored and processed on CTcon’s servers.

In addition, it may be necessary in the context of the processing activities described herein to transfer personal data to the following categories of recipients:

  • Internal departments directly involved in processing your request, in particular Human Resources, Marketing and Customer Service 
  • Processors within the meaning of Article 28 GDPR, who process personal data on our behalf and in accordance with our instructions, in particular hosting providers, data centres and IT service providers
  • Contractual partners supporting CTcon in the provision of individual services, for example in shipping or logistics
  • Affiliated companies within the corporate group insofar as they are involved in service delivery

Where required by law, CTcon has concluded data processing agreements pursuant to Article 28(3) GDPR with all processors, ensuring that personal data are processed only in accordance with our instructions and in compliance with data protection regulations.
 

Use of cookies

Bitte aktivieren Sie Javascript, um die Liste aller deklarierten Cookies und ähnlicher Techniken zu sehen.

 

Server log files

The following server log files are collected, among others:

  • Browser type and version
  • Operating system used
  • Website from which you access our site (referrer URL)
  • Website you visit
  • Date and time of access
  • Your IP address

This anonymous data is analysed for statistical purposes and helps us optimise our website and our offerings.

Processing of personal data in the context of applications

Description

As part of recruitment processes, we process personal data of applicants.  This data is collected and processed for the purpose of conducting the application process and deciding whether to establish an employment relationship. Processing is carried out exclusively by CTcon employees involved in the recruitment process and is treated confidentially.

Personal data and application documents submitted as part of an application are retained for a period of three years following completion of the recruitment process to allow us to contact the data subject regarding suitable job opportunities, provided that the data subject has given their consent. Otherwise, applications are deleted after rejection, provided that the personal data is no longer needed. 

What data are collected?

In the context of the application process, the following personal data are collected in particular:

  • Title, first name, last name
  • Contact details (address, email address, telephone number)
  • Information on professional and educational background (education, studies, career history, qualifications)
  • Application documents (cover letter, CV, certificates, references)
  • Where applicable, information on salary expectations and earliest possible start date
  • Any other information voluntarily provided by the applicant as part of the application

Purpose of data collection

The collection and processing of the above-mentioned data are carried out for the following purposes:

  • Conducting the application process and assessing the applicant’s suitability for the advertised position
  • Deciding whether to offer employment
  • Contacting the applicant as part of the application process
  • Retention of application documents for potential future contact regarding suitable job opportunities

Legal Basis

  • Article 6(1)(b) GDPR (pre contractual measures)
  • Section 26(1) BDSG (German Federal Data Protection Act, where applicable)
  • Article 6(1)(a) GDPR (consent)

Place of processing

European Union

Processing of personal data in the context of service enquiries

Description

Users may submit service enquiries via our website. Personal data transmitted in this context are processed exclusively by CTcon employees responsible for handling the respective enquiry.

What data are collected?

In the context of a service enquiry, the following personal data are collected in particular:

  • Title, first name, last name
  • Company and role/function
  • Contact details (email address, telephone number)
  • Subject matter and content of the enquiry
  • Any additional information voluntarily provided

Purpose of data collection

The collection and processing of the above-mentioned data are carried out for the following purposes:

  • Processing and responding to service enquiries
  • Communication in relation to the requested services
  • Assignment of enquiries to the responsible internal department

Legal Basis

The processing of personal data in the context of service enquiries is based on the following legal grounds:

  • Article 6(1)(b) GDPR (pre contractual measures)
  • Article 6(1)(f) GDPR (legitimate interests in digital communication with interested parties)
  • Article 6(1)(a) GDPR (consent), where applicable

Place of Processing

The processing of personal data submitted in the context of service enquiries takes place exclusively in Germany or within the European Union.

Use of self-assessment

Description

Users may request evaluation reports via a self assessment tool on our website. This requires the provision of contact and company data.

What data are collected?

Salutation, title, first name, surname, email address and company. Only the first name, last name, and company are required.

Purpose of data collection

Analysis of user input and provision of the assessment report

Legal Basis

Article 6(1)(b) GDPR

Place of Processing

European Union

Use of Social Media

CTcon uses XING and LinkedIn in accordance with the respective current versions of their data usage policies and therefore has no influence on the data collection and further processing by these providers. Please refer to the providers’ websites for further information:

Plugins/Embedded YouTube videos

YouTube videos are embedded on our website using the YouTube Lyte plugin.  Initially, only a thumbnail image is loaded from YouTube’s servers. This means that user data on our website is not immediately transmitted to YouTube or Google. Videos are only loaded after the user clicks the play button.

We use YouTube to ensure an engaging presentation of our online content. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR.

For further information on how user data is handled when viewing embedded videos, please refer to YouTube’s or Google’s privacy policy at:
https://policies.google.com/privacy?hl=en

Rights of data subjects

Data subjects have the right at any time to request, free of charge, information about the personal data stored about them. They may also request the correction, restriction, erasure, or withdrawal of consent previously given for the processing of their personal data.

We would like to point out that data subject to statutory or contractual retention periods, where there is a legitimate interest of the data subject, or where erasure would require disproportionate effort due to the specific nature of the storage, will, in accordance with Article 17 GDPR, be restricted rather than erased.

Provision of personal data

The provision of personal data is generally neither legally nor contractually required for the use of our website.

However, in the case of service enquiries, we require certain personal data (e.g. name, contact details and a description of your request) in order to process your enquiry.

The provision of these data is not legally required, but is necessary for the performance of pre-contractual measures. Without this information, we are unable to process your enquiry.

In the context of applications, the provision of certain personal data as well as application documents is required in order to carry out the recruitment process. Without this information, your application cannot be considered. If mandatory information is not provided, it will not be possible to process the respective procedure.

Controller, data protection officer and contact 

The controller responsible for data processing is CTcon GmbH, Weitersburger Weg 10, 56179 Vallendar, Germany, T +49 261 96274 0, represented by the managing directors.

For any questions regarding data protection, you may contact our designated data protection contact person at:
datenschutz@ctcon.de.

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates data protection law (Article 77 GDPR).

The supervisory authority responsible for CTcon is:

The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate
Hintere Bleiche 34
55116 Mainz, Germany
Telephone: +49 6131 8920-0
Email: poststelle@datenschutz.rlp.de
Website: www.datenschutz.rlp.de

You also have the right to contact the supervisory authority at your place of habitual residence, your place of work or the place of the alleged infringement.
 

Security notice

We make every effort to protect your personal data as effectively as possible through technical and organisational measures and to prevent access by third parties.

However, complete data security cannot be guaranteed for data transmission over the Internet. In case of data transmission via the internet, liability on the part of CTcon is excluded.