Protecting your (hereinafter “you” or “user”) personal data (hereinafter “pd”) according to Art. 4(1) General Data Protection Regulation (hereinafter “GDPR) and its safety is important to us. Consequently, we are complying with data protection regulations to offer appropriate protection for pd of all users. In the following, we would like to inform you about the extent and purpose of pd processing on our website.
UNICEPTA Gesellschaft für Medienanalyse mbH, Salierring 47-53, 50667 Cologne (hereinafter “we“, “UNICEPTA“ or “Operator“) processes pd on the website exclusively within the framework set by the GDPR as well as other applicable data protection regulations.
In this pp, we first name the controller for the website as well as the data protection officer in charge. Afterwards, sorted by the type of access as well as the used cookies and social media plugins, information is offered regarding the types of pd used, the purpose and the legal basis for processing as well as possible recipients and possible legitimate interests, deletion periods and, if necessary, further information. To bring the pp to a close, we will explain your rights to you.
1. Contact details of the controller (Art. 13(1a) GDPR)
Responsible for the website’s operations and the handling of pd processing is UNICEPTA Gesellschaft für Medienanalyse mbH, Salierring 47–53, 50677 Cologne, phone no.: +49 (0) 221 9902-0, E-Mail: email@example.com
2. Contact details of the data protection officer (Art. 13(1b) GDPR)
UNICEPTA’s internal data protection officer is Ms Jana Schulz, phone no. +49 (0) 221-9902-147, E-Mail firstname.lastname@example.org.
3. Accessing the website and downloading documents
a. Types of personal data: Each time you access this website or download documents freely accessible on it, log files containing the following data will be collected automatically: browser type and version used, the operating system used, the website from which the system accessed our website (so-called referrers), which sub-websites are being accessed on our website, data and time of the access, internet protocol addresses (IP addresses) of the system accessing the website, its internet service provider as well as other similar data and information that can help with defending against attacks on our IT systems.
b. Purpose of the processing (Art 13(1c) GDPR): The data mentioned before is processed to ensure the functionality of the website and make downloads technologically possible. Furthermore, the data is used to ensure the safety of the IT systems on which the website is running.
c. Legal basis for the processing, legitimate interests (Art 13(1c-d) GDPR): The legal base for the data processing is Art. 6(1f) GDPR, meaning the legitimate interests of UNICEPTA. These legitimate interests consist of operating our online offering, including the ability to offer documents to download.
d. Recipients, third parties, transfer to third countries (Art 13(1e-f) GDPR): No pd is transferred to third parties (Art 4(10) GDPR). All pd is processed on computers located in the European Union. The hosting service provider for the website is our processor. No data is transferred to third countries. Pd is only forwarded to governmental institutions and authorities in compliance with legal requirements.
e. Deletion periods (Art 13(2a) GDPR): Pd is deleted at the latest once you stop visiting our website, that is once you close the browser on your computer. Data on the server (logfiles) is deleted once the provision of data for the purposes of keeping the systems safe is no longer necessary.
4. Establishing contact via email via the email addresses listed on the website
In several different locations such as the imprint and in the footer of every site, we are providing you with an email address to contact us by way of email. Please do not use general email addresses to send us documents with personal data such as applications. For establishing contact via email, the following provisions apply:
a. Types of pd: Relevant data are the email address, log files containing the properties of the email and the time of arrival as well as all types of pd added by the sender in the email itself.
b. Purposes of processing (Art. 13(1c) GDPR): The purpose is to reply to user inquiries as well as, subsequently, the possible initiation, establishment and implementation of a business relationship, depending on the type of inquiry.
c. Legal basis for data processing, possible legitimate interests (Art. 13(1c-d) GDPR): The legal basis for pd processing is Art 6 (1f) GDPR if the sender of the email is not already a customer or has any other type of existing business relationship with us or is in the process of initiating one. In this case, our legitimate interests lie in informing you and replying to your inquiry as well as possibly entering into a business relationship if that is part of your inquiry. If a contractual relationship already exists or one is to be initiated, the legal basis for processing is Art 6(1b) GDPR.
d. Recipients, third parties, transfer to third countries (Art. 13(1e-f) GDPR): No pd is transferred to third parties (Art. 4(10) GDPR) unless it is explicitly part of the inquiry of the user or if the user expressly agrees to it. All emails are processed on computers within the European Union. The email hosting service provider is our processor. No transfer to third countries happens, nor is it intended. Pd is only forwarded to governmental institutions and authorities in compliance with legal requirements.
e. Deletion periods (Art. 13(2a) GDPR): Pd is deleted three months after the inquiry is handled, which is also assumed to be the case if the user has not reacted to UNICEPTA’s reply to their inquiry within three months. If an inquiry leads to a contractual relationship or is in preparation of one, a deletion will happen at the latest three months after the contractual or precontractual relationship is finished, in compliance with legal retention obligations. There shall be no deletion if Art 17(3) GDPR applies, in particular if legal retention obligations exist or if pd is needed to assert, exercise or defend legal rights or to defend against legal claims.
5. Using the contact form
Before using the contact form (sending a filled-out form on the subpage https://www.unicepta.com/en/contact.html), users have to give their explicit consent to the processing of pd related to the usage of the contact form by actively checking the corresponding box. Otherwise, the filled-out form cannot be sent.
Regarding the right to revoke consent at any time, see clause 8.
a. Types of pd: Data includes the obligatory fields name, email address, subject line, the content of the message as well as the technical recording of the given consent.
b. Purpose of the processing (Art. 13 (1c) GDPR): The purpose of the processing is to reply to the user’s inquiry as well as the possible initiation, establishment and implementation of a business relationship, depending on the type of inquiry.
c. Legal basis for the processing (Art. 13 (1c) GDPR): The legal basis is Art 6. (1a) GDPR, meaning the given consent and/or, depending on the ongoing communications, Art. 6 (1b) GDPR for the initiation or implementation of a business relationship.
d. Recipients, third parties, transfer to third countries (Art 13(1e-f) GDPR): No pd is transferred to third parties (Art 4(10) GDPR) unless the user explicitly asks for it and their consent also applies to said transfer. All data is processed on computers located in the European Union. The hosting service provider for the website and emails respectively is our processor. No data is transferred to third countries. Pd is only forwarded to governmental institutions and authorities in compliance with legal requirements.
Deletion periods (Art 13 (2a) GDPR): Pd is deleted once three months have passed after the inquiry has been answered or handled unless the nature of the inquiry requires a different process (for instance by providing consultation) or when you revoke your consent ahead of time. If the inquiry leads to a contractual relationship with UNICEPTA or immediately prepares such a relationship, data is deleted according to legal provisions, at the latest three months after the pursued precontractual or contractual relationship has ended. Deletion occurs unless Art. 17 (3) GDPR applies, in particular when legal retention obligations exist or if pd is needed to assert, exercise or defend legal rights or to defend against legal claims.
6. Transmission of application documents
At https://www.unicepta.com/en/career/unicepta-job-offers.html we offer job applicants the possibility to send us a job application, either via a separate portal, for which separate data protection regulation apply [see], or via an e-mail to our HR department email@example.com. Please do not send applications via general email addresses. For applications send by email, the following provisions shall apply.
a. Types of pd: If the applicant sends an email, the relevant data are the email address including the log files on our computers, as well as all pd related to the application and communicated by the applicant, for example title, surname, first name, details from the CV, certificates and similar documents.
b. Purposes of processing (Art. 13(1c) GDPR): The purpose of processing is the selection of applicants and the potential start of an employment relationship.
c. Legal basis for data processing (Art. 13(1c) GDPR): The legal basis is the desired employment relationship, and actions that may be required for entering into an employment relationship, respectively, in accordance with § 26 Federal Data Protection Act (BDSG), or, if applicable, Art. 6 (1b) GDPR, if the applicant applies for freelance work.
d. Recipients, third parties, transfer to third countries (Art. 13(1e-f) GDPR): No pd is transferred to third parties (Art. 4(10) GDPR). All emails are processed on computers within the European Union. The email hosting service provider is our processor. No transfer to third countries happens, nor is it intended. Pd is only forwarded to governmental institutions and authorities in compliance with legal requirements.
e. Deletion periods (Art. 13(2a) GDPR): Pd is deleted three months after the end of the application process, (i.e. after the decision on the selection or non-selection of a candidate has been communicated), unless (i) the application was successful and the application documents are being added to a personnel file (§ 26 Federal Data Protection Act BDSG), (ii) you, in your capacity as applicant, explicitly granted your permission to being included in a talent pool for a certain period (after the end of this time period, the data will be deleted), and/or (iii) Art. 17 (3) GDPR applies, in particular if legal retention obligations exist or if pd is needed to assert, exercise or defend legal rights or to defend against legal claims.
a. Cookies in general
UNICEPTA uses so-called "cookies". Cookies are small text files, which store settings of websites, e.g. in the user’s web browser, as part of the use of the website. Cookies are used to make the handling of the website easier. UNICEPTA uses session-ID cookies. These cookies are only stored in the user’s web browser during the user’s website session and will be automatically deleted after the user closes the browser. Every user has the option to prevent the installation of such cookies via activating the corresponding browser setting. In this case, however, the user might not be able to make full use of all functions on the website.
Depending on the browser you use, you have different options to prevent the storage of cookies on your computer, suppress existing cookies, display them and delete them. If you have trouble doing this, we recommend you go to the manufacturer’s website where you can get the required information. If you decide that you do not want cookies to be stored on your computer, you will still be able to access our website.
In order to improve the quality of our offering and website, we store data on each access to our website for statistics purposes. To do this, the website uses Google Analytics, a web analysis service owned by Google Inc. (“Google). The use is based on Art. 6 (1 f) GDPR. Google Analytics uses so-called “cookies“, text files which are stored on your computer and enable an analysis of your use of the website. The information on your use of the website generated by the cookie, such as
· the type/version of the browser,
· the operating system used,
· referrer URL (the website last visited by you),
· host name of the accessing computer (IP address),
· time of server inquiry,
are usually transmitted to a Google server in the US where they are stored. The IP address transmitted by your browser as part of Google Analytics is not being combined with other data obtained by Google. Moreover, we have extended Google Analytics by the code “anonymizeIP“ on this website. This guarantees the masking of your IP address, and thus that all data is collected anonymously. Only in exceptional cases is the full IP address transferred to a Google server in the US where it will be shortened.
On behalf of the operator of this website, Google will use the information to analyse your use of the website, to compile reports on the website activities and to supply further services related to the website use and the internet use to the website operator. You can prevent the storage of cookies by activating the corresponding setting in your browser software; but please note that you might not be able to make full use of all functions on the website in this case.
Moreover, you can prevent the collecting of data related to your use of the website (including your IP address) generated by the cookie by Google and the processing of the data by Google by downloading and installing the browser plug-in available here: https://tools.google.com/dlpage/gaoptout?hl=en. If you follow the link, an opt-out cookie is being set, which will prevent the collection of data when you visit this website. The opt-out cookie does only work with the specific brower and only with our website and is being stored on your device. If you delete the cookies in this specific browser, you will have to set the opt-out cookie again. [Note: Here you can find a guide on the integration of the opt-out cookie: https://developers.google.com/analytics/devguides/collection/gajs/?hl=de#disable].
b. General remarks on social media plug-ins
As an additional service, our website offers you social buttons, which enable the interaction with social media services. In order to prevent an unwanted transfer of your user data (for example the address of the website you are currently visiting), you only reach these services when you click on the link. On the individual service site, the social networks may then potentially collect and analyse the data. We cannot influence how and if the data is being collected and influenced.
We therefore inform you based on our knowledge:
Only when you click on the link your browser may potentially establish a direct connection to the servers of the above-mentioned services. This way, the information that you have visited our website is being indirectly (referrer) transmitted to these services. If you are logged into your personal account with the service when your visit our website, you can usually “share” the document or leave a comment, etc. after you have clicked on the social button. If you do not want such a data transfer, we strongly recommend that you not click on the social buttons.
For information on the purposes and extent of the data collection carried out by the social media services and the further processing and use of your data by these services as well as your rights regarding the data and setting options to protect your privacy, please refer to the data protection notices of the social media services.
c. Remarks on Facebook
Facebook is partly used as a link, partly as a plug-in.
The website includes a social plug-in of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook“). The plug-in is solely operated by Facebook and can be recognized by one of the Facebook logos. A list is available here: https://developers.facebook.com/docs/plugins/#page-plugin.
When you visit the website with a Facebook plug-in, your browser will make a direct connection with Facebook’s servers. According to information from Facebook, at least the information that you have visited the website, including your IP address, date, time, the browser and the operating system used are transferred to Facebook, where the data will be deleted after 90 days. If you are logged into your personal Facebook user account when you visit the website, Facebook can match your visit with your user account. If you click on a Facebook plug-in or use other Facebook functions (e.g. writing a comment), this information will also be transmitted to Facebook and stored by Facebook. If you want to prevent this, you have to log out of your personal Facebook user account before you visit the website. Moreover, you can block the Facebook plug-ins with add-ons for your browser.
The operator does not receive any information on the data collected by the Facebook plug-ins and transferred to Facebook. For information on the purpose and extent of use of the pd collected by Facebook as well as on your rights and options to protect your privacy, please refer to Facebook’s data protection notice, which is available here: https://www.facebook.com/policy.php.
d. Remarks on Google +
Our websites use Google+ functions, which are offered by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
Collection and disclosure of information: Via the Google+ button, you can publish information globally. Via the Google+ button, you and other users receive personalized content from Google and our partners. Google stores both the information that you have clicked +1 for content and information on the site you have viewed when you clicked +1. Your +1 can be displayed as notes in Google services, such as search results or your Google profile or on other places on websites an in internet advertisements, together with your profile name and your photo.
Google records information on your +1 activities to improve Google services for you and others. In order to be able to use the Google+ button, you need a globally visible, public Google profile, which at least has to include the name chosen for the profile. This name is used by all Google services. In some cases, the name can also replace another name, which you have used to share content via your Google account. The identity of your Google profile can be displayed to users who know your e-mail address or have other identifying information about you.
Use of the collected information: In addition to the above-mentioned purposes, the information made available by you is being used in accordance with the latest Google data protection guidelines. You can find the current guidelines here: https://policies.google.com/privacy?hl=en. Google may publish summarized statistics on the users' +1 activities and/or transfers to users and partners, such as publishers, advertisers, or related websites.
e. Remarks on Twitter
Functions of the Twitter service are integrated into the website. These functions are offered by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. By using Twitter and the “re-tweet“ function, the websites visited by the user are connected to their Twitter account and made known to other users. In this context, data is transferred to Twitter, as well. We, the website operator, would like to inform you that we neither have any knowledge about the content of the transmitted data nor do we know how the data is used by Twitter. For further information, please refer to Twitter’s privacy statement: https://twitter.com/en/privacy.
f. Remarks on YouTube
Our website uses plug-ins of Google’s YouTube platform. The operator of YouTube is: YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our websites that is equipped with a YouTube plug-in, a connection to the YouTube servers will be established. Via this connection, they YouTub server is informed about which of our sites you have visited.
If you are logged into your YouTube account, you enable YouTube to directly match your surfing behavior with your personal profile. You can prevent this if you log out of your YouTube account.
For further information on the use of user data, please take a look at YouTube’s privacy statement: https://policies.google.com/privacy/update?hl=de.
Provided the legal requirements are met, you have the right at any given time to:
§ receive information on personal data processed by our company, in particular on its purpose, categories of recipients with current or future access to your personal data, planned storage period and on the existence of the rights explained in this paragraph in accordance with Art. 15 of the GDPR.
§ demand the immediate correction of false personal data or its completion in case of missing information as per Art. 16 of the GDPR.
§ request the deletion of your personal data as per Art. 17 of the GDPR if processing said data is not required to ensure the freedom of opinion and information, fulfil legal obligations, due to reasons of public interest or for enforcing, exercising or solely defending rights in legal claims.
§ in accordance with Art. 18, place restrictions on the amount of personal data to be processed if either its veracity is in question or its processing is unlawful, but you reject a deletion and we no longer need the data, though you may need the data in future to enforce, exercise and defend legal claims or you object to its processing as per section 21.
§ To receive the personal data you provided to us in a standardized, structured and machine-readable format or demand a transfer to a third party as per Art. 20.
§ revoke previous consent to processing your personal data in accordance with Art. 7 (3), which will result in our company no longer being allowed to process the data and
§ complain at a regulatory authority as per Art. 77 of the GDPR. In general, authorities in your place of residence or workplace or in the country in which UNICEPTA maintains its headquarters are available.
Provided personal data is processed based on legitimate interest as per Art. 6 (1 lit. 1 f) of the GDPR, the affected individual has the right to object against the processing of his/her personal data if there are reasons that stem from a particular situation or if the individual objects to direct advertising. In case of the latter, the individual has a general right to object, which our company implements without needing detailed information on a particular situation.
To exercise these rights, it is advised to contact the authorities mentioned in Art. 77.