PPI AG

Data protection policy

At PPI AG, we take the protection of your privacy in the collection, processing and use of your data very seriously.

The following explanation provides an overview of how we guarantee data protection and what kind of data is collected for which purpose.

Processing purposes and legal basis

Making our website accessible

When you visit our website, our web servers automatically save the following data:

  • Information about the browser type and version used
  • The operating system of the user
  • The Internet service provider of the user
  • The IP address of the user
  • Date and time of when the site was accessed
  • External websites from which the system of the user accessed our website
  • External websites accessed by the system of the user from our website

The data is saved to ensure the functionality of the website. The data is also used to optimise the website and to safeguard the security of our IT systems. We also process this data to detect and track misuse. In this regard, the legal basis is Article 6, subparagraph 1, point (f) of the General Data Protection Regulation (GDPR). Our legitimate interest in processing the data is to ensure that our website functions properly and to safeguard the transactions processed by means thereof.

The data is stored in the log files of our servers for four weeks and then deleted automatically.

In this regard, the data is not evaluated for marketing purposes.

Your personal data will however be processed if you provide it to us, for example, in the context of a request or placing an order for information or registering for a newsletter. This is based on the provisions of Article 6, subparagraph 1, point (b) of the GDPR.

The name and contact details of the controller

The data is in the control of:

PPI AG, Moorfuhrtweg 13, 22301 Hamburg, Germany

Phone: +49 40 227433-0

Fax: +49 40 227433-1333

E-mail: info(at)ppi.de

Internet: www.ppi.de

 

Data protection officer

If you have further questions regarding the processing of your personal data, you can contact our data protection officer directly, who is also available to you should you wish to request information, request that an action be taken or make a complaint:

PPI AG

Data protection officer

[Moorfuhrtweg 13]

22301 Hamburg, Germany

E-mail: datenschutz(at)ppi.de

Transmission of data

Transmission of data

PPI AG will only transfer data relating to the use of the electronic services to third parties in accordance with the applicable statutory provisions if there is a legal obligation to do so (such as disclosures to public authorities) or if this is necessary for the enforcement of our rights (such as claims arising from a contractual relationship).

In addition, we will only disclose data to external service providers in such instances where this is necessary for the provision of products and services and a contractual agreement has been concluded. These instruction-bound service providers or processors will only use the data in terms of a contract for the purpose of performing their obligations.

Under no circumstances will the collected data be sold. Our employees are obliged to maintain and safeguard the confidentiality of the personal data provided to us. 

Security of your personal data

We protect your data by means of technical and organisational security measures to prevent the accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures, such as data encryption, are regularly improved in accordance with the development of the technology.

Online Marketing

Marketing and advertising

By means of the contact details provided to us, we regularly inform you by telephone, e-mail, fax or post about our products, services, newsletters (such as Basel III) and themed events (such as seminars and conferences).

You only receive this information if you have consented to your data being processed for the purpose of receiving advertising (Article 6, subparagraph 1, point (a) of the GDPR).

The processing of your data for the purpose of advertising, insofar as this is permitted without your consent, is then in terms of our interest to provide you with the requested information (for example, about our products and services and themed events) and to give you the best possible support (Article 6, subparagraph 1, point (f) of the GDPR).

The e-mails are sent by the distribution service provider CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. The privacy policy of the distribution service provider can be viewed here: www.cleverreach.com/en/privacy-policy/. The distribution service provider is engaged in terms of a processing contract in accordance with Article 28, subsection 3, first sentence of the GDPR.

Your data will be retained in the systems until you request the deletion of your data.

Online applications

If you use our website to submit your application online via our career portal (www.ppi.de/karriere), your data will be securely transmitted to us and stored in our application system in terms of your consent in accordance with Article 6, subparagraph 1, point (b) of the GDPR. We collect different types of information in this regard. In particular, this includes your personal information with your contact details as well as a description of your education, work experience and skills. You also have the option of providing us with electronically saved documents, such as references or your covering letter.

The data transmitted to us for a contract of employment is saved in compliance with the statutory requirements for the purpose of entering into an employment relationship. Should we be unable to offer you employment within the scope of the application process, we will delete your data after six

Cookies

a) This website uses the following types of cookies, the scope and function of which are explained below:

  • Transient cookies (see b)
  • Persistent cookies (see c)

b) Transient cookies are automatically deleted when you close the browser. In particular, these include session cookies. They save a session ID with which the various requests from your browser can be assigned to the joint session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close the browser.

c) Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

d) You can configure your browser settings in accordance with your wishes, for example, to accept third-party cookies or to reject all cookies. In this event, please note that you may not be able to use all the features of the site.

e) We use cookies to identify you when you return to the site, if you have an account with us. Otherwise, you would need to log in again every time you return to the site.

Tracking with LeadLab – wiredminds

Our website uses the counting pixel technology of wiredminds GmbH (www.wiredminds.de) to analyse visitor behaviour.

This may result in data being collected, processed and stored from which user profiles are created under a pseudonym. Where possible and appropriate, these usage profiles are completely anonymised. Cookies can be used for this purpose. Cookies are small text files that are stored in the visitor’s web browser and are used to recognise the web browser. The collected data, which may also contain personal data, is transmitted to wiredminds or collected directly by wiredminds. The information that is left by visits to the websites may be used by wiredminds to create anonymised user profiles. Unless the person concerned has specifically granted their consent, the data thereby obtained will not be used to identify the visitors to this website personally and it will not be merged with the personal data of the bearer of the pseudonym. Insofar as IP addresses are recorded, they are immediately anonymised by deleting the last number block. https://www.wiredminds.de/datenschutz/#c874

Newsletter

On our website, you can subscribe to a free newsletter from PPI on relevant topics or sectors. On registration, your data is transmitted to us from the input mask (title, first name, name, company, e-mail address).

The newsletter is sent to you on the basis of your registration on our website and your consent in terms of Article 6, subparagraph 1, point (a) of the GDPR. Your e-mail address is collected for the purpose of providing you with the newsletter. The collection of other personal data in the context of the registration process serves to prevent the misuse of the services or the e-mail address used. In addition, reference is made to this data protection policy within the context of the registration. The only direct advertising sent via the newsletter is for PPI’s own services. The data will only be used by us for the purpose of sending the newsletter.

The newsletters are sent by the distribution service provider CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. The privacy policy of the distribution service provider can be viewed here: www.cleverreach.com/en/privacy-policy/. The distribution service provider is engaged in terms of a processing contract in accordance with Article 28, subsection 3, first sentence of the GDPR.

Your data will be retained in the systems until you unsubscribe from the newsletter or you request the deletion of your data.

Tracking with Google Analytics

On the basis of our legitimate interests (i.e. our interest in the analysis, optimisation and commercial operation of our online content within the meaning of Article 6, subparagraph 1, point (f) of the GDPR), we make use of Google Analytics, a web analytics service provided by Google LLC (“Google”). Google uses cookies. The information generated by the cookie about the use of our online content by the users is generally transferred to a Google server in the USA and stored there.

Google is certified under the Privacy Shield Frameworks and thereby guarantees that it complies with the European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google uses this information on our behalf to evaluate the use of our online content by users, to compile reports on activities in relation to this online content and to provide us with further services in relation to the use of this online content and the Internet. Pseudonyms for the user profiles may be created from the processed data of the users.

We only use Google Analytics with activated IP anonymisation. This means that the IP address of users within member states of the European Union or in other states that are parties to the agreement on the European Economic Area will be truncated by Google. The full IP address will only be transferred to a Google server in the USA and truncated there in exceptional cases.

The IP address transferred by the user’s browser will not be associated with the other data in Google’s possession. Users can refuse cookies by making the appropriate adjustments to the settings of their browser. In addition, users can also prevent Google from collecting the data generated by the cookie and their use of the online content as well as the processing of such data by Google by downloading and installing the browser plug-in that is available from the following link: http://tools.google.com/dlpage/gaoptout?hl=de. For more information on the use of data by Google, the setting options and opportunities to raise objections, please read Google’s Privacy Policy (https://policies.google.com/technologies/ads) as well as the settings for the insertion of ads by Google (https://adssettings.google.com/authenticated).

The personal data of users will be deleted or anonymised after 14 months.

Social Media

Online presence in social media

We maintain an online presence within social networks and platforms in order to communicate with customers, prospective customers and users who are active there and to be able to inform them about our services. When using the respective networks and platforms, the terms and conditions and the data processing policies of the respective provider apply.

Unless otherwise specified in our data protection policy, we process the data of users if they communicate with us on social networks and platforms, for example, if they post contributions to our online presence or send us messages.

Facebook

This content uses social plugins (“plugins”) from the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins are identifiable by one of the Facebook logos (a white “f” on a blue tile or a “thumbs up” sign) or are marked by the addition of “Facebook Social Plugin”. The list and appearance of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/

When a user makes use of this content by visiting a web page that contains such a plugin, the user’s browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser which incorporates it into the website. Consequently, the provider has no influence on the amount of data that Facebook collects with the assistance of this plugin and therefore informs users to the extent of its knowledge:

By embedding the plugins, Facebook receives the information that a user has accessed the relevant page of the content offered. If the user is logged into Facebook, Facebook can assign the visit to the user’s Facebook account. If users interact with plugins, for example, by clicking a Like button or leaving a comment, the corresponding information is transmitted from your browser directly to Facebook and stored there. If a user does not have a Facebook account, Facebook may nevertheless be able to collect and save the user’s IP address. According to Facebook, only an anonymised IP address is stored for users in Germany.

The purpose and scope of the collection of the data and the further processing and use of the data by Facebook, as well as the related rights and setting options to protect the privacy of users, can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/

If a user has a Facebook account and does not want Facebook to collect data about the user via the content offered and associate it with the user’s account data stored on Facebook, the user needs to log out of Facebook before visiting the website.

Facebook social plugins can also be blocked by means of add-ons for your browser, for example with the Facebook Blocker.

Google+

This content uses the +1 button of the Google Plus social network operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (“Google”). The button is recognisable by a “+1” sign on a white or coloured background.

When a user makes use of this content by visiting a website that contains such a button, the browser establishes a direct connection to the Google servers. The content of the +1 button is sent by Google directly to the user’s browser and embedded by it into the website; the provider therefore has no influence on the amount of data that Google collects via the button. According to Google, no personal data is collected unless the button is clicked. This data, including the IP address, is then only collected and processed in respect of members who are logged in.

The purpose and scope of the collection of the data and the further processing and use of the data by Google, as well as your rights in this regard and the setting options to protect your privacy, can be found in Google’s privacy policy in respect of the +1 button: http://www.google.com/intl/de/+/policy/+1button.html and the FAQ:  http://www.google.com/intl/de/+1/button/

XING

The online content that we provide may include certain functions and content of the Xing service provided by XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. This may include content, such as images, videos or text, and buttons that users can use to express their approval of the content and the authors of the content, or subscribe to our posts. If the users have a Xing account, using the above-mentioned content and functions can be used by Xing to assign such use to the profiles of their users. The data protection policy of Xing: https://www.xing.com/app/share?op=data_protection

Twitter

The content we provide online may include certain functions and content of the Twitter service provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. This may include content, such as images, videos or text, and buttons that users can use to express their approval of the content, the authors of the content or subscribe to our posts. If the users have a Twitter account, using the above-mentioned content and functions may be used by Twitter to assign such use to the profiles of their users. Twitter is certified under the Privacy Shield Frameworks and thereby guarantees that it complies with the European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). The Twitter privacy policy: twitter.com/de/privacy, opt-out: https://twitter.com/personalization

LinkedIn und SlideShare

The content we provide online may include certain functions and content of the LinkedIn service provided by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. This may include content, such as images, videos or text, and buttons that users can use to express their approval of the content, the authors of the content or subscribe to our posts. If the users have a LinkedIn account, using the above-mentioned content and functions may be used by LinkedIn to assign such use to the profiles of their users. The LinkedIn privacy policy: www.linkedin.com/legal/privacy-policy. LinkedIn is certified under the Privacy Shield Frameworks and thereby guarantees that it complies with the European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). See the privacy policy: www.linkedin.com/legal/privacy-policy, opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Instagram

The content we provide online may include certain functions and content of the Instagram service provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. This may include content, such as images, videos or text, and buttons that users can use to express their approval of the content, the authors of the content or subscribe to our posts. If the users have an Instagram account, using the above-mentioned content and functions may be used by Instagram to assign such use to the profiles of their users. The Instagram privacy policy: http://instagram.com/about/legal/privacy/.

Pinterest

The content we provide online may include certain functions and content of the Pinterest service provided by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA. This may include content, such as images, videos or text, and buttons that users can use to express their approval of the content, the authors of the content or subscribe to our posts. If the users have a Pinterest account, using the above-mentioned content and functions may be used by Pinterest to assign such use to the profiles of their users. The Pinterest privacy policy: https://about.pinterest.com/de/privacy-policy.

YouTube

We embed certain videos from the YouTube platform of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy policy: www.google.com/policies/privacy/, opt-out: adssettings.google.com/authenticated

Google Maps

We include maps from the Google Maps service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. In particular, the processed data may include the IP addresses and location data of users but which are not collected without the user’s consent (usually carried out when setting up their mobile devices). The data may be processed in the USA. Privacy policy: www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated

Shariff-Sharingfunktionen

We use Shariff buttons for the protection of privacy. Shariff was developed to provide greater privacy in the Internet and to replace the usual “share” buttons of social networks. Here it is not the user’s browser but the server on which the online content is located that establishes a connection to the server of the respective social media platform and requests, for example, the number of likes, etc. Thereby, allowing the user to remain anonymous. For more information about the Shariff project, refer to the developers at c't magazine: www.ct.de.

Your rights

Your right to access information

In terms of Article 15 the GDPR, you always have the right receive information about the origin, recipient, purpose and duration of data processing of the data retained by us in respect of you. You can submit a request by post or e-mail to the addresses provided below.

Right to request the rectification of inaccurate data

You have the right to demand the rectification of your personal data without undue delay if it is inaccurate (Article 16 of the GDPR). In this regard, please make use of the contact addresses set out below.

Right to erasure

You have a right to the erasure (“right to be forgotten”) of your personal data without undue delay if one of the legal grounds in terms of Article 17 of the GDPR applies. Such grounds apply:

  • If the personal data is no longer necessary for the purposes for which it was originally processed.
  • If you have withdrawn your consent and there is no other legal ground for the processing.
  • If you object to the processing and there are no overriding grounds for the processing.

In order to assert your right to erasure, please make use of the contact addresses provided below.

Right to the restriction of processing

You have the right to restrict processing if one of the conditions applies in accordance with the provisions of Article 18 of the GDPR. Thereafter, the restriction of processing may be required, in particular, if the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of the use of the personal data instead or if the data subject objects to the processing pursuant to Article 21, subparagraph 1 of the GDPR pending verification of whether our legitimate grounds override your rights. In order to assert your above-mentioned right, please make use of the contact addresses provided below.

Right to data portability

You have the right to data portability in terms of Article 20 of the GDPR. You have the right to receive the data concerning you, which you provided us with, in a conventional, structured and machine-readable format and to have this data transferred to another controller, such as another service provider. This is subject to the conditions that the processing is based on consent or on a contract and can be carried out using automated procedures. In order to assert your above-mentioned right, please make use of the contact addresses provided below.

Right to object

You have the right to object, at any time, in terms of Article 21 of the GDPR on grounds relating to your particular situation to the processing of your personal data which is based, inter alia, on point (e) or (f) of subparagraph 1 of Article 6 of the GDPR. In which event, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is for the purpose of asserting, pursuing or defending a legal claim. In order to assert your above-mentioned right, please make use of the contact addresses provided below.

Right to lodge a complaint

You have the right to lodge a complaint in terms of Article 77 of the GDPR with the competent supervisory authority if you are of the opinion that the processing of your personal data is unlawful:

Free and Hanseatic City of Hamburg
The Hamburg Commissioner for Data Protection and Freedom of Information

Status and amendment of this data protection policy

Please note that we update this data protection policy from time to time so that it always complies with the most recent legal requirements and covers all our content. The latest version applies subject to the following update notice.

Your statutory rights to information, rectification, restriction, erasure and to raise an objection shall remain unaffected by any such amendment.

Last update: 10.07.2018