Data Privacy Statement
(as at: 01 february 2024)I. Data Controller and Data Protection Officer
The controller is:
JENOPTIK Robot GmbH
Opladener Strasse 202
40789 Monheim am Rhein
Germany
Telephone: +49 2173 3940-0
E-mail: traffic-solutions@jenoptik.com
Website: www.jenoptik.com
represented by the managing director: Tobias Deubel
registered in the Commercial Register at the Local Court of Düsseldorf, HRB 47032
Data Protection Officer of JENOPTIK Robot GmbH
Opladener Strasse 202
40789 Monheim am Rhein
Germany
E-mail: dataprotection.sms@jenoptik.com
II. General information on data processing
1. Scope of the processing of personal data
We only process the personal data of our users to the extent that this is necessary to provide a functional website as well as our content and services. We generally only process our users’ personal data after obtaining the consent of the user. An exception applies in such cases in which the processing of the data is permitted by legal regulations.
2. Legal basis for the processing of personal data
To the extent that we obtain the consent of the data subject for the processing of personal data, Art. 6(1) a EU General Data Protection Regulation (GDPR) is the legal basis for the processing of personal data.
Where the processing of personal data is necessary for the fulfillment of a contract to which the data subject is a party, Art. 6(1) b GDPR is the legal basis. This also applies to processing that is necessary to carry out pre-contractual measures.
To the extent that the processing of personal data is necessary to fulfill a legal obligation imposed on our company, Art. 6(1) c GDPR is the legal basis.
Where processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6(1) f GDPR is the legal basis for processing.
Where the processing is necessary for the implementation or exercise of an employment relationship, Section 26 BDSG is the legal basis for the processing.
3. Data erasure and storage period
The user’s personal data will be erased or blocked as soon as the purpose of storage ceases to apply.
Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject, in particular due to retention obligations.
Finally, the storage period is also assessed according to the statutory limitation periods, which can be up to thirty years, for example according to §§ 195 et seq. of the German Civil Code (BGB), whereby the regular limitation period is three years.
Under certain circumstances, personal data must also be kept for longer, e.g. if this is ordered by the authorities or a court. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
Further information can be found in the respective description of the processing in the following.
III. Provision of the web-based training platform, TraffiHelp and creation of log files
1. Description and scope of data processing
Each time the web-based training platform or support platform TraffiHelp is called up, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected:
the date, the time, the access status (file found, not found, etc.) and the request that your browser has made to the server,
the amount of data transferred and the website from which you came to the requested page and
the individual pages of our website that you call up
the product and version information of the browser used (user agent) as well as the preferred language set
GEO-IP data
the IP address of the user
Error log for error analysis: individual files with detailed information about error cases Error message, stack trace, GET and POST data without passwords or user IDs, names of possibly sent files, contents of sent cookies, session data, PHP request data, environment variables
This data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
2. legal basis for data processing
The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f DSGVO.
3. Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
The storage in log files is necessary to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes are also our legitimate interest in data processing according to Art. 6 Para. 1 lit. f DSGVO.
4. Duration of storage
Personal data is deleted as soon as it is no longer required to achieve the purpose for which it was collected; this is the case when the respective session has ended.
In the case of storage of data in log files, this is the case after 60 days at the latest.
Storage beyond this is possible in anonymised form. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.
5. possibility of objection and removal
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the training platform and TraffiHelp. Consequently, there is no possibility for the user to object.
IV. Use of cookies
1. Description and scope of data processing
Cookies are small amounts of data that your internet browser stores on your computer. Information about your visit to our website can be stored in cookies.
In our case, temporary cookies are stored when you call up individual pages to facilitate navigation. We use the following cookies: browser type and version, operating system used, referrer URL, time of request, IP address. This data is not merged with other data sources.
2. Legal basis and purpose for data processing
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f DSGVO for cookies, which make the operation and maintenance of our site possible in the first place.
They are used exclusively for the aforementioned operation and maintenance of our site.
3. Duration of storage
Personal data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the cookies used, this means that they automatically expire at the end of the session.
V. participation in web-based training
1. Description and scope of data processing
The following data is collected and used in your interest for the delivery of the web-based training platform and stored in the form of log files for a limited time in order to be able to analyse any technical problems:
Date and time: This enables us to allocate time when localising technical problems.
IP address: The collection of the IP address is necessary to send the requested data to the web server. The IP address is stored in the log file.
Data requested through the use of the system, such as which file was requested and in which subdirectory it is located.
The port through which you request the data: This information is sent automatically by your browser. You will receive the requested website via this port.
The referring website: Some browsers also send the URL of the previously used website with every request.
Name of the used browser: This information is sent automatically by your browser. This information is used in order to present the contents in an optically optimal way and/or to solve technical problems in a browser-specific way.
The status of the request: This allows us to see whether the requested website exists and is successfully delivered
Other: For the sake of completeness, it should be mentioned that your browser may send additional data to our web server (screen resolution, plugins, etc.). Naturally, we have no influence on this.
The following data is collected and processed during and after registration:
Email and password: for registration on the platform
Name, first name, federal state (Germany): for the creation of a personal certificate
Country, email address: Contact option, choice of language and clear allocation
Company: Assignment of participant to customer order; certificate is only valid as long as company exists
Assessment: For conducting effectiveness analyses, differentiation between pass and fail
Final test results: Recording for validation in self-learning courses, in order to be able to issue proofs (certificates).
Completion time and number of calls - basis of training management and for evaluations
Completion status in percent per course - Information for participants
Number of attempts to pass tests: For effectiveness analyses
Assessment of the training offered by "thumbs up or down button" or by returning a feedback questionnaire via email - for quality assurance of the training. However, the assessments are passed on to the trainer anonymously.
In addition to the information provided during registration, the software on which the training platform is based logs access data. In particular, it records at what time which users access which components of the training courses.
All this data is accessible to the administration and, if necessary, to the editors of the training platform. They are used exclusively for the implementation of the respective training or further education measure and are not passed on to other persons or bodies that are not involved in the training or further education measure. Training assessments are passed on anonymously for evaluation and quality assurance purposes.
2. Legal basis for data processing
The legal basis for the processing of data is Art. 6 Para. 1 lit. a DSGVO if the user has given his or her consent.
3. Purpose of data processing
The processing of personal data serves the purpose of using the training platform and issuing the certificate.
4. Duration of storage
The personal data will be deleted as soon as the user's account is deleted. This happens either by notification of the user personally or by the contractual partner of the responsible party or when the employer of the user informs the responsible party of the user's departure from his company. Accounts that are inactive for longer than 3 years are also deleted. The certificates will then be deleted.
5. possibility of objection and removal
The user has the possibility to revoke his consent to the processing of personal data at any time. His account will then be deleted and he will no longer be able to use the training platform.
VI. Usage of Support with TraffiHelp and TeamViewer
1. Description and scope of data processing
The following data is collected and used in your interest for the delivery of the web-based support platform and stored in the form of log files for a limited time in order to be able to analyse any technical problems:
Date and time: This enables us to allocate time when localising technical problems.
IP address: The collection of the IP address is necessary to send the requested data to the web server. The IP address is stored in the log file.
Data requested through the use of the system, such as which file was requested and in which subdirectory it is located.
The port through which you request the data: This information is sent automatically by your browser. You will receive the requested website via this port.
The referring website: Some browsers also send the URL of the previously used website with every request.
Name of the used browser: This information is sent automatically by your browser. This information is used in order to present the contents in an optically optimal way and/or to solve technical problems in a browser-specific way.
The status of the request: This allows us to see whether the requested website exists and is successfully delivered
Other: For the sake of completeness, it should be mentioned that your browser may send additional data to our web server (screen resolution, plugins, etc.). Naturally, we have no influence on this.
The following data is collected and processed during and after registration:
Email, password: for registration on the platform
Profile: foto, gender, Name, first name, telephone number, title, Adress data can be provided voluntarily, but will not be processed further.
In addition to the information provided during registration, the software on which the platform is based logs access data. In particular, it records at what time which users access which content of the support.
All this data is accessible to the administration and, if necessary, the editors of the platform. They are used exclusively to evaluate how the content is used.
Should users wish to have personal contact with our support, this is first done via their own telephone. Afterwards, we will establish a connection via the TeamViewer software solution. Please see the data protection information under: TeamViewer Datenschutzinformationen
2. Legal basis for data processing
The legal basis for the processing of data is Art. 6 Para. 1 lit. a DSGVO if the user has given his or her consent.
3. Purpose of data processing
The processing of personal data serves the purpose of using the support platform and the services.
4. Duration of storage
The personal data will be deleted as soon as the user's account is deleted. This happens either by notification of the user personally or by the contractual partner of the responsible party or when the employer of the user informs the responsible party of the user's departure from his company. Accounts that are inactive for longer than 3 years are also deleted. With regard to the storage of TeamViewer sessions, please see: TeamViewer Datenschutzinformationen
5. possibility of objection and removal
The user has the possibility to revoke his consent to the processing of personal data at any time. His account will then be deleted and he will no longer be able to use the support platform.
VII. Processing of data in countries outside the European Economic Area
If we process data in third countries (countries outside the EU/EEA) or transfer it to companies in third countries, we will only do so if there is a legal basis for doing so. The level of data protection and the regulations in these countries may not meet European standards. In this respect, there is a theoretical risk that your data may be processed, for example, by US authorities for control and monitoring purposes without you having any legal remedies. However, we will try to take all necessary measures to provide an adequate level of protection. If no adequacy decision by the Commission pursuant to Art. 45 GDPR exists for the third country concerned, i.e. if there is no adequate level of data protection in the third country, we will ensure via contractual provisions (EU standard contractual clauses on data protection) or other suitable guarantees within the meaning of Art. 46 GDPR that your privacy and your personal data are also protected in the company in the third country in an adequate and legally provided manner.
There remain risks associated with the transfer over which we have no influence (e.g. no equivalent data protection provisions, data subject rights or local supervisory authorities), which we hereby expressly point out once again.
For the provision of videos we use the video portal of VIMEO Inc. 555 West 18 Street, New York, NY 10011 and for the provision of contact options via email we use Postmark by Wildbit, LLC. 2400 Market Street, Suite 235B, Philadelphia, PA 19103.
For use, we ask for consent (when logging in), so that the legal basis for this processing is Art. 6 para. 1 lit. a DSGVO. As a transfer of personal data to the USA takes place, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2) lit. c DSGVO. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured by this contractual regulation, we endeavour to obtain additional regulations and commitments from the recipient in the USA. Where possible, we have chosen the Do-Not-Track option. We do not pass on data to establish the identity of the user.
VIII Security of your personal data
JENOPTIK Robot GmbH uses technical and organisational security measures to protect the personal data we collect from you against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. Our security measures are continuously improved in line with technological developments. We also use external service providers for the processing of our services, which we have carefully selected and commissioned in writing. They are bound by our instructions and are regularly monitored by us. The necessary order processing contracts have been concluded with the service providers in accordance with Art. 28 DSGVO.
IX. Your rights as a data subject
If your personal data is processed, you have the following rights as a data subject vis-à-vis the data controller. To exercise your rights below, please contact us using the contact details provided at the beginning of this document:
You have the right to
- request information from us about the data stored about you,
- demand correction, deletion and restriction of the processing of your data,
- complain to us about the processing of your personal data,
- object to the processing of your data at any time. In the event of an objection, we will no longer process your data. An exception exists if there are compelling reasons worthy of protection that outweigh your interests,
- lodge a complaint with any data protection supervisory authority, in particular in the member state of your place of residence, your place of work or the place of an alleged infringement, if you are of the opinion that the processing of the data concerning you violates the GDPR or other data protection law.
Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) of the DSGVO.