CURALIE GMBH PRIVACY STATEMENT
CURALIE GMBH considers the responsible use of personal data a high priority. We want you, our users, to know which data we collect and process. Our company processes the data based on the European General Data Protection Regulation (GDPR) and the German Data Protection Act (DPA). Below you will find a description of what data is collected as part of our general business relations and during your stay on our website.
Please note: The data collected as part of
using our website and, possibly, processed by us or by third parties, depends on your desired or utilized service. This means:
Without legal basis, we only process the data needed for operating the website and/or the data you explicitly agreed that certain statements in this data privacy statement do not apply to your case.
CURALIE GMBH is the responsible party in terms of the General Data Protection Regulation and other national data protection acts of the member states, including additional policies for data protection reasons.
Leipziger Straße 61A, 10117 Berlin
Phone:+49 (0) 30 549 071 27
Responsibilities resulting from exceptions will be explained in detail below in the data protection statement.
Data Security Administrator Contact
If questions should arise regarding processing your personal data or if you have any suggestions or complaints, please get in touch with our data security administrator. We recommend transmitting confidential information only via post.
You can submit your questions to our data security administrator:
1. REASONS FOR DATA COLLECTION
CURALIE GMBH processes personal data exclusively for the purposes discussed in section 3. Data collected through CURALIE GMBH internet services will be processed and utilized by CURALIE GMBH for purpose-related reasons and in accordance with the legal regulations. If customer-related personal data is collected, this is done exclusively as part of
an agreement that complies with the data protection law.
For instance, if you access our websites, our servers will temporarily store the connection data for system security purposes: our websites you have visited, the date and the duration of your access, the identification data of the browser and operating system, and the websites through which you have accessed our website (server log data). Personal information such as your name, address, phone number, or e-mail address will not be collected. There will also be no link between the server log and personal data. The data mentioned above will be processed for the following purposes:
Confirmation of smooth website connection establishment,
Confirmation of correct usage of our website,
Valuation of system security and stability
If applicable, for marketing and analysis purposes.
2. DATA PROCESSING
The following purposes do NOT apply for data collection:
We do not use your data for profiling, market research, or advertising purposes. In particular, we will not pass on the collected data to third parties upon your access to our website unless we are obliged to do so by law.
The following passages will clarify all categories and their legal basis, and the purpose of collecting data.
3. BASIC AND SPECIFIC PERSONAL DATA
What is “personal data”?
Personal data contains personal or factual information of an identifiable person. Examples include IP address, name, physical address, phone number, or date of birth.
Information regarding frequently accessed homepages or the number of users of a page does not allow direct conclusions about identities and is, therefore, not classified as personal data.
What data do we process when you visit our website?
In the course of using our website and the general operation of our business relation, we process the following data categories:
Master data (name, date of birth, place of birth, nationality)
Contract master data (e.g., contractual relationship or interest of contract validity)
Authentication information (e.g., ID card information)
Contact details (e.g., phone number, e-mail address, physical address, IP address)
Contract billing and payment information
Planning and controlling data
Promotional and sales data
Documenting data (e.g., minutes taken in meetings)
Disclosure data (of third parties, e.g., the information bureau or public register)
Connection data of the requesting computer (e.g., date and duration of access to the website)
Identification data of the internet browser
Necessary transaction data for the payment processing (for using our services of PRODUCT)
4. Legal Basis of the Data Processing
4.1. Contractual basis pursuant to Article. 6 (1) b GDPR
Various proceedings will require data processing for the performance of a contract. This also applies to processes necessary for pre-contractual policies. Art. 6 subsection 1 b) GDPR serves as the legal basis.
Contract preparation, negotiation, and implementation
Responding to requests and implementation of pre-contractual measures
Online registration on our website
Accessing particular information and services
Cookies required for technical reasons
4.2. Legal obligation pursuant to article. 6 (1) c GDPR
There is a possibility that personal data processing is necessary to comply with a legal obligation that CURALIE GMBH is subject to under Article 6 subsection 1 c) GDPR.
Order of court or by the authorities
Implementation of the legal obligation to retain data
4.3. Legitimate Company Interests pursuant to Article 6. (1) f GDPR
If processing is necessary to protect the legitimate interests of CURALIE GMBH or a third party, and if the interests, basic rights, and fundamental freedom of the person concerned do not prevail, Article 6 subsection 1 f) GDPR serves as a legal basis.
The data collected can be used for optimizing our customer relations, including the following categories:
Improvement of our services
Online surveys (Please note: If a market research firm is involved in the surveys, it is exclusively operating on our terms and by our instructions.)
Demand analysis assessment and optimization for the direct customer approach.
Communication with customers when contacted by e-mail
Statement of grounds or protecting claims under public law or defense against legal disputes
Preventing abuse or other illegal activities
Ensuring data security
Implementing security measures in the building and on the facility (e.g., access control)
Exchange of data with information bureaus (e.g., SCHUFA) for detecting credit and contingency risks
Cookies to guarantee data security
4.4. Consent pursuant to Article 6 (1) a GDPR
We seek consent for processing personal data, Article 6 subsection 1 a) GDPR serves as a legal basis. If consent is given, the following purposes of use and processing are fulfilled:
Product or customer inquiries or surveys via e-mail or phone
Contct options on the website
Photographs for events
Web tracking with pseudonymization
Cookies (Preferences, statistics, marketing)
4.5 Content pursuant to Article 6 (1) d GDPR
In case processing is necessary to protect the vital interests of the data subject or
another natural person, Article 6 subsection 1 d of the GDPR serves as a legal basis.
5. Processing Purpose
5.1. Provision of contractually required services to customers and employees
This is partly legally required (e.g., tax regulations). It is essential to collect personal data for the conclusion of a contract since otherwise, no effective contract can be formed (without the information of the co-contractor) with the subject.
5.2. Marketing Purposes
There is a legitimate commercial interest to inform the customers of CURALIE GMBH about services and events in order to build and maintain a long-term customer relationship.
5.3. Newsletter Subscription
If a user of our website or a contractual customer proactively agrees to subscribe to the newsletter offered on our website, the e-mail address and other information will be
required for authentication. This confirms the owner’s identity of the provided e-mail address and the agreement to receive the newsletter (double opt-in). Personal data such as first name, last name, and company name will be stored to ensure the personal form of address within the newsletter. The stored data will exclusively be used for the purposes mentioned above, deliver the requested information, and document your consent. You may effectively revoke the given consent for collecting and processing data at any time, for instance, using the “Unsubscribe” link in the newsletter.
5.4. Statistical Purposes/ Data Evaluation
The statistical evaluation of relevant information is indispensable for the continuous optimization of our online services. Its usage data and the connection coverage reading help us carry out effective market research, thus keeping our services continually user-friendly.
We do not carry out any purpose alterations without your consent. As soon as the objective is achieved (namely, the data is no longer required to achieve the purpose for which it was collected), the deletion of your personal data will be in accordance with the legal retention period. For more information, refer to section 13. Data Storage.
5.5. Selection of Curalie Products
Curalie GmbH is a provider of healthcare services on the basis of technical applications. For the individual product and service offerings, we refer to the specific product and performance-related data privacy statements:
Priacy Statement Curalie A
Privacy Statement Curalie Portal
Privacy Statement myCuralieApp
Privacy Statement myCuralie Pro
Privacy Statement Curalie Education
6. Cooperation and Indication of Data
Indicating personal data is voluntary as long as processing personal data by using our website does not result in the establishment, execution, or termination of a contractual relationship or the fulfillment of contractual or legal obligations. Not providing specific data may lead to limited usability of the website and possibly other services.
As part of the initiation, launch, execution, and termination of a contractual relationship, fulfilling contractual or legal obligations between you and us is necessary to collect and process specific data for the purposes mentioned above. Not providing such data may lead to an impairment that can prohibit or restrict contractual cooperation or render it infeasible.
7. Transmission of Data
Your personal data will only be transmitted if this is necessary in fulfilling the contract, if you explicitly gave your consent, if legally required, or if we have a legitimate interest to transfer the data. Access to your data will only be granted to those departments within our company that require it to fulfill contractual or legal obligations. Service providers whom we have contracted may also access the data.
The data transfer to external recipients is guaranteed to be in accordance with the legal data protection regulation and ensures that only necessary personal data will be
transmitted. A transfer may only be carried out if this is part of the contract fulfillment, mandated by legal regulations, if you gave your consent, or if we, as a company, are authorized to issue disclosure.
Provided those requirements are met, recipients of personal data may include:
Official authorities and institutions (e.g., taxation authorities, judicial authorities, or law enforcement agencies) upon the cause of a legal or regulatory obligation, such as social insurance agencies and pension insurance institutes
Accountants, tax consultants, lawyers
Service providers we consult with processing matters, such as payment service providers, payroll accounting, personnel administration, social media
In case of an external assignment, we ensure that the consulting service providers are subject to a thorough selection process and must comply with data protection regulations pursuant to Article 28 GDPR. As part of a frequent inspection for reasons of data protection by service
providers commissioned by us, we also verify that they adopt appropriate data protection measures for protecting the personal data, such as providing proper technical and organizational measures, and can guarantee their compliance.
The transfer of data is exclusively based on data transmitting arrangements pursuant to Article 28 of the GDPR (Processing on behalf), Article 26 of the GDPR (Shared responsibility), and, if applicable, transmissions to third countries following the requirements pursuant to Article 44 of the GDPR (see also section 5.1.).
7.1 Data Transmission to Third Countries
The data transmission to so-called third countries, i.e., places in non-EU jurisdictions or outside the European economic area, can only be carried out when specific requirements are met. Apart from a contractual or legal obligation, an appropriate safeguard for personal data protection is imperative.
The transmission of data to third countries is therefore only possible when, for instance:
Transmission is necessary for the proper implementation of contractual services. The data transmission described is only carried out if you book and pay for our PRODUCT service directly through our website.
According to tax law or upon reports to fight criminal offenses, there is a statutory obligation to report.
There is a legitimate interest on our part to transfer the data.
Transmission to third countries can only be carried out when the third country possesses an adequate level of data protection according to an assessment by the European Commission. If there is no such decision, the
transmission of data to third countries can only be considered if there are “appropriate safeguards” – such as standard contractual clauses or binding internal data protection regulations (Binding Corporate Rules/BCR/Codes of Conduct and/or certifications) or if an exemption arises, such as consent.
CURALIE GMBH only allows a third country to collect and process data under the condition that legal or contractual permissions are subject to specific requirements according to Article 44 ff of the GDPR. This means that the processing is carried out, for example, based on officially approved pre-defined contracts (so-called “standard contractual clauses”).
The current jurisdiction of the ECJ (ECJ, verdict Schrems II dated 07/16/2020; file number C-311/18) changed the legal basis of data transmission for our users. Additional measures may be required that result from the implementation of obligations due to recommendations 1/2020 of the European Data
Protection Board (EDBP) to add transmission tools for guaranteeing a federal protection level of personal data. Please note that using our services may lead to data transmission and analytical services by Google Maps, Google AdWords, and may result in subsequent processing of usage data by the respective services in the USA and other third countries in which a service provider is located.
The basis for processing activities is your explicit declaration of consent which you have granted us through our cookie banner. Your consent warrants such data processing in this case by way of exception pursuant to Article 49 section 1 a) of the GDPR. We hereby inform you that the USA and other countries without an adequate ruling of the European Commission do not possess a comparable level of data protection like the EU and EEA. Therefore, it is possible that, based on legal authorization, government agencies in these countries can access your personal data without us or you noticing. Asserting your legal rights may currently not be possible in these countries and do not appear promising.
our website and in your internet browser anytime. In addition, you can delete any cookies that have already been set or prevent future cookie settings in your internet browser. However, these settings can vary depending on the browser you are using.
You can withdraw your consent for the future anytime. Please contact our data security administrator via firstname.lastname@example.org and delete the respective cookies in your browser.
8.2 Types of Cookies
Only after proactively giving your consent for one or several of the listed types of cookies will you be able to use our website without restrictions. Article 6 subsection 1 a of the GDPR serves as the legal basis for processing personal data using cookies because the user’s consent is required. All cookies serving different purposes, such as individual website optimization, marketing purposes, or statistical evaluation processes of your website activity, require your explicit consent. Below you
will find a list of the cookies we use on our website, some of which may have been placed by third parties:
8.3. General information on using Google services and other third-party providers that are linked to their websites
We do not influence how Google and its websites process and use the data and cannot take responsibility. For the purpose and range of data collection and further data processing and usage by Google, as well as your rights and setting options to protect your privacy, please see the Google data protection policy (https://policies.google.com/privacy?hl=de).
We also do not influence the data processing and usage by other third-party web providers and their websites and cannot assume responsibility. For information on the purpose and range of data collection and further data processing and usage by these providers, as well as your rights and setting options to protect your privacy, please see the data protection policies of the providers on your websites.
8.4 Detailed information on the use of Google Analytics
We use Google Analytics on our websites to analyze the surfing habits of our customers. Google Analytics is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). We obtain your consent the first time you visit our website to set certain cookies. We use Google Analytics and the additional feature offered by Google to render IP addresses anonymous. The IP address will usually be compressed within the EU and in exceptional cases in the US and stored in compressed form.
For further information about the usage of user data by Google Analytics, please see the Google Analytics data protection policies under the following link:
If you would like to withdraw your consent, you can object the data collecting and processing by downloading and installing the browser
plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de A cookie will prevent the collecting of data on future website visits.
8.5 Detailed information on the use of Google Maps
This website uses Google Maps to display interactive maps and provide journey directions. Google Maps is a mapping platform by Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043 USA. Using Google Maps may result in transmitting information of the usage of this website, including your IP address and the (starting) address entered as parts of the route planning feature to Google in the USA. Once you calculate the directions to our places of location, your browser establishes a direct connection with Google servers. You will be forwarded onto the websites of Google.
8.6 Detailed information on the use of Twitter
CURALIE GMBH uses the microblogging
service Twitter of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA, to publish short notions, statements, and information, such as “retweets” or links to third party websites, on current topics in the field of your business operations. We obtain your consent the first time you visit our website to set certain cookies or use the messaging links. Clicking the link will start a connection with the Twitter website. For further information on the data usage by Twitter, see the Twitter data protection policies on cookies and similar technologies under the following link:
8.7 Detailed information on the use of Google Tag Manager
CURALIE GMBH uses Google Tag Manager on their website. Google Tag Manager helps us manage website tags through a user interface. The Tag Manager tool (which implements the tags) is a cookie-less domain and does not collect personal data. The tool releases other tags
that, in turn, may collect data. Google Tag Manager does not access the data. A deactivation on the domain or cookie level will remain
for all tracking tags implemented by Google Tag Manager.
8.8 Detailed information on the use of Google Ads
CURALIE GMBH uses Google Ads services (formerly Adwords) on their website. Google Ads is an online advertising program developed by Google. It is a way for businesses to create online ads that can reach users when they show interest in the product or service. The ads are based on search results when using the company-owned services.
(i) Google Ads Remarketing and Audience Targeting
We use the remarketing and audience targeting feature of Google Ads. The feature allows us to showcase our website on other websites in the space of the Google advertising network (in Google Search or YouTube, Google Ads, or other websites) based on the users’
interests. In order to offer target-oriented ads after they visit our website, we analyze the users’ interactions, e.g., the users’ interest in our services. Google records the number of users who visit certain Google services or websites in the Google display network. This number marked as “cookie” records the number of user visits. The number serves as the unique identification of a specific end device web browser and not as the identification of a person. Personal data will not be stored.
You can prohibit your participation in this tracking process in several ways:
Set your browser software accordingly. Suppressing third-party cookies means you will not receive advertising by third-party providers;
installing the plug-in provided by Google under the following link:
Deactivate the providers’ interest-based ads, which are part of the “About Ads” self-regulation campaign (Link http://www.aboutads.info/choices). However, this setting will be
deleted upon deleting your cookies;
Deactivate Firefox, Internet Explorer or Google Chrome permanently in your browsers under the link http://www.google.com/settings/ads/plugin,
Set the Cookies accordingly. We want to point out that usage may be limited.
For further information, see the Google data protection policy:
http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html.
You can also visit the website of the Network Advertising Initiative (NAI) under the following link:
Google is subject to the EU-US Privacy Shield. You will find further information under
Cookie life span: up to 1 month (this only applies to cookies set up via this website).
(ii) Conversion Tracking System
9. LINKS TO THIRD PARTIES
Our website always works on optimizing customer satisfaction and our current online services. Therefore, our website may contain links that refer to third-party websites. After clicking the active link, we will not be accountable for further data collecting since the behavior of third parties is beyond our control. Our company will have no insight nor influence on personal data collection, processing, and usage, which may transfer to third parties by clicking the link.
The data can be transferred via IP address or URL since the behavior of third parties is beyond our control. We are not responsible for personal data processing by third parties.
10. SOCIAL MEDIA
10.1 General information on social media plug-ins
We use social plug-ins of various social networks on our website specified in the following passage. Plug-ins are additions of social network providers. They reference other services or networks and are therefore beyond our control. CURALIE GMBH does not influence the collected and stored data type and range. When using social media, the processing is based on
data processing pursuant to Article 28 of the GDPR, this means we are the responsible body,
as part of joint controllers pursuant to Article 26 of the GDPR, this means we are accountable for our content and processing while the provider is responsible for processing that takes place within their area of influence
your consent pursuant to Article 6 subsection 1 a) of the GDPR if you have an account on social media
If the services originated in a third-party country, the processing is pursuant to Article 44 of the GDPR
You can find the following references to social networks on our website:
10.2 Facebook social plug-ins
On our website, we link to Facebook services (Provider: Facebook Ireland, Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland) to design the usage more personal for you. We have a button in the Facebook design you can use to share content. Clicking this button will transfer the page you accessed to Facebook and forward you to Facebook. Facebook will get the information that your browser has accessed the respective page of our website – even if you do not possess a Facebook account or if you are signed out of Facebook at the moment. Your browser will transmit this information (including your IP address) directly to a Facebook server in the US and save it. If you are logged into Facebook, Facebook can directly associate your visit to our website with your Facebook account. Please note that it is beyond our knowledge how Facebook is processing the data. For the purpose and
range of data collection, further processing, and usage by Facebook, as well as your rights and setting options to protect your privacy, please see the Facebook data protection policies:
We launched a channel on Facebook: https://www.facebook.com/curalie. Please note: This service is offered on a technical platform using the services of Facebook Ireland, Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland. We want to point out that you are using our Facebook channel and its features on your own authority and that we have no influence on the data collecting and processing by Facebook. This particularly applies to the usage of interactive features (such as commenting, sharing, rating).
10.3 Twitter social plug-ins
The external Twitter services of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA, are identifiable by terms such as “Twitter” or “Follow”, accompanied by a stylized blue bird. You can view the use
of the buttons on twitter.com/about/resources/buttons. Twitter and Retweet functions are so-called “social plug-ins” by twitter.com, operated through Twitter Inc. 795 Folsom St., Suite 600 San Francisco, CA 94107. The Retweet function will disclose the websites you have visited to third parties and connect your Twitter account. For more information on the handling of data by Twitter, as well as your rights and setting options for the protection of your personal data, please see the Twitter data protection policy: http://twitter.com/privacy
10.4 XING social plug-ins
The network XING of XING AG, Gänsemarkt 43, 20354 Hamburg, Germany. The XING logo indicates the links. XING is a social network platform, operated through XING SE, Dammtorstraße 30, 20354 Hamburg, Germany. When sharing the content of our company website via XING, the content and personal data like your XING user profile will be public to other users. For more information on your
rights and setting options, please see: https://www.xing.com/privacy
10.5 LinkedIn social plug-ins
We use components of the network LinkedIn on our website. LinkedIn is a service of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you visit our website provided with such a component, this component prompts your browser to download a display of the LinkedIn component.
This process informs LinkedIn which specific page of our web presence is accessed at this moment. If you click on the LinkedIn “Recommend” button while logged into your LinkedIn account, you can link the content of our pages to your LinkedIn profile. This enables LinkedIn to associate your visit to our website with your LinkedIn account.
We do not influence the type of data collected by LinkedIn, nor do we have authority over the range of the data collection. The content of the data transmitted to LinkedIn is also
beyond our knowledge. For further information on your rights and option settings, please see the LinkedIn data protection policy under: http://www.linkedin.com/legal/privacy-policy
If you do not want your data to be collected, saved, and possibly further used by the respective providers, please do not use the plug-ins. In addition, we apply a so-called “2 Click Solution”, used to protect your data from being collected by the providers when you visit our website.
Facebook is operated through www.facebook.com by Facebook Inc.; 1601 S. California Ave, Palo Alto, CA 94304, USA, and on www.facebook.de by Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland (“Facebook”). You can find an overview of Facebook plug-ins at http://developers.facebook.com/plugins. For more information on Facebook data protection, please to to:
The external social network Facebook of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. The links are identifiable by the Facebook logos (white “f” on a blue tile or “Thumbs Up” symbol).
We provide links to Instagram, operated through Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). If you are logged into Instagram, it can directly associate your visit to our website with your Instagram account. Please note that it is beyond our knowledge how Instagram is processing the data. If you do not want Instagram to associate the data with your account, you must log out of Instagram before accessing our website. For further information, please see the Instagram data privacy statement. When using our Instagram channel, please note: We use the technical platform and the service of Instagram LLC, represented by Kevin Systrom and Mike
Krieger, 1601 Willow Road Menlo Park, CA 94025 (“Instagram”) for the services offered here.
We have an Instagram channel: https://www.instagram.com/curaliehealth/
We provide links to YouTube, operated through Google (YouTube, LLC 901 Cherry Ave., San Bruno, CA 94066, USA). If you are logged into YouTube, it can directly associate your visit to our website with your YouTube account. Please note that it is beyond our knowledge how YouTube is processing the data. If you do not want YouTube to associate the data with your account, you must sign out of YouTube before accessing our website. For further information, please see the YouTube data protection statement: https://policies.google.com/privacy?hl=de&gl=de
10.9 Social Media Representation
We use publicly accessible social media networks in order to extend our range. Social networks, such
as Facebook, can extensively analyze your user behavior as soon as you access their website. Accessing our social media sites will trigger numerous data-related processes.
In this context, we process your data to get in touch with you upon requests or postings, as well as learn user preferences (e.g., number of followers, number of views, user statistics grouped under age, geography, and language), and extend and adjust the services for target groups. This is a legitimate interest (Article 6, subsection 1 f) of the GDPR). The analytic process may have a different legal basis than stated by the providers of the social networks.
When you are logged into your social media account while accessing our social media pages, the provider of the social media portal can associate your visit with your user account. However, your personal data may also be accessible if you are logged out or do not have an account on this particular portal. Data acquisition occurs by collecting your IP
address or cookies saved on your end device. The network operators can create user profiles and store your preferences and interests.
Please note that we cannot trace all network processes. Depending on the provider, the operators may perform further procedures. For example, the social network portal and other sites can suggest interest-based advertising. Please see the terms and privacy statement of the respective social network portals for more details.
The platform operator and we are jointly responsible for certain processing operations (see 14. Rights of the Data Subject) that affect our specific site. You can assert your rights against our company and the platform operators (e.g., LinkedIn, Xing,…). Please note that despite the joint responsibility, we do not influence the network portals’ data processing operations. Our options are primarily based on the corporate policy of the respective provider. This also applies to the collection of personal data. While we delete
the data collected right after the purpose achievement, after the withdrawal of consent, or after the omission of the legal basis for data collection, we have no influence on the data storage and process the platform operators have completed for their purposes. Please refer to the operators of the social networks.
11. RECRUITING AND CANDIDATE MANAGEMENT
According to Article 88, §25 subsection 1, in conjunction with subsection 8 of the BDSG, we collect your personal data to consider your qualification for a position (or possibly a different open position in our company) and conduct the application procedure. This procedure only applies to the extent necessary to establish an employment relationship with us. Your data will strictly be treated confidentially for the sole purpose of processing your application, i.e., recruiting, establishing an employment contract, or supporting internal job allocations. In this context, it is necessary that the personnel
department has access to your personal data. In case the data should be required for legal prosecution after completing the application process, data processing can occur based on the requirements of Article 6, subsection 1 f of the GDPR. Our interest then lies in the assertion or defense against claims. In response to a job advertisement, your application’s data will be deleted after 6 months in the event of rejection.
If you agree to further storage of your personal data, we will add them to our applicant pool and delete them after two (2) years at the latest after the most recent contact. You have the right to withdraw your consent anytime.
If you get a position as part of the application process, we will transfer the data to a personal file.
We will forward your application data to external providers as part of the order processing. However, there may be a legal obligation to transfer the data according to Article 6 subsection 1 S.1 c) of the GDPR.
On rare occasions (such as cost reimbursements during the application procedure), we will pass on your data with your consent (e.g., to our bank).
After receiving your application, a personnel representative will view your application data. Suitable applications will be forwarded internally to the department heads of the respective open position. After that, the further process will be coordinated. Generally, the personnel with access to your data are in charge of the correct application process.
12. CONTACT FORM
On our website, we provide contact forms for electronic mails. The data you enter will be transmitted to us, processed, and stored accordingly. By using the contact form, the data in the entry mask will be transferred to us and partly stored. In this context, the data will not be forwarded to third parties outside CURALIE GMBH. The data will exclusively serve the correspondence.
The contact form is regularly used as part
of the contract initiation (Article 6, subsection 1 b) or different legitimate concerns (legitimate interest, Article 6, subsection 1 f).
Once the processing purpose is achieved, we will delete your data, provided there is no conflict with a legal obligation. Your right to erasure and other subjected rights remain.
13. AUTOMATED PROCESSING
There will be no automated processing of personal data that may impair your rights and freedoms in any form or have a legal effect in any other way.
14. DATA SECURITY / TOMS
In order to safeguard the processing security of personal data by our service providers and us, we implemented technical and organizational measures pursuant to Article 32 of the GDPR. Our employees and the commissioned service providers we carefully selected are without exception obligated to maintain confidentiality and comply with the provisions of the data
protection law. In addition, we take appropriate technical and organizational security measures to protect your personal data from loss, alteration, damage, or unauthorized access and disclosure. This includes
pseudonymization and encryption of personal data;
procedures to ensure confidentiality, integrity, availability, and resilience of the systems and services related to processing;
restoring the availability and accessibility of personal data in the event of a physical or technical incident;
procedures to regularly inspect, assess and evaluate the effectiveness of technical and organizational measures to guarantee processing security.
15. DATA STORAGE
Your data will be stored for the duration of the contractual relationship with you or with your employer or as necessary to provide our offers and services.
Additional storage of personal data is possible if we have a legitimate interest (e.g., postal marketing
after contract fulfillment).
A guaranteed erasure takes place at the end of the legal or contractual period – such as retention periods relating to fiscal or commercial law or deadlines resulting from the business process.
Data that is not subject to the legal obligation to retain will be deleted after completing its purpose.
16. RIGHTS OF THE DATA SUBJECT
16.1 Right to obtain information, rectification, and erasure of data
The General Data Protection Regulation grants the right to obtain information upon written request on the storage of personal data (e.g., name, address, …) pursuant to Article 15 of the GDPR. The GDPR also grants the rectification (Article 16 of the GDPR) or erasure (Article 17 of the GDPR) of the respective data as part of the legal requirement.
The right to erasure expires as part of data stored in business processes; for example, the data becomes subject to the
legal obligation to retain.
- 2 Right to restriction of processing
You have the right to obtain restriction of processing (Article 18 of the GDPR).
16.3 Right to object
On the grounds of particular situations, you have a right to object at any time to the data processing we carry out to protect a legitimate interest.
We will no longer process the data provided there are no compelling legitimate grounds for the processing.
16.4 Right to object to direct marketing
It is also possible to object to processing for marketing purposes. Please note that organizational circumstances may cause an overlap of ongoing (advertising) campaigns and your objection
16.5 Right to data portability
Upon request, you can receive the personal data concerning you in a commonly used and machine-readable format (pursuant to
Article 20 of the GDPR).
16.6 Withdrawal of consent
The GDPR grants the right to withdraw your consent to the processing of personal data you have given us for one or more specific purposes at any time with future effect.
Due to the explicit future effectiveness, the permission and legality of data processing remain unaffected until your withdrawal.
You have the right to contact us or the responsible supervisory authorities if you have complaints concerning the processing of your personal data. Whether to contact the Data Protection Authority responsible for your place of residence or province or our responsible Data Protection Authority is your decision.
Berlin Commision for Data Protection and Freedom of Information
Phone: 030 13889-0
Fax: 030 2155050