Privacy Statement of sequa gGmbH

(version: 11.06.2018)

1.    PREAMBLE

Regardless of whether you are a client, a project partner, a person interested in our programmes, a job applicant or a visitor to our website, we, sequa gGmbH (hereinafter referred to as “sequa” or “we”) take the protection of your personal data very seriously, but what does that actually mean?

The information below will enable you to gain an insight into which personal data we collect from you and in which form we process them. In addition, you will gain an overview of the rights which you are entitled to under the applicable data protection legislation. We also inform you whom to contact if you have any further questions.

1.2    Who are we?

sequa is a development organisation operating worldwide. We support the development of the private sector and its business membership organisations as well as the qualification of skilled employees and managers. Our programmes and projects are financed by public and private funding and follow the principles of the social market economy.

sequa is a non-profit company whose shareholders are Germany`s top business membership organisations (BDA, BDI, DIHK, ZDH) and Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH.

sequa`s aim is to sustainably improve the living and working conditions of as many people as possible. We know that this can only be realised in collaboration with domestic and international partners. Our most important project partners are chambers, associations, educational institutions and private companies.

As the responsible party within the meaning of the applicable data protection legislation we

sequa gGmbH
Alexanderstrasse 10
53111 Bonn

E-Mail: info@sequa.de
Tel: +49 (0) 228 909 0081 0
Fax: +49 (0) 228 98238 - 19

take all measures required under applicable data protection legislation to ensure the protection of your personal data.

For all questions relating to this Privacy Statement we kindly ask you to contact our data protection officer:

sequa gGmbH
Data Protection Officer
Alexanderstrasse 10
53111 Bonn

E-Mail dsb@sequa.de
Tel: +49 (0) 228 98238 - 38

2.    SCOPE OF APPLICATION OF THE PRIVACY STATEMENT

The legislator defines the processing of personal data as activities such as the collection, recording, organisation, ordering, storage, adjustment or alteration, reading, retrieval, usage, disclosure by transfer, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction of personal data. Personal data is all information relating to an identified or identifiable natural person.

This Privacy Statement deals with the personal data of clients, project partners, interested parties, job applicants or visitors. This Privacy Statement applies to both our website www.sequa.de and our project websites, such as www.importpromotiondesk.de and www.tameb.org.

3.    WHICH PERSONAL DATA DO WE PROCESS?

Your personal data is collected by us when you visit any of our websites or establish any contact with us as e.g. a client, project partner, interested party or job applicant. This can occur for instance if you are interested in our projects, contact us via our communication channels, or if and when you use our products or services in the course of existing business relationships.

The following types of personal data are processed by us:

• Data generated by your access of the website (“server logfiles“) and online behaviour,
  e.g. IP addresses, user names, data on your visits to our website(s), the actions taken on our websites, the browser used, the operating system used, the time and location of access, the link from which you accessed the website, quantity of data sent
• Details of your personal identity (if you have informed us about these),
  e.g. first and last name, address details, e-mail address, telephone number, fax number
• Information on your interests and wishes (if you have informed us of these)
  e.g. via our contact form or other communication channels
• Information on the career progression of job applicants and experts (if you have informed us of these), e.g. professional training, previous employers, other qualifications, language skills, project experience

and other information comparable with these data categories.

3.1    Sensitive data

We do not collect any sensitive data, i.e. special categories of personal information such as details of religious or trade union affiliations by this method.

3.2    Personal data of underage persons

We do not collect any personal data of/about children or underage persons (with the exception of access data in server logfiles in which we cannot verify age).

3.3    Use of Cookies

What are cookies?

Cookies are files stored on your computer by our website when you call up the site. These files contain information making your use of this website more efficient.

Most of the cookies we use are so-called “session cookies” which will be deleted, automatically, at the end of your visit. Other cookies remain stored on your device until you delete them. You can adjust your browser settings so that you are informed when cookies are created and only allow cookies in individual cases, exclude acceptance of cookies in certain cases or in general, and activate the automatic deletion of cookies when you close your browser. If you deactivate the storage of cookies the functionality of this website may be impaired.

As an open source web analytics service, we use Matomo (formerly: Piwik) to analyse usage behaviour on our website. The usage information created by the cookie (including the shortened IP address of the user) will be transferred to our servers and stored there for usage analysis purposes. We use the usage analysis to optimise our own websites, and the way we address our clients and other advertising measures. The IP address of the user is shortened in this process before storage so that the identification of the user via the IP address is no longer possible.

The information created by the cookie about your use of this website will not be transferred to any third parties.

If you do not agree to the storage and analysis of this data from your visit, you can object to the storage and use at any time by a click of the mouse below. In this case,  a so-called opt-out cookie will be stored on your browser which has the effect that Matomo does not collect any session data. Please note: if you delete all your cookies this has the result that the opt-out cookie will also be deleted and you will need to reactivate it.

Objection:

Your visit to this website is currently recorded by Matomo web analytics. Please click here so that your visit is no longer recorded

YouTube

For the incorporation of videos our website uses the provider YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Usually, your IP address will be sent to YouTube as soon as you call up a website with embedded videos, and cookies will be installed on your computer. However, we have embedded our YouTube videos using the enhanced data protection mode (in this case, YouTube still makes contact with the Google service DoubleClick, but according to Google’s privacy policy personal data will not be analysed in this process). This means that YouTube no longer stores any information on the visitors unless they watch the video. If you click on the video your IP address will be sent to YouTube and YouTube will be aware that you have watched the video. If you are logged in to YouTube this information will also be allocated to your user account (you can prevent this by logging out of YouTube before calling up the video).

We have no knowledge about any possible collection and use of your data by YouTube thereafter, nor do we have any influence on this. You can find further information on this in the privacy policy of YouTube under www.google.de/intl/de/policies/privacy/. In addition,, whatever refers to the general handling and deactivation of cookies please refer to our general explanation in this Privacy Statement.

Google Webfonts

For the homogenous display of fonts, this website uses so-called web fonts that are provided by Google. On retrieving a website your browser downloads the necessary web fonts to your browser cache in order to correctly display texts and fonts.

For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.

If your browser does not support web fonts, your computer uses a standard font. For further information, please see https://developers.google.com/fonts/faq as well as Google’s Privacy Policy: https://www.google.com/policies/privacy/

4.    FOR WHICH PURPOSE DO WE PROCESS YOUR PERSONAL DATA – AND ON WHAT LEGAL BASIS?

4.1    Contractual performance (Article 6 (1) (b) GDPR)

We process your personal data to be able to execute our contracts. This also applies to details you provide to us in the course of pre-contractual correspondence. The actual purposes of the data processing depend upon the relevant circumstances of the specific undertaking.

Initiation or implementation of contractual relations

For the initiation or implementation of contractual relations we need your name, your address, your telephone number or your e-mail address so that we can contact you.

If you send us an enquiry via a contact form your details from this enquiry form, including the contact details given by you on this form, are used to deal with the enquiry and stored by us in case of follow-up queries. We do transfer this data to any third parties without your consent.

Through the initiation or implementation of mobility programmes we need your name, your address, your telephone number and your e-mail address in order to be able to contact you. In the case of a positive funding decision we need additional information from you about your person (e.g. date and place of birth), your bank details and details of your schedule abroad. The data you provide to us will be stored by us for the purposes of implementing the mobility funding programme and only transferred to our partners in the mobility programme (e.g. chambers for crafts and vocational colleges) with your permission. We will not use your applicant information for any other purposes than for implementing the mobility programmes.

4.2    According to balancing of interests: to ensure your security and improve the reliability of our web applications (Article 6 (1) (f) GDPR)

Measures that serve your security

We use your personal data for cases including the following:

• In order to protect you or your enterprise from fraudulent activities, we analyse your data. This can occur, for instance if you are the victim of identity theft or if unauthorised persons gain access to your user account in some other way;
• In order to improve the reliability of our web applications, our IT support sector will closely collaborate with you in the case of technical problems. In this connection, we also analyse reports of website accesses, actions carried out, etc.;
• In order to be able to ensure IT security;
• In the case of possible legal disputes, to record facts and provide proof.

4.3    On the basis of your consent (Article 6 (1) (a) GDPR)

If you have agreed to the processing of your personal data for one or more specified reasons, then the processing of your personal data by us is permissible. You can withdraw this consent with effect for the future at any time without incurring any costs other than the transmission costs in line with basic tariffs (costs of your Internet connection). The withdrawal of your consent does not however affect the legality of processing carried out up until the withdrawal of consent.

4.4    On the basis of statutory provisions or in the public interest (Article 6 (1) (c) GDPR)

As a company, we are subject to various statutory requirements (e.g. under taxation legislation). In order to comply with our statutory obligations, we process your personal data to the extent legally required and permitted and may be required to retain this data.

5.    WHERE WE TRANSFER YOUR DATA TO AND WHY

5.1    Data utilisation within sequa

Within sequa only those employees who need access to your personal data to fulfil our contractual or legal duties or to protect our legitimate interests have access to your data.

5.2    Data utilisation outside sequa

We respect the protection of your personal data and only transfer information about you when this is required by any legal provisions, if you have given your consent, or for the fulfilment of our contractual obligations.

For instance in the case of the following recipients there may be a legal obligation to transfer your personal details:

• Public offices or supervisory authorities, e.g. tax authorities, customs authorities, external audit offices of ministries or public authorities;
• Judicial or criminal investigation authorities, e.g. police, courts, office of the public prosecutor;
• Lawyers or notaries, e.g. in legal disputes;
• Auditors.

In order to be able to fulfil our contractual obligations we cooperate with other companies. These include:

• Postal and transport service providers;
• Event organisers and training providers if you have registered through us for certain exhibitions or events;
• Banks and financial service providers for the settlement of all financial matters;
• Partners in mobility programmes (e.g. chambers for crafts or vocational colleges) which implement projects

Own service providers

In order to enable us to organise our business efficiently we use the services of external service providers who may receive personal data relating to you to fulfil the described purposes, including IT service providers, printing and telecommunications services, collection and consultation firms and file deletion and archiving service providers.

Important: We look after your personal data carefully!

In order to ensure that the same legal data protection standards apply to our service providers as in our own enterprise we have concluded corresponding contracts for order processing. Among other things, these contracts provide

• that third parties only gain access to data which they need to complete the tasks assigned to them;
• that at the service providers only employees who are explicitly obliged to comply with data protection law provisions have access to your data;
• that at the service providers technical and organisational measures are maintained which ensure data security and data protection;
• for what happens to your data when the contractual relationship between the service provider and us ends.

In the case of service providers who have their registered headquarters outside the European Economic Area (EEA), we take specific security measures (e.g. through use of specific contractual clauses) to ensure that the data is/are handled with the same level of care as within the EEA. We check all our service providers regularly for compliance with these provisions.

Very important: Under no circumstances do we sell/lease your personal data to third parties!

6.    ARE YOU OBLIGED TO PROVIDE US PERSONAL DATA?

In the context of the business relationship between you and sequa we require from you the following categories of personal data:

• all necessary information for the commencement, implementation and ending of a business relationship;
• data which is required to fulfil contractual obligations;
• data which we are legally obliged to collect.

Without this data, it is not possible for us to enter into or implement contracts with you.

7.    DELETION PERIODS

In accordance with the applicable data protection regulations we store your personal data for no longer than we need to fulfil the purposes of the relevant processing. When data is required no longer for the fulfilment of contractual or statutory duties, we will delete such data, unless it has to be retained for a continuing retention period. Continued retention may be required for the following reasons:

• Retention duties according to the commercial an/or taxation law: the overriding retention periods under the provisions of the German Commercial Code (HGB) and the German Tax Code (AO) are up to 10 years.
• For the preservation of evidence in the case of legal disputes within the scope of statutory provisions on the expiry of claims: expiry periods can be up to 30 years in civil law, although claims generally expire after three years after perusal.
• For the proof of proper use of subsidies within the scope of the Federal Budget Code (BHO) and the General Ancillary Provisions for Subsidies for Project Sponsorship (ANBestP) the retention duties are generally five years after submission of the proof of usage, provided a longer retention period is not required under taxation law or any other legal provisions.

8.    YOUR RIGHTS

Within the context of the processing of your personal data you have certain rights. For more detailed information please refer to the relevant provisions of the EU General Data Protection Regulation (Articles 15 to 21).

8.1    Right to notification and rectification

You have the right to receive notification from us about which of your personal data we are processing. Should this information not be correct (any longer), you have the right to demand  us to rectify the relevant data, in the case of incomplete details to delete such data. If we have transferred data to any third parties we will inform the third parties concerned if so required by legal provisions.

8.2    Right to deletion

You have the right to demand the immediate deletion of your personal data under the following circumstances:

• If your data is no longer needed for the purpose for which it was collected;
• If you have withdrawn your consent to the processing and there is no other legal basis for processing the data;
• If you object to the processing and there are no overriding legitimate reasons for the data processing;
• If your data is being processed unlawfully;
• If your data must be deleted to fulfil statutory duties.

Please note that we must check before deleting your data whether there is any legitimate reason for continuing to process your personal data.

8.3    Right to restriction of processing (“Right to have data blocked”)

For any of the following reasons you have the right demand us to restrict the processing of your personal data:

• If you challenge the accuracy of the data, until we have had the opportunity to check the accuracy of the data;
• If the data is being unlawfully processed, but instead of deletion you demand only restriction on the use of the personal data;
• If we no longer require the personal data for the purposes of processing, but you still require this for the assertion, exercise or defence of legal claims;
• If you have filed an objection to the processing and it is not yet established whether your legitimate interests outweigh ours.

8.4    Right to object

Right to object on a case-by-case basis

If the processing is in the public interest or is done as a result after balancing the mutual interests you have the right, for reasons deriving from your specific situation, to lodge an objection against the processing. Upon the successful lodging of an objection we will no longer process your personal data unless we can prove urgent grounds worthy of protection for processing your data which outweigh your interests, rights and freedoms, or because your personal data serves the assertion, exercise or defence of legal claims. The objection does not affect the legality of the processing done up to the lodging of the objection.

Advertising objection

In case your personal data is used for advertising purposes, you have the right to lodge an objection against this form of processing, at any time. We will then no longer process your personal data for these purposes.

The objection can be made without form restrictions and should be addressed to:

sequa gGmbH
Data Protection Officer
Alexanderstrasse 10
53111 Bonn

E-mail dsb@sequa.de
Tel: +49 (0) 228 98238 – 38

8.5    Right to transferability of data

Upon request, you have the right to receive such personal data you have submitted to us for processing in a transferable and machine-readable format.

8.6    Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

We always try to process your enquiries and requests as quickly as possible in order to respect your rights appropriately, however, depending on the frequency of requests it may be that up to 30 days elapse before we are in the position to give you further information on your enquiry. Should it take longer than this we will notify you quickly about the reasons for the delay and discuss the further proceedings with you.

In some cases, we do not have the permission to or we may be prevented from giving you any information. If legally permissible, we will inform you about the rationale for refusing information.  

If you are still not satisfied with our responses and reactions or you are of the opinion that we are in violation of applicable data protection legislation, then you are free to lodge a complaint with both our data protection officer and the responsible supervisory authority. The supervisory authority having jurisdiction in our case is the Data Protection Commissioner for North Rhine-Westphalia: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westphalen (LDI NRW).

Version

This Privacy Statement is the version from 11.06.2018. Earlier versions of the Privacy Statement are available from our data protection officer.