1. Name and contact information of controller and company data protection officer
COIA GmbH (“COIA”), Agnesstrasse 14, D-80798 Munich, Germany Email: email@example.com Telephone: +49 (0) 89 /452 44 22 90 Fax: +49 (0) 89 /452 44 22 99 is the controller and responsible for the COIA website.
You can reach our company’s data protection officer at firstname.lastname@example.org.
2. Processing of personal data as well as nature and purpose of their use
a) When visiting the website
When accessing our website, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automatic deletion:
- IP address of the querying computer,
- Date and time of the query,
- Name and URL of the retrieved file,
- Website from which the access is made (referrer URL),
- Browser used and
- if applicable, operating system of your computer and name of your access provider.
This information is anonymised and is used to ensure a smooth connection and a comfortable use of the website, to evaluate the system security and stability and for other administrative purposes. The IP address is also temporarily stored for security reasons in order to protect the website against cyberattacks.
The legal basis for this data processing is our overriding legitimate interest according to Article. 6 para. 1 lit. f GDPR. Our legitimate interest is based on the data collection purposes listed above. We do not use data collected this way for the purpose of drawing conclusions about your person in any case.
b) Social Media Presence
a) General information
We run publicly accessible profiles on various social networks. When you visit these profiles, a variety of data processing procedures are initiated. Below, we provide you with an overview of these data processing procedures, including your personal data collected, used and stored by us when you visit our profiles. We would like to point out that you use our social media platform profiles and their functions on your own responsibility. This applies, in particular, to the use of interactive functions (e.g. commenting, sharing, rating).
b) Our Social Media Profiles
In the following, we inform you about the data processing in the context of the use of our
We operate a profile on the social platform Facebook (https://www.facebook.com/COIAInnovativeArbitration), a service of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland. As the operator of a Facebook profile, we can view the information stored in your public Facebook profile, insofar as you have such a profile and are logged into it while accessing our Facebook profile. In addition, Facebook provides us with anonymous statistics on the usage of our profile that we use to improve the user experience when visiting our Facebook profile. We do not have access to the data that Facebook collects to compile these statistics. This data processing serves our legitimate interest in improving the user experience when visiting our Facebook profile in line with the target group. The legal basis for the data processing is therefore Article 6 (1) f DSGVO.
COIA’s website can refer to third-party websites through links. If you click these links, you will leave the COIA website. COIA has no influence over what data these websites process.
4. Applications for jobs
Applicants have the option of applying to us in various ways. These also include an electronic application via email. In this, as well as in all other cases, we store the following data as far as such accrue:
- First and last name
- Sender address
- Date and time of access
- IP address
- If applicable, their routes
- Message content (cover letter, references, CV, targeted starting date, salary expectations, special features, e.g. work samples)
- Additional attachments, if applicable
You can also apply to us by post or using other means of communication. Applying via email without encryption does not guarantee completely secure data transmission.
The legal basis for the processing of data collected in this respect is Article 6 lit. b, Article 88 para.1 GDPR in conjunction with Sec. 26 para.1 sentence 1 BDSG [German Federal Data Protection Act]. Your data is required for the preparation, conclusion or implementation of the intended employment and is used exclusively for these purposes.
Your data will only be stored for as long as it is necessary to carry out the stated purposes. We delete data of rejected applicants no later than one year after the rejection, unless the applicant expressly requests longer storage or earlier deletion. For this purpose, please contact us via email@example.com.
Your data will not be passed on to third parties in connection with your application. The data will be used exclusively for processing within the application process.
Please note that under the General Data Protection Regulation, certain data might be considered as particularly sensitive and in need of special protection. This includes e.g. data concerning health, origin or religion. We kindly ask you to not provide us with such data as a matter of principle. Should you nevertheless decide to provide such data in your application, please note that you are at the same time giving your explicit consent to the processing of your data according to Article 9 para 2 lit. a GDPR.
5. Data transfer to third parties
- you have given your consent to this according to Article 6 para 1 lit. a GDPR,
- there is a legal obligation for the transfer according to Article 6 para 1 lit. c GDPR
- as well as if a transfer is necessary in the context of contractual relationships with you according to Article 6 para 1 lit. b.
6. Your rights
The GDPR grants you certain rights vis-à-vis the controller (here: COIA) for the protection of your personal data. We would like to inform you about these rights in the following.
You have the right:
- according to Article 15 GDPR to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data processed, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
- according to Article 16 GDPR to demand the immediate correction of incorrect or completion of your personal data stored by us;
- according to Article 17 GDPR to request for the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims. If deletion is not possible for these reasons, your data will be blocked to the extent that it can only be used for the purpose that precludes deletion;
- to demand the restriction of the processing of your personal data according to Article 18 GDPR, insofar as the correctness of the data is disputed by you, the processing is unlawful, but you object to its deletion and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing according to Article 21 GDPR;
- According to Article 20 GDPR to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
- to revoke your consent at any time according to Article 7 para 3 GDPR. Such a revocation has the consequence that we will no longer continue the data processing, which was based on this consent, for the future, insofar as no other legal basis exists.
- complain to a supervisory authority according to Article 77 GDPR . As a rule, you can contact the supervisory authority of your place of residence or workplace or our registered office;
- if your personal data is processed on the basis of our overriding legitimate interests according to Article 6 para 1 lit. f to object to the processing of your personal data according to Article 21 GDPR, provided that there are grounds for doing so which arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which is implemented by us in any case.
In addition to contacting us via email (firstname.lastname@example.org), you may also contact us by any other means using the contact details provided under the heading “Controller” (e.g. by telephone, fax or letter) in order to exercise all of your listed rights.
7. Data security
COIA also uses appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. The security measures are continuously reviewed and improved in line with technological developments.
8. Use of external fonts
9. Use of Zoom
We use the online tool “Zoom”, a service of Zoom Video Communications Inc, 55 Almaden Boulevard, 6th Floor San Jose CA 95113 / USA for video calls, webinars and other digital face-to-face communication. The following privacy notice applies in the event that we send you a Zoom link to participate in an online meeting or make it available on our website. In this case, Zoom is a processor within the meaning of Article 28 GDPR, and we have concluded a processor agreement with Zoom for this purpose.
After clicking on a Zoom link sent or provided by us, Zoom needs and requires your first and last name and, if applicable, the entry of the password sent by us for your admission to a meeting. We need your email address to send you the Zoom link. This will also be sent to Zoom. In addition to that, your IP address (which may also be used to determine your location) and device information will be transmitted to us and Zoom when the meeting begins. The same applies to the topic of the meeting and the description stored, if applicable. Further data, such as your job title or calendar integration is only transmitted if you enter it.
When you dial in via your phone / smartphone, Zoom receives your phone number, information about your location and the start and end time of the call. We also receive this information when you dial in from your phone.
As a matter of principle, we do not record meetings. If we do make a recording, we will inform you separately about the data collected in the process and obtain your consent.
Depending on which Zoom features you use during the meeting, data from your camera, microphone, location and text messages you leave (e.g. as part of the chat features), information about Zoom’s product and website usage (e.g. number of times you attend meetings) may be collected and transmitted to us and/or Zoom.
Some of your data, especially your name and possibly your phone number, may be visible to other meeting participants, depending on the zoom setting.
If you have a Zoom account, the data collection may be more extensive than described above.
You can find more detailed information on data protection at Zoom at: https://explore.zoom.us/docs/de-de/privacy.html.
The legal basis for data processing through Zoom is our overriding legitimate interest in the functioning of online meetings according to Article 6 para 1 lit. f GDPR. If the meetings are held in connection with a contractual relation, such as a parties’ agreement with COIA, the legal basis for the data processing is the necessity for the execution of the contract according to Article 6 para. 1 lit. b GDPR
We are not responsible for further data processing by Zoom, on which we have no influence.
10. Data transfer to third countries
The use of external services may result in the transfer of data to third countries outside the European Union. Insofar as a lower level of data protection exists in these countries than in the European Union and insofar as no adequacy decision issued by the Commission of the European Union exists for these countries according to Article 45 GDPR, we act with internal agreements and regulations to ensure an adequate level of protection for your data. To achieve this goal, we also make use of Standard Contractual Clauses of the European Union. To the extent that these measures are not possible or sufficient, we would like to point out that the transfer of your data to third countries is based on your consent according to Article 49 of the GDPR and may also be necessary for the performance of a contract according to Article 49 GDPR. However, we would like to point out at the same time that in these cases (transfer of data to third countries) there is a possibility that the protection of your data is not guaranteed to the same extent as within the European Union. In the USA in particular, security authorities have easier access to personal data. In such cases, you will not be able to assert your above-mentioned data subject rights with the same effectiveness as within the European Union.
11. Storage period
In principle, we only store your data for as long as it is required to fulfil the underlying purpose in each case. In addition, we store data within the legally permitted and required periods, which generally end three years after the end of the year in which you entered into contractual contact with us. In certain cases, however, statutory storage periods of 10 or 30 years may also apply.