Thank you for your interest in our website. We find it important to protect your privacy. The aim of this privacy statement is to provide you with more information as to how we will process your personal data, the extent and purposes of such data processing, and your rights as a data subject.
 

1. General section

1.1 Scope of Application

1.2 Legal Basis

1.3 Name and address of the controller

1.4 Name and address of the data protection officer

1.5 Contact details of the competent supervisory authority

1.6 Data protection principles and your rights

1.7 Information on cookies and similar technologies

1.8 Changes to this privacy statement

2 Special section

2.1 Provision of our website

2.2 Collection of access and connection data

2.3 Identification of sessions

2.4 Website settings

2.5 Analysis of website usage with Matomo

2.6 Members’ area

2.7 Subscription to the EZA magazine

2.8 Contacting us

2.9 Application process

This privacy statement applies to all pages and sub-pages that can be accessed on www.eza.org (hereinafter referred to as the “web site”).

The legal foundations of data protection can be found in the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

The “controller”, as defined in the GDPR, other national data protection laws in the member states of the European Union and other data protection regulations, is:

Europäisches Zentrum für Arbeitnehmerfragen (EZA)
= European Centre for Workers’ Questions
represented by Sigrid Schraml
Johannes-Albers-Allee 2
53639 Königswinter
Germany
Tel.: +49 (0) 22 23 – 29 98 – 0
Fax: +49 (0) 22 23 – 29 98 – 22
E-mail: eza(at)eza.org

- hereinafter referred to as “the controller”, “we” or “us”.

The following person has been appointed as the data protection officer:

Lukas Biniossek
SCO-CON:SULT GmbH
Hauptstraße 27
53604 Bad Honnef
Germany
E-mail: datenschutz(at)eza.org
www.sco-consult.de

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
[i. e. State Commissioner for Data Protection and the Freedom of Information in North Rhine-Westphalia]
Kavalleriestr. 2-4
40213 Düsseldorf
Germany
Telefon: +49 (0) 211/38424-0
Fax: +49 (0) 211/38424-10
E-mail: poststelle(at)ldi.nrw.de

This privacy statement features the terminology used by the European legislature in the General Data Protection Regulation (GDPR). The definitions can be found in the Official Journal of the European Union.

The following principles apply to all processing activities described in this privacy statement:

We will only ever collect your personal data for the specified purposes. The scope of processing will be limited to what is necessary for such purposes. The controller reserves the right to process your personal data if this is necessary to pursue its legitimate interest in establishing, exercising or defending legal claims.

Your personal data may be processed if at least one of the following conditions is met:

• You consent to the processing of your data in accordance with point (a) of Art. 6 (1) GDPR;
• The processing is necessary for the performance of a contract or pre-contractual measures in accordance with point (b) of Art. 6 (1) GDPR;
• The processing is necessary for compliance with a legal obligation to which we are subject in accordance with point (c) of Art. 6 (1) GDPR; or
• The processing is necessary for the purposes of the legitimate interests pursued by us or a third party, unless such interests are overridden by your own interests or your fundamental rights and freedoms, in accordance with point (f) of Art. 6 (1) GDPR.

Your personal data will be deleted or blocked as soon as it is no longer required for the purpose for which it was originally stored. However, your personal data may be stored beyond this period if this is stipulated by EU law or national legislation through EU regulations, laws or other provisions to which the controller is subject. Your data will then be deleted or blocked at the end of the retention period stipulated by such regulations, unless your data has to be stored beyond the statutory period for the purpose of concluding or performing a contract.

Your personal data will generally only be received by the controller and its processors hired in compliance with data protection law. However, your personal data may be transferred to third parties if the controller is entitled to do so by virtue of a special permit or if the controller is obliged to do so in accordance with certain legal provisions, administrative orders or judicial orders.

Your personal data will only be transferred to countries outside the European Union (EU) or the European Economic Area (EEA) if we can ensure an adequate level of protection (Art. 45 GDPR), if appropriate safeguards are provided (Art. 46 GDPR) or if the requirements are met for derogations for specific situations (Art. 49 GDPR).

As a responsible company, we do not use automated decision-making or profiling.

You have the following rights as a data subject:

If you have consented to the processing of your personal data, you may withdraw your consent at any time with future effect.

You may ask us to provide information as to whether your personal data is being processed. You may particularly request information on: the purposes of the processing; the categories of personal data concerned; the categories of recipient to whom your personal data has been or will be disclosed; the envisaged period for which your personal data will be stored or the criteria used to determine that period; whether you have the right to request the rectification or erasure of your data or the restriction of processing; whether you have the right to object to such processing; and whether you have the right to lodge a complaint. You may also request information regarding the source of any data not provided by yourself. In addition, you may ask us to provide information as to whether we are carrying out automated decision-making, whether your data is being transferred to a third country or international organisation and, if so, which safeguards are provided for such transfers. You may request a copy of your personal data, provided this does not impair the rights and freedoms of others.

Taking into account the purposes of processing, you may request the immediate rectification or supplementation of any incorrect or incomplete personal data that we hold on you.

You may request the deletion of any personal data that we hold on you if the purpose of processing no longer applies due to the passage of time or for any other reasons, if you withdraw your consent or object to the processing and there are no overriding reasons or other legal foundations for such, if there is no legal basis for data processing and the processing is not necessary to exercise our freedom of expression and information, to comply with a legal obligation, for reasons of public interest or to establish, exercise or defend legal claims. If we have made your personal data public, we will be obliged to take appropriate measures to inform all recipients that you have requested the erasure of all links to such personal data and the destruction of any copies thereof.

You may request the restriction of processing in the following cases: if you dispute the accuracy of your personal data (for a period enabling us to verify the accuracy of such); if the processing is unlawful but you oppose the erasure of your personal data and request the restriction of its use instead; if we no longer need the personal data for the purposes of processing, but you require the data to establish, exercise or defend legal claims; or if you have objected to processing pursuant to Art. 21 GDPR pending verification as to whether our legitimate interests override yours.

You have the right to receive any personal data provided on the basis of your consent or a contract with us, which is being processed by automated means, in a structured, commonly used and machine-readable format or to have such data transferred to another controller, provided this is technically feasible and does not impair the rights and freedoms of others.

You have the right to object, on grounds relating to your particular situation, to any processing of your personal data that we may be carrying out in pursuit of our own legitimate interests, unless we can demonstrate compelling legitimate reasons for processing that override your own interests, rights and freedoms. In addition, you may always object to any processing performed for direct marketing purposes. We will then no longer be allowed to process your data for such purposes.

Without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a supervisory authority if you believe the processing of your personal data constitutes a violation of the data protection regulations.

Whenever you access a website via your browser, small text files known as “cookies” are created to save data during and after your visit. For this purpose, unique strings of characters are regularly stored in cookies to enable servers to recognise your browser. While some cookies are stored by the page you visit (first-party cookies), others are stored by third-party providers (third-party cookies) whose services are featured on those pages. If a third-party service is featured on numerous websites, the third-party provider can store information about your user activities in cookies and track your activities across various websites. The domain of the page from which a cookie originates is stored in the cookie and access to the domain is restricted. While some cookies are only stored for the duration of a browser session (session cookies), others are stored until the point in time indicated in the cookie (permanent cookies). Once a cookie has expired, it will no longer be loaded when you visit the website and, depending on your browser, it will either be immediately deleted or overwritten.

You may configure your browser to notify you about the use of cookies and only allow cookies in specific cases, reject cookies in certain cases or generally, and enable the automatic deletion of cookies when you close your browser. If you disable cookies, however, you might not be able to fully use all the features of our website. You can find more information about your cookie settings in your browser’s help section or via the following links:

• Google Chrome
• Mozilla Firefox
• Safari
• Microsoft Edge
• Internet Explorer
• Opera

In addition, data may be stored for the same purpose in your browser’s local storage or local session storage.

You can find more information on the use of cookies and similar technologies for specific features of our website in the “special section” of this privacy statement.

We reserve the right to change this privacy statement to comply with new legal requirements or to incorporate changes in our services. The new version of our privacy statement will then apply to your next visit.

We hire an external service provider to provide our website as part of our outsourced data processing. The service provider is obliged to comply with the data protection regulations to the same extent as we are and ensures that our website data is handled reliably and securely. The personal data of data subjects collected via our website is stored on servers operated by the service provider within the European Economic Area (EEA). This data is stored separately from other applications. The service provider only processes personal data according to our instructions and only if this is necessary to perform its contractual obligations.

Whenever you access our website, our system will automatically collect information from your computer system.

The following data will be collected:

• Your browser type and version;
• Your operating system;
• Your IP address;
• The date and time of access;
• The address of the website from which your browser is redirected to our website; and
• The address of the page on our website that is accessed by your browser.

Your data will be stored in log files; however, your IP address will be anonymised before it is saved. This data will not be stored alongside other personal data belonging to data subjects.

We will process your personal data on the basis of point (f) of Art. 6 (1) GDPR.

Your IP address must be processed by our system to enable the website to be delivered to your computer. We will store your data in log files to pursue our overriding legitimate interest in ensuring the convenient use of our website and monitoring the security and stability of our system. Your data may be used to generate anonymised statistics.

No personal data will be stored in such log files.

You have the right to object to any processing based on our legitimate interests in accordance with Art. 21 GDPR. As this form of processing is strictly necessary to ensure the functionality and security of our IT systems, however, you generally do not have the right to object.

When you use our website, session cookies may be stored in your browser.

If you access a password-protected area of our website, our system will randomly assign a unique ID to your browser and store this for the duration of your session. The ID will be stored in a session cookie, which will be transmitted to our system when you access pages on our website. The ID may be linked to other data collected via our website. We will not be able to use the ID stored in the cookie to identify you as a data subject. The cookie will only be valid for our website and cannot be used to track your activities on third-party websites.

The following cookies may be stored and read in your browser to identify your sessions:

We will process your data on the basis of point (f) of Art. 6 (1) GDPR.

Our system uses session IDs to assign requests to a certain browser. We have to assign requests to browsers to enable permissions to be assigned on our website, to allow users to access password-protected areas and to keep them logged in. We have a legitimate interest in processing data for such purposes.

Your session data will be deleted at the end of each session or after a reasonable time limit for such purposes.

You have the right to object to any processing based on our legitimate interests in accordance with Art. 21 GDPR. As this form of processing is strictly necessary to ensure certain features of our website, however, you generally do not have the right to object.

Our website will use a cookie to store your configured settings and your consent to the use of certain services on our website. The tools used to manage your user settings are provided by our server. Your personal data will not be processed via our consent banner.

The cookie outlined below will be stored and read in your browser to manage your settings and consent. If you delete this cookie, all your saved settings will be deleted and any consent you have given will be revoked. Our website will then use the standard settings for each service.

We use the Matomo web analysis tool on our website. The Matomo software is provided by our own servers.

If you consent to the use of Matomo, the scripts required to run Matomo will be loaded from our servers. When Matomo is initialised, cookies will be stored containing unique IDs that will allow your browser to be recognised by Matomo when you visit pages on our website. These cookies will only be valid for our website and cannot be used to track your activities on third-party websites.

Whenever you access a page on our website, data relating to the page visit (e.g. the page from which you were redirected to our website and the page you have accessed), your browser and system information (e.g. browser, operating system, IP address) and data from cookies (incl. the ID stored in the cookie) will be processed, transferred to our server and stored there. Your IP address will be truncated to keep it anonymous before it is stored.

The following cookies may be stored and read in your browser to collect user data:

We will process your data on the basis of point (a) of Art. 6 (1) GDPR.

Your data will be processed to measure and analyse visitor numbers and the use of our website. The data collected for this purpose will be compiled in anonymised statistics and reports. We can use this data to see how many people are using our website and continuously improve our services.

No personal data will be stored.

You can manage and withdraw your consent via our website settings at any time. If you withdraw your consent, this will not affect the legality of any data processing carried out on the basis of your consent before the date of revocation. Your decision to allow the use of the service will be stored in a cookie. It will only apply to the browser you are currently using and must be refreshed once it has expired.

Our website features a password-protected area for members.

If you wish to access the members’ area, you will be assigned personal access data. When you log in, you will have to enter your access data (username and password).

We will process your data on the basis of point (b) of Art. 6 (1) GDPR.

If you are a member, we will process your data to enable access to the members’ area and fulfil the purposes of membership.

Your assigned access data will be stored for the duration of your membership.

You are generally unable to object to such processing. If you would like your access data to be deleted, please notify us accordingly.

You have the option of subscribing to the EZA magazine on our website.

If you subscribe to a newsletter via our website, we will process the data you enter in the subscription form:

• Title
• First name
• Last name
• Position
• Organisation
• Country
• Language (mandatory)
• Email address (optional)

The mandatory information will be marked with an asterisk in the form. All other information is optional. We will initially process your data for the purpose of sending you an email to confirm your subscription. The confirmation email will contain a link which you can open to inform us that you wish to confirm your subscription. Your confirmed email address will be transferred to a system used to manage our subscriptions. All subscriptions and cancellations are stored in our system. Your email address and IP data will be recorded for the points in time at which you subscribe, confirm your subscription and unsubscribe.

We will process your subscription data on the basis of point (f) of Art. 6 (1) GDPR. We will process your data to send you newsletters and manage your subscriptions on the basis of your consent in accordance with point (a) of Art. 6 (1) GDPR. You will give your consent by opening the confirmation link sent to your email address. We will refer to this privacy statement in the confirmation email. We will store data on your subscription, confirmation and cancellation on the basis of point (f) of Art. 6 (1) GDPR.

We will process your data from the newsletter subscription form for the purpose of sending you a confirmation email and pursuing our legitimate interest in providing a method of subscribing to our newsletter. We will use your confirmed email address to send you newsletter emails and manage your subscription. We will process any optional information you provide to tailor our services to our subscribers. We will store data on your subscription, confirmation and cancellation to pursue our legitimate interest in providing evidence to defend ourselves against any legal claims.

We will store and use your data for the duration of your newsletter subscription. If you unsubscribe from the newsletter or revoke your declaration of consent, we will store data on your subscription, confirmation and cancellation for 3 years.

You can cancel your subscription or revoke your declaration of consent at any time by clicking on the “unsubscribe” link in each newsletter. If you withdraw your consent, this will not affect the legality of any data processing carried out on the basis of your consent before the date of revocation. You also have the right to object to any processing based on our legitimate interests in accordance with Art. 21 GDPR. If your data is stored for the purpose of providing evidence to defend ourselves against any legal claims, however, you will generally not have the right to object.

Our website provides contact details (e.g. addresses, telephone numbers and email addresses) to enable you to quickly contact us and communicate directly with us and your dedicated contacts within our organisation.

We will process the personal data that you provide to us, as determined by the chosen means of communication. This may include your full name, your address, your telephone number, your email address and any other personal data that you provide to us in the course of our correspondence. Your data will be received by persons within our organisation and by our processors who are commissioned in accordance with data protection law. Subject to the provisions outlined in the “general section” of this privacy statement, your data will not be passed on to third parties without your consent.

In order to facilitate your communication with us, we will process your personal data on the basis of point (f) of Art. 6 (1) GDPR. If the aim of contacting us is to conclude or perform a contract, the additional legal basis for processing will be point (b) of Art. 6 (1) GDPR.

We will process your data for the purpose of contacting you, communicating with you and following up on our correspondence. For these reasons, we have a legitimate interest in processing your data.

Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was originally stored. This will be assessed on a case-by-case basis. The provisions on retention periods indicated in the “general section” of this privacy statement also apply.

You have the right to object to any processing based on our legitimate interests in accordance with Art. 21 GDPR. You may be unable to object to such processing if it is necessary for concluding or performing a contract or providing evidence.

Our website provides contact details for sending job applications. If you send us your application via email, please note that your information may be transmitted in an unencrypted form.

During the application process, we will process the personal data contained in your application documents such as your contact details, information about your training, qualifications, work experience and skills, and any information you may have provided by phone or verbally. We may also receive data from third parties (e.g. employment agencies). We will only share your personal data with the departments and individuals within our organisation who are responsible for deciding whether to conclude an employment contract with you. If administrators require access to the processed data, they will be obliged to maintain secrecy and will not be permitted to process your data for any other purposes.

Your data will only be disclosed to third parties if this is necessary for performing our contractual and legal obligations or for pursuing our legitimate interests (e.g. in a legal dispute) or if you consent to such. Your consent is optional and will have no bearing on the application process.

We will process your personal data to conduct the application process and conclude an employment contract with you on the basis of Art. 88 GDPR in conjunction with the first sentence of Section 26 (1) BDSG and point (b) of Art. 6 (1) GDPR. If we do not conclude an employment contract with you, we will continue to store your personal data after the application process on the basis of point (f) of Art. 6 (1) GDPR. If we process your data on the basis of your consent, the legal basis will be point (a) of Art. 6 (1) GDPR.

We will process your data for the purpose of deciding whether to conclude an employment contract with you. If your application is successful, we may continue to process the personal data you have provided for the purpose of managing the employment relationship. If we cannot offer you a position within our organisation, if you reject our job offer or if you withdraw your application, we may continue to process your data for the purpose of pursuing our legitimate interest in retaining evidence for the establishment, exercise or defence of legal claims and in the event of a legal dispute. In particular, we may require such information to provide evidence in proceedings held under the German General Equal Treatment Act (AGG).

We will store your personal data for as long as necessary to make a decision regarding your application. If we do not conclude an employment contract with you, we will delete your personal data 6 months after the application process has ended. We will only continue to store your data beyond this period without your explicit consent if this is necessary for the establishment, exercise or defence of legal claims for the duration of the legal dispute. If you consent to the prolonged storage of your data, the retention period will depend on the content of your consent. If we conclude an employment, apprenticeship or internship contract with you at the end of the application process, your data will be transferred to our personnel files and deleted in accordance with the applicable regulations.

You may withdraw your consent at any time with future effect. If you withdraw your consent, this will not affect the legality of any data processing carried out on the basis of your consent before the date of revocation. Please refer to the contact details indicated on our website. You also have the right to object to any processing based on our legitimate interests in accordance with Art. 21 GDPR. If your data is stored for the purpose of providing evidence to defend ourselves against any legal claims, however, you will generally not have the right to object.