Information in accordance with the EU General Data Protection Regulation (EU GDPR)

Duty to inform

1. Name and contact details of the controller and the company data protection officer

Responsible within the meaning of Art. 4 No. 7 EU GDPR is

Creditreform Rating AG
Europadamm 2-6
41460 Neuss
Neuss, Germany
+49 2131 109-626
info@creditreform-rating.de

Data Protection Officer

You can reach our data protection officer at

Creditreform Rating AG
Europadamm 2-6
41460 Neuss
Germany

+49 2131 109-4255
datenschutz@creditreform-rating.de

2. Categories of personal data processed

Our databases process information on the names of the analysts involved in the rating, information on the company name as well as company and economic information from public and non-public sources.

3.Purposes of data processing

We process the data in order to carry out our activities as a European rating agency. This includes in particular the preparation of ratings and the communication of rating data to the supervisory authorities.

4.Legal bases for data processing

As soon as we process personal data in the area of creating ratings, the legal basis is Art. 6 para. 1b EU GDPR.

If personal data is processed when communicating with supervisory authorities, Art. 6 (1c) EU GDPR serves as the legal basis.

In the area of data processing for direct advertising and marketing, the legal basis is Art. 6 (1f) EU GDPR. In this case, our legitimate interest overrides the rights and freedoms of the data subject, as the data subjects (existing customers) must reasonably expect processing.

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1a EU GDPR serves as the legal basis for the processing of personal data.

The storage of data (e.g. IP address) in server log files is done to ensure IT security, to optimize our website and to analyze malfunctions. The legal basis for this is Art. 6 para. 1f EU GDPR. In this case, our legitimate interest outweighs the rights and freedoms of the data subject, as the data is only stored for a short period of time, is not used for marketing purposes and is protected by technical measures.

5. Origin of the data

Some of the company and economic information comes from publicly accessible sources such as public registers, the internet, the press and other media. In some cases, the data is collected directly from the rating objects concerned.

6. Categories of recipients of the personal data

The recipients of data include our customers on the one hand and the supervisory authorities on the other. As a rule, this does not constitute personal data.

7. Duration of data storage

Our personal data is stored for as long as it is necessary for the performance of rating activities or as required by regulatory requirements. Data subjects can also request the deletion of their data by e-mail (datenschutz@creditreform-rating.de) after this period has expired.

8. Rights of data subjects

Every data subject has the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR and the right to restriction of processing under Art. 18 GDPR. If you have given your consent to the processing of the data stored by us, you have the right to withdraw this consent at any time. Withdrawal does not affect the lawfulness of the processing of your data based on your consent prior to any withdrawal. We will process any requests as quickly as possible.
You can complain about the processing of data by us to the state data protection officer responsible for your federal state.

Hosting

This website is hosted externally by the following provider:

Hetzner Online GmbH

Industriestr. 25

91710 Gunzenhausen, Germany

The personal data collected on this website is stored on the host’s servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

External hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1b EU GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1f EU GDPR).

If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1a EU GDPR and § 25 para. 1 Telecommunications Telemedia Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information in the user's terminal device within the meaning of the TTDSG. Consent can be revoked at any time.

Our host will  process your data only to the extent necessary to fulfill its contractual obligations and will act in accordance with our instructions regarding this data.

We have concluded an order processing contract for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the EU GDPR.

Application

As part of the application process, it is essential for us to store and process your personal data. We would hereby like to inform you about the purpose and type of processing. With this information letter, we fulfill, among other things, the information obligations imposed on us by data protection law, in particular within the meaning of Art. 13 EU GDPR.

We use the following online service for our applicant management:

Softgarden e-Recruiting GmbH

Tauentzienstr. 14

10789 Berlin, Germany

Applicants have the opportunity to submit a digital application via an I-Frame integrated on our website.

As soon as you as an applicant click on one of the links in the integrated job list, you will be forwarded directly to the Softgarden site. Your IP address will be transmitted to Softgarden as personal data. You can find more information in Softgarden's data protection information: https://softgarden.com/de/datenschutz-software-und-service/        

We handle your applicant data as follows:

1. Name and contact details of the controller and the company data protection officer

Creditreform Rating AG
Europadamm 2-6
41460 Neuss
Neuss, Germany
+49 2131 109-626
info@creditreform-rating.de     

Data Protection Officer

You can reach our data protection officer at

Creditreform Rating AG
Europadamm 2-6
41460 Neuss
Germany

+49 2131 109-4255
datenschutz@creditreform-rating.de

2. Categories of personal data processed

For the purpose of processing applicant data, we process the following data from you: Salutation, title if applicable, surname, first name, date of birth, e-mail address, telephone number, address, bank details if applicable and identification documents, references and certificate data.

3. Purposes of data processing

We process your personal data in our application system exclusively for the purposes necessary to ensure that the application process is carried out effectively and correctly. This also includes data that is only added in the course of the application process, e.g. data due to queries or subsequently submitted documents. We also process your personal data for verification purposes and with regard to any subsequent legal disputes.

4. Legal bases for data processing

Processing is based on consent (Art. 6 (1a) EU GDPR) and on Art. 6 (1f) EU GDPR, insofar as processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Processing is also carried out on the basis of Art. 6 para. 1b EU GDPR. In order to carry out the application procedure and to decide on the establishment of an employment relationship, processing is also carried out on the basis of Section 26 (1) sentence 1 of the Federal Data Protection Act (BDSG).

5. Categories of recipients of the personal data

Your personal data will not be passed on to external third parties without your consent. In order to assess your documents, they will be forwarded to the relevant contact person in the department for which the application is intended.

6. Duration of data storage / data deletion

The data will be stored for as long as is necessary to complete the application process. If the data is no longer required, it will be deleted. For verification purposes and with regard to any subsequent legal disputes, data on rejected applicants will be deleted no later than six months after the end of the application process. A longer storage of your data is only possible with your explicit consent.

7. Rights of data subjects

Every data subject has the right of access to Creditreform Rating pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR and the right to restriction of processing pursuant to Art. 18 GDPR.

If you have given your consent to the processing of the data stored by us, you have the right to withdraw this consent at any time. Withdrawal does not affect the lawfulness of the processing of your data based on your consent prior to any withdrawal.

You can complain about the processing of data by us to the state data protection officer responsible for your federal state.

If the processing is based on an overriding legitimate interest, you can object to the data processing for the purpose of applicant data management at any time. The data will then no longer be processed for this purpose. You also have the right to object to data processing for direct marketing purposes. This also applies to profiling insofar as it is related to direct advertising.

Further general information about visiting our website

General information

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

The use of our website is generally possible without providing personal data. Insofar as personal data (e.g. name, address or e-mail addresses) is collected on our website, this is always done on a voluntary basis as far as possible.

An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law. Any further transfer of personal customer data to third parties does not take place. However, we are authorized to provide the competent authorities with information about your data in individual cases if they request your data for the purpose of fulfilling their legal powers (e.g. criminal prosecution).

We would like to point out that data transmission via the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

We hereby expressly prohibit the use of contact data published as part of our duty to provide a legal notice for the purpose of sending unsolicited advertising and information material. The operators of the website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This information includes

  • Browser type and version
  • Operating system used
  • IP address of the accessing computer
  • Date and time of the server request

The log files contain pseudonymized IP addresses or other data that may allow a partial assignment to a user. This data is not stored together with other personal data of the user. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use.

The legal basis for the temporary storage of data and log files is Art. 6 (1f) EU GDPR.

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
The data is stored in log files to ensure the functionality of the website. We also use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the website users are deleted or anonymized so that they can no longer be associated with the accessing user.

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.

Cookies

The website partly uses so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

The legal basis for the processing of personal data using cookies is Art. 6 (1f) EU GDPR.

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change.
We require cookies for the following applications:

  • Use of the login
  • Transfer of language settings
  • Remembering search terms

The user data collected by technically necessary cookies is not used to create user profiles.

Cookies are stored on the user's computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

Registration/Account setup

On our website, we offer users the opportunity to register voluntarily by providing personal data. The data is entered into an input mask and transmitted to us and stored. The personal data we receive from you is protected against access by third parties using the greatest possible security precautions. We will not pass on or sell your data to third parties.
The following data is collected as part of the registration process:

  • First/last name
  • Country
  • Company affiliation
  • Business phone number and e-mail address
  • Personal password

The following data is also stored at the time of registration:

  • The IP address of the user
  • Date and time of registration

As part of the registration process, your consent is obtained for the processing of the data and reference is made to this privacy policy.

The legal basis for the processing of the data is Art. 6 para. 1a EU GDPR if the user has given consent.
If the registration serves the fulfillment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1b EU GDPR.

User registration is required for the provision of certain content and services on our website.
Furthermore, user registration is required for the fulfillment of a contract with the user or for the implementation of pre-contractual measures. The information you provide is required for the purpose of billing and invoicing.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for the data collected during the registration process if the registration is cancelled or modified by the user on our website.
Furthermore, this is the case for the data collected during the registration process for the fulfillment of a contract or for the implementation of pre-contractual measures if the data is no longer required for the implementation of the contract. Even after conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations.

As a user, you have the option of cancelling your registration at any time. You can change or correct the data stored about you at any time. To delete your account, please contactinfo@creditreform-rating.de or the data protection officer (for contact details, see information obligations). We will comply with your deletion request immediately.
If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

Contact form and e-mail contact

A contact form is available on our website, which can be used voluntarily to contact us electronically. If a user voluntarily makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are

  • Salutation
  • First/last name
  • Company affiliation
  • Position in the company
  • Address of the company (zip code, city)
  • Business phone number and e-mail address
  • Type of product interest
  • Free text information

The following data is also stored at the time the message is sent:

  • The IP address of the user
  • Date and time of completion of the form

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted in the e-mail will be stored.
The data will not be passed on to third parties in this context. The data is used exclusively for the processing of the conversation or for the implementation of pre-contractual measures.

The legal basis for processing the data is Art. 6 (1f) EU GDPR. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1b EU GDPR.

The processing of personal data from the input mask of the contact form serves us solely for the purpose of establishing contact and for the implementation of pre-contractual measures. If you contact us by email, we also have a legitimate interest in processing the data.
The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. The revocation of consent and the objection to storage can be sent by e-mail to info@creditreform-rating.de or to the data protection officer (for contact details, see information obligations). All personal data stored in the course of contacting us will be deleted in this case.
If the data is required to carry out pre-contractual measures or to fulfill a contract, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

Integration of OpenStreetMap

We use Softgarden for our applicant management (see Application). The I-Frame integrated on our site accesses the open source map service "OpenStreetMaps" (= "OSM") to display geodata. The provider is the OpenStreetMap Foundation. To use OSM, it is necessary to save the IP address of your end device; in addition, the map material is loaded from an external server.

The use of OSM is in the interest of an appealing presentation of our job offers, is specified as a form of presentation by Softgarden and represents a legitimate interest within the meaning of Art. 6 para. 1f EU GDPR.

Address of the third-party provider:

OpenStreetMap Foundation CLG

132 Maney Hill Road, Sutton Coldfield, West Midlands

B72 1JU, United Kingdom

Encryption

To ensure the security of your data during transmission, we use state-of-the-art encryption methods via HTTPS.

Reference to data transfer to the USA/third countries

We cannot rule out the possibility that service providers may transfer data to countries outside the EU. Due to the laws of non-EU countries (e.g. within the framework of the so-called Cloud Act in the USA), even if these agreements and regulations are concluded, there is a possibility that government agencies in particular may access your personal data without us or you being able to prevent, stop or control this. For these reasons, your consent, e.g. to the use of cookies for the above-mentioned services, also includes the purpose of data transfer to countries outside the EU.
Otherwise, we do not transfer your personal data, which you transmit to us when using our website, to countries outside the EU or the EEA or to international organizations.

Information on online dispute resolution:

The EU Commission provides a platform for online dispute resolution on the Internet at the following link
http://ec.europa.eu/consumers/odr
This platform serves as a contact point for the out-of-court settlement of disputes arising from online purchase or service contracts in which a consumer is involved.

We are neither obliged nor willing to participate in dispute resolution proceedings before a consumer arbitration board.