1. Data protection

1.1 Data protection at a glance

1.1.1 General notes

The following notes provide a simple overview of what happens to your personal data when you visit our website. Personal data are all data with which you can be personally identified. For detailed information on the subject of data protection, please refer to our data protection declaration listed below this text.

1.1.2 Data collection on our website

Who is responsible for the data collection on this website?
The data processing on this website is carried out by the website operator. His contact details can be found in the Legal Notice of this website.

How do we collect your data?
Your data is collected when you provide us with this information. This can be data that you enter in a contact form, for example.

Other data is automatically collected by our IT systems when you visit the website. These are mainly technical data (e.g. internet browser, operating system or time of the page call). This data is collected automatically as soon as you enter our website.

What do we use your data for?
Part of the data is collected to ensure that the website is provided without errors. Other data can be used to analyse your user behaviour.

What rights do you have regarding your data?
You have the right to receive information free of charge about the origin, recipient and purpose of your stored personal data at any time. You also have the right to demand the correction, blocking or deletion of this data. For this purpose, as well as for further questions regarding data protection, you can contact us at any time at the address given in the imprint. Furthermore, you have a right of appeal to the responsible supervisory authority.

You also have the right, under certain circumstances, to request that the processing of your personal data be restricted. For details, please refer to the Privacy Policy under „Right to limit processing“.

1.1.3 Analysis Tools and third-party tools

When you visit our website, your surfing behaviour can be statistically evaluated. This is mainly done with cookies and with so-called analysis programs. The analysis of your surfing behaviour is usually anonymous; the surfing behaviour cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. You will find detailed information on this in the following data protection declaration.

You can object to this analysis. We will inform you about the possibilities of objection in this privacy policy.

2. Hosting

2.1 Hosting with All-Inkl

This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host’s servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated by a website.

The use of the host is for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).

Our host will only process your data to the extent necessary to fulfil its performance obligations and will follow our instructions with regard to this data.

We use the following host: ALL-INKL.COM – Neue Medien Münnich, Inh. René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany (hereinafter: All-Inkl).‘

Our data is processed in European computer centres in compliance with GDPR. Data processing is carried out on the basis of standard contractual clauses of All-Inkl:
https://all-inkl.com/datenschutzinformationen/

Order processing
We have concluded a contract on order processing (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

3. General notes and compulsory information

3.1 Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this data protection declaration.

When you use this website, various personal data is collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. A complete protection of data against access by third parties is not possible.

3.1.1 Note on the responsible body

The responsible party for data processing on this website is:

Luksit GmbH & Co. KG
Käthe-Niederkirchner-Straße 10 | 10407 Berlin
Amtsgericht Berlin (Charlottenburg)
Germany

Phone: +49 (0)30 40 526 885
E-Mail: kontakt@luksit.de

Responsible party is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

3.1.2 Data Protection Officer required by law

We have appointed a Data Protection Officer for our company:

Robin Data GmbH
Fritz-Haber-Str. 9
06217 Merseburg
www.robin-data.io

Phone: +49 30 40 526 885
E-Mail: datenschutz@luksit.de

3.1.3 Storage duration

Unless a more specific storage period has been specified within this data protection declaration, your personal data will remain with us until the purpose for which it was collected ceases to apply. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons have ceased to apply.

3.1.4 Note on data transfer to the USA and other third countries

Among other things, our website includes tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. Therefore, it cannot be ruled out that U.S. authorities (e.g. intelligence agencies) may process, evaluate and permanently store your data located on U.S. servers for monitoring purposes. We have no influence on these processing activities.

3.1.5 Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

3.1.6 Right to object to data collection in special cases and to direct marketing (Art. 21 GDPR)

If the data processing is carried out on the basis of Article 6 paragraph 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation, including profiling based on these provisions. You will find the respective legal basis on which processing is based in this data protection declaration. If you object, we will no longer process your personal data unless we can demonstrate compelling reasons for processing which are worthy of protection and which outweigh your interests, rights and freedoms, or unless the processing serves the assertion, exercise or defence of legal claims (objection pursuant to Art. 21 para. 1 GDPR).

If your personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it is linked to such direct marketing. If you object, your personal data will no longer be used for the purpose of direct marketing (objection under Art. 21 para. 2 GDPR).

3.1.7 Right of appeal to the competent supervisory authority

In the case of infringements of the GDPR, the data subjects have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the suspected infringement. This right of appeal is without prejudice to other administrative or judicial remedies.

3.1.8 Right to data transferability

You have the right to have data, which we process automatically on the basis of your consent or in fulfilment of a contract, handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only take place to the extent that it is technically feasible.

3.1.9 SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from „http://“ to „https://“ and by the lock symbol in your browser line.

If the SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

3.1.10 Information, deletion and correction

Within the framework of the applicable legal provisions, you have the right to obtain information free of charge at any time about your stored personal data, its origin and recipients and the purpose of the data processing and, if applicable, a right to correct or delete this data. For this purpose, as well as for further questions regarding personal data, you can contact us at any time at the address given in the legal notice.

3.1.11 Right to limit processing

You have the right to request the restriction of the processing of your personal data. To do so, you can contact us at any time at the address given in the legal notice. The right to restrict processing exists in the following cases:

If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the review, you have the right to request that we limit the processing of your personal data.
If the processing of your personal data was/is carried out unlawfully, you can request the restriction of data processing instead of deletion.
If we no longer need your personal data, but you do need it to exercise, defend or assert legal claims, you have the right to request that we limit the processing of your personal data instead of deleting it.
If you have lodged an objection under Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests outweigh the interests of the parties, you have the right to demand that the processing of your personal data be restricted.

If you have restricted the processing of your personal data, such data may be processed – apart from their storage – only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

3.1.12 Objection to advertising e-mails

We hereby object to the use of contact data published within the scope of the legal notice obligation to send advertising and information material not expressly requested. The operators of this website expressly reserve the right to take legal action in the event that unsolicited advertising information is sent, for example by spam e-mails.

4. Data collection on our website

4.1 Cookies

Our Internet pages use so-called „cookies“. Cookies are small text files and do not cause any damage on your end device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or until they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your end device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for the processing of payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies are used to evaluate user behaviour or display advertisements.

Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, e.g. for the shopping basket function) or to optimise the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is given. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimised provision of their services. If consent to the storage of cookies has been requested, the storage of the cookies in question will be carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR); the consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or generally, and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you separately about this within the framework of this data protection declaration and, if necessary, request your consent.

4.2 Consent with Borlabs Cookie

Our website uses Borlabs Cookie Consent technology to obtain your consent to the storage of certain cookies in your browser or to the use of certain technologies and to document this in accordance with data protection law. The provider of this technology is Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter Borlabs).

When you enter our website, a Borlabs cookie is stored in your browser, which stores the consents you have given or the revocation of these consents. This data is not shared with the Borlabs cookie provider.

The collected data will be stored until you request us to delete it or delete the Borlabs cookie yourself, or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected. Details on the data processing of Borlabs Cookie can be found under: https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/ .

The use of Borlabs cookie consent technology takes place in order to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

Cookie settings

4.3 Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

Browser type and version
Operating system used
Referrer URL
Host name of the accessing computer
Time of the server request
IP address

These data are not merged with other data sources and are recorded on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of his website – for this purpose the server log files must be recorded.

4.4 Inquiry by e-mail, telephone

If you contact us by e-mail or telephone, your inquiry including all personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 Para. 1 lit. b GDPR if your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and / or on our legitimate interests (Art. 6 para. 1 lit. f GDPR), as we have a legitimate interest in the effective processing of the inquiries addressed to us.

The data sent to us by you via contact enquiries will remain with us until you request us to delete it, revoke your consent for storage or the purpose for which the data was stored no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

4.5 Calendly

On our website you have the possibility to make appointments with us. We use the tool „Calendly“ for booking appointments. The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter „Calendly“).

For the purpose of booking the appointment, enter the requested data and the desired date in the mask provided. The entered data will be used for the planning, execution and, if necessary, for the follow-up of the appointment. The appointment data is stored for us on the servers of Calendly, whose privacy policy you can view here: https://calendly.com/de/pages/privacy .

The data you enter will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Mandatory legal provisions – in particular retention periods – remain unaffected.
The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in making it as uncomplicated as possible to arrange appointments with interested parties and customers. If consent has been requested, Art. 6 para. 1 lit. a GDPR is the legal basis for data processing; consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://calendly.com/pages/dpa .

4.6 CRM »Close«

We use the CRM system Close: Elastic. Inc, PO BOX 7775, SAN FRANCISCO, CA 94120 7775, USA. In Close we collect and manage data of prospective customers, active as well as inactive customers for the implementation of pre-contractual and contractual measures. The data of old customers will be deleted after expiration of the legal periods or upon request, unless a legal regulation contradicts a deletion.

We have concluded a standard EU contract with Elastic Inc. Further info on data protection at Elastic can be found at: https://www.close.com/gdpr

5. Social media

5.1 Linkedin

This website uses features of the LinkedIn network. Provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Each time a page of this website that contains LinkedIn features is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited this website with your IP address. If you click on the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn is able to associate your visit to this website with you and your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or their use by LinkedIn.

The use of the LinkedIn plugin is based on Art. 6 para. 1 bed. f GDPR. The website operator has a legitimate interest in the widest possible visibility on social media. If a corresponding consent has been obtained, the processing takes place exclusively on the basis of Art. 6 para. 1 bed. a GDPR; consent is revocable at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-der- schweiz?lang=de

6. Analysis tools and advertising

6.1 Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it. However, the Google Tag Manager records your IP address, which may also be transmitted to Google’s parent company in the United States.

The use of the Google Tag Manager is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in a quick and uncomplicated integration and management of various tools on his website. If a corresponding consent has been requested, the processing is based exclusively on Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

6.2 Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, duration of visit, operating systems used and origin of the user. This data may be summarized by Google in a profile that is assigned to the respective user or their end device.
Furthermore, Google Analytics may record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modeling approaches to supplement the collected data sets and uses machine learning technologies in the data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is based exclusively on Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/ .

IP Anonymization
We have activated the IP anonymization function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

Browser Plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de .
For more information on how Google Analytics handles user data, please see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de .

Order processing
We have concluded an order processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Demographic characteristics in Google Analytics
This website uses the „demographic characteristics“ function of Google Analytics to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be generated that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as from visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item „Objection to data collection“.

Storage duration
Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymized or deleted after 2 months. Details on this can be found under the following link: https://support.google.com/analytics/answer/7667196?hl=de

7. Plugins and tools

7.1 YouTube

This website includes videos from YouTube. The website is operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Irland.

Automatic loading and starting of YouTube videos is technically prevented. As a website user must consciously start a video. If you start a video, YouTube automatically performs the following actions in the background.

As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited. If you are logged in to your YouTube account, you enable YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, YouTube may store various cookies on your device after starting a video or use similar recognition technologies (e. g. device fingerprinting). This allows YouTube to receive information about visitors to this website. This information is used, inter alia, to collect video statistics, to improve user-friendliness and to prevent fraud.

If necessary, further data processing operations may be triggered after the launch of a YouTube video, over which we have no control.
The use of YouTube is in the interest of an attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 bed. f GDPR give. If a corresponding consent has been obtained, the processing takes place exclusively on the basis of Art. 6 para. 1 bed. a GDPR; consent is revocable at any time.

For more information about data protection at YouTube, please refer to their privacy policy at: https://policies.google.com/privacy?hl=de .

8. Audio and video conferencing

8.1 Data processing

We use online conference tools, among others, to communicate with our customers and to conduct webinars, demos or online workshops. The specific tools we use are listed below. If you communicate with us via video or audio conference via the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.

In doing so, the conference tools collect all data that you provide/enter to use the tools or to register for a webinar, demo or online workshop. Furthermore, the conferencing tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other „contextual information“ related to the communication process (metadata).

Furthermore, the provider of the tool processes all technical data that are necessary for the handling of the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker and the type of connection.

If content is exchanged, uploaded or otherwise made available within the tool, it is also stored on the servers of the tool providers. Such content includes, but is not limited to, cloud recordings, chat/ instant messages, voicemail uploaded photos and videos, files, whiteboards and other information shared while using the Service.

Please note that we do not have full influence on the data processing procedures of the tools used. Our possibilities are largely determined by the corporate policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, which we have listed below this text.

Purpose and legal basis
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services (such as webinars, demos or online workshops) to our customers (Art. 6 (1) sentence 1 lit. b GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 (1) (f) GDPR).
GDPR). Insofar as consent has been requested, the use of the tools in question will be based on this consent; the consent can be revoked at any time with effect for the future.

We will also receive the data you provide when registering via a tool provider and transfer it to our CRM system Hubspot. In addition to conducting the audio or video conference, we will also use this data to send you advertising messages based on our legitimate interests in expanding our customer base (Art. 6 Para. 1 lit. f GDPR).

Storage duration
The data collected directly by us via the video and conference tools will be deleted by our systems as soon as you request us to delete it, revoke your consent for storage or the purpose for which the data was stored no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal retention periods remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

8.2 Conference tools used

We use the following conferencing tools:

8.2.1 Google Meet

We use Google Meet. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on data processing, please refer to Google’s privacy policy: https://policies.google.com/privacy?hl=de .

Order processing
We have concluded a order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

8.2.2 Zoom

We use Zoom. The provider of this service is Zoom Communications Inc, San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. For details on data processing, please refer to Zoom’s privacy policy: https://zoom.us/de-de/privacy.html
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://zoom.us/de-de/privacy.html.

Order processing
We have concluded a contract on data processing (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

9. Data processing in our processes

9.1 Handling of applicant data

We offer you the opportunity to apply for a job with us (e.g. by e-mail, by post or via online application form or by the Software „JOIN Solutions GmbH, Schönhauser Allee 36, 10435 Berlin, Germany“ with whom we have concluded a contract for order processing). In the following we will inform you about the scope, purpose and use of your personal data collected during the application process. We assure you that the collection, processing and use of your data will be in accordance with the applicable data protection laws and all other legal requirements and that your data will be treated in strict confidence.

Scope and purpose of data collection
If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during job interviews, etc.) to the extent that this is necessary to decide whether to establish an employment relationship. The legal basis for this is § 26 BDSG-neu according to German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general
contract initiation) and – if you have given your consent – Art. 6 para. 1 lit. a GDPR. Consent may be revoked at any time. Within our company, your personal data will only be passed on to persons involved in the processing of your application.

If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of § 26 BDSG-neu and Art. 6 Para. 1 lit. b GDPR for the purpose of carrying out the employment relationship.

Retention period of the data
If we are unable to offer you a job, if you reject a job offer or if we withdraw your application, we reserve the right to keep the data you have submitted with us for up to 6 months from the end of the application procedure (rejection or withdrawal of the application) on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR).

The data is then deleted and the physical application documents destroyed. The storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period (e.g. due to an imminent or pending legal dispute), the data will only be deleted when the purpose for further storage no longer applies.

A longer storage period can also take place if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if legal storage obligations prevent deletion.

Admission to the candidate pool
If we do not make you an offer of employment, we may have the opportunity to include you in our pool of applicants. In the event of admission, all documents and information from the application will be transferred to the applicant pool in order to contact you in the event of suitable vacancies.

Admission to the candidate pool takes place solely on the basis of your express consent (Art. 6 para. 1 lit. a GDPR). The consent is voluntary and has no relation to the current application process. The data subject may revoke his or her consent at any time. In this case, the data from the applicant pool will be irrevocably deleted, unless there are legal reasons for retention.
The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given.

10. Data protection in the Luksit app

10.1 Cookies

We do not use cookies in our Luksit web application. To ensure technical functionality, we use JSON Web Token (JWT) for authentication. JWT is an open standard (RFC 7519) that enables compact and self-contained information exchange between parties via a JSON object. This information is digitally signed. JWTs are encrypted to ensure confidentiality between the exchanging parties. Once the user is logged in, each subsequent request contains the JWT and allows the user to access paths, services, and resources that are authorized with this token.

10.2 Processing of Luksit profiles (Company)

Our app is used by creating user profiles. Here, we act only as a platform provider, so that the account holder (usually the employer) is exclusively responsible for processing the profile data created.

In this respect, the data stored in the profile is only processed by us according to instructions and on the basis of an order processing agreement with the account holder.

For our own purposes, however, parts of the data may be used to improve our platform and to enable troubleshooting in the event of malfunctions. The legal basis for this is in each case Art. 6 para. 1 f) GDPR. The legitimate interests lie in the possibility of improving the platform functionality.

A transfer of the data to third parties is generally excluded.
Further use of the data for other purposes is also only permitted within the scope of the reasons stated in this information.

10.3 Processing of Luksit profiles (Applicants)

Our app is used by creating user profiles, which are created by our corporate customers (employers or recruiters).

We are therefore only responsible for data processing insofar as the operation of the platform is concerned. Our corporate client is responsible for creating the user profile.
As an applicant, you can voluntarily consent to the performance of competence tests while using our app and on the basis of Art. 6 para. 1 lit. a) GDPR. In this case, your data will be processed in the form of personal data (first name, surname, gender, email address, password) and your skills assessments in the form of skills test results.

The skills profiles of applicants can be compared with job profiles created by employers. The matching result is displayed as a percentage value, which can serve as an indication of a potential fit. In principle, the matching between skills profile and requirements profile only takes place in the context of a current job advertisement. However, with your consent, the employer can add your skills profile to a pool and use it to determine your training requirements.

As a platform provider, we do not make any direct recommendation for the rejection or hiring of applicants. The data is only stored for as long as is necessary to achieve the purpose.
In this respect, the data stored in the profile is only processed by us in accordance with instructions and on the basis of an order processing contract with our corporate customers.

For our own purposes, however, parts of the data may be used to improve our platform and to enable troubleshooting in the event of malfunctions. The legal basis for this is Art. 6 para. 1 f) GDPR. The legitimate interests lie in the possibility of improving platform functionality.

We generally do not pass on the data to third parties (non-corporate customers). Further use of the data for other purposes by us is also only permitted within the scope of the reasons stated in this information. You will be informed separately about the handling of data by our corporate customers.

10.4 Contact and orders via contact form

If you are logged into the Luksit app, you can send us inquiries via the contact form. Your data from the inquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data to third parties without your consent.

The processing of this data is based on Art. 6 (1) lit. b GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this was requested.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions – in particular retention periods – remain unaffected.