A. Scope
This data privacy statement gives, in particular, an overview of the following information about our social media platforms:
• Which of your data are processed via our website?
• In what manner, to what extent, for what purposes and on what legal basis are these data used?
• What security measures are taken to protect your data?
• How can you object to individual data processing operations via our website?
• How can you obtain access to the information provided to us and, if necessary, assert further data subject rights against us?
B. Who is your contact (controller) for your data protection concern?
Controller within the meaning of the data protection regulation is:
e.solutions GmbH ("e.solutions")
Despag-Straße 4a
85055 Ingolstadt, Germany
Phone: +49 8458 3332-100
Fax: +49 8458 3332-333
www.esolutions.de
In some cases, the providers of the social media platforms themselves are controllers as defined by data protection law. For more information, please refer to “D.” and “E.”.
C. Data protection officer
Data protection officer: Dr. Carlo Piltz
PL Services GmbH
Südwestkorso 3
12161 Berlin
Tel: +49 30 814 53 50 00
Fax: +49 30 814 53 50 09
E-mail: datenschutzbeauftragter@esolutions.de
Web: www.piltz.legal
Please send all inquiries concerning data protection and the assertion of data subject rights (see below in this data privacy statement) to the address stated above for the attention of our data protection officer.
D. Facebook fan page
e.solutions has a Facebook fan page. That is a website offered on the platform owned by Meta Platforms Ireland Ltd. ( 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) (hereinafter referred to as “Facebook”) in order to present e.solutions as a company and, for example, to make contact with customers and interested persons. To be able to provide this fan page, e.solutions resorts to Facebook’s technical platform and services.
I. Joint responsibility with Facebook (“page insights”)
Joint responsibility of e.solutions and Facebook only applies to the processing of “insight data” insofar as these data are used to create “page insights”.
For the purpose of their joint responsibility, e.solutions and Facebook concluded an agreement which is available at: https://www.facebook.com/legal/terms/page_controller_addendum (“page insights addendum”). The agreement refers to those data collected in connection with a visit to or an interaction with our Facebook page, however, only insofar as these data are processed (afterwards) for “page insights”. “Page insights” cover analytics services helping page admins to better understand interactions with their pages. The purpose of data processing is the creation of aggregated statistics for website operators.
Therefore, it is about the processing of data within the scope of a person’s visit to or interaction with a Facebook page, however, only insofar as the purpose of the processing is for “page insights”. More detailed information on this is provided by Facebook at the following link: en-gb.facebook.com/help/pages/insights.
The “Information about Page Insights Data” available for data subjects (https://www.facebook.com/legal/terms/information_about_page_insights_data) lists information on how “insight data” are collected and used to create “page insights”:
• Viewing a page, post, video, story or other content associated with a page
• Interacting with a story
• Following or unfollowing a page
• Liking or unliking a page or post
• Recommending a page in a post or comment
• Commenting on, sharing or reacting to a page's post (including the type of reaction)
• Hiding a page's post or reporting it as spam
• Hovering over a link to a page or a page's name or profile picture to see a preview of the page's content
• Clicking on the website, phone number, Get Directions button or other button on a page
• Having a page's event on screen, responding to an event including type of reaction, clicking on a link for event tickets
• Starting a Messenger communication with the page
• Viewing or clicking on items in page's shop
Processing of the visitors’ data serves for providing the page and for statistical analysis of the page usage. These analysis data for e.solutions are anonymised. The legal basis for data processing is Art. 6(1)(f) GDPR. The legitimate interests with regard to the processing of personal data when visiting the page and the creation of “page insights” are the following:
Communication and interaction with interested persons and customers; dissemination of information; anonymised analysis and presentation of the fan page usage.
When you visit our Facebook fan page, Facebook collects, among other things, your IP address and further information available as cookies on your terminal device. This information is used to provide us being the owners of the Facebook page with statistical information on the utilisation of the Facebook page. In this context, we do not receive any personal data from Facebook.
The data collected about you in this context are processed by Facebook and transferred by Facebook to countries outside the European Union and the European Economic Area on the basis of the adequacy decision for the USA and Facebook’s certification under the Data Privacy Framework (the certification is available at the following URL: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active). What kind of information is collected by Facebook, how it is used and how data are transferred is described by Facebook in general terms in its privacy policy. It also includes information about how to contact Facebook and about setting options for ads. Facebook’s privacy policy is available at the following link: https://www.facebook.com/about/privacy.
If you wish to exercise a data subject right under the GDPR (all of which are listed below), please note that we will not be able to completely comply with all these rights. Therefore, it would certainly be more effective for you to contact Facebook directly. However, if you need help, feel free to contact us.
The respective responsibilities, in particular with regard to the safeguarding of data subject rights, between e.solutions and Facebook are specified in the page insights addendum (https://www.facebook.com/legal/terms/page_controller_addendum).
According to that, Facebook assumes the primary responsibility for compliance with the obligations under the GDPR with regard to the joint processing of “insights data”. This includes compliance with the following data subject rights:
• right of access (Art. 15 GDPR);
• right to erasure (Art. 17 GDPR);
• right to restriction of processing (Art. 18 GDPR);
• right to data portability (Art. 20 GDPR); and
• right to object (Art. 21 GDPR).
Further details about how to exercise these rights are provided by Facebook in the “Information about Page Insights Data”: https://www.facebook.com/legal/terms/information_about_page_insights_data
II. e.solutions’ sole responsibility
Apart from that, e.solutions is also solely responsible for certain data processing on the Facebook fan page. This is the case when our employees communicate with the Facebook users. Then, we process the following personal data:
• Profile name and data provided by the user in the course of the communication, e.g., for service request processing.
Processing is carried out for the purpose of responding to your request, communicating with you, and publishing information on e.solutions’ events, products, and services. The legal basis of the processing is Art. 6(1)(b) GDPR, provided that a contract with the Facebook user is in the making or concluded. Otherwise, Art. 6(1)(f) GDPR is the legal basis. The legitimate interest is to effectively inform the users, customers, and interested persons and to communicate with these persons.
A link to this data privacy statement is also available on our Facebook fan page under “Page info”.
E. LinkedIn
e.solutions operates a web page at LinkedIn, provided on the platform owned by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter referred to as “LinkedIn”), in order to present e.solutions as a company and, for example, to make contact with job applicants and interested persons. To be able to provide this web page, e.solutions resorts to LinkedIn’s technical platform and services.
I. Joint responsibility with LinkedIn (“page insights”)
Joint responsibility of e.solutions and LinkedIn only applies to the processing of “insight data” insofar as these data are used to create “page insights”.
For the purpose of their joint responsibility, e.solutions and LinkedIn concluded an agreement which is available at: https://legal.linkedin.com/pages-joint-controller-addendum (“Page Insights Joint Controller Addendum”). The agreement refers to such data collected in connection with a visit to or an interaction with our LinkedIn page, however, only insofar as these data are processed (afterwards) for “page insights”. “Page insights” cover analytics services helping us to better understand interactions with our pages. The purpose of data processing is the creation of aggregated statistics for us as page operator.
When you visit our LinkedIn page, follow us or interact with our LinkedIn page, LinkedIn uses information on that for the creation of “page insights”. Furthermore, information from your LinkedIn profile (position in the company, country, branch of industry, professional experience, company size, employment status) is used for “page insights” as well. LinkedIn informs you about that in “2.8 Insights That Do Not Identify You” of LinkedIn’s Privacy Policy, which is available at: https://www.linkedin.com/legal/privacy-policy.
Processing of the data of the visitors to our LinkedIn page serves for providing this page and for statistical analysis of the page usage. These analysis data for e.solutions are anonymised. The legal basis for data processing is Art. 6(1)(f) GDPR. The legitimate interests with regard to the processing of personal data when visiting the page and the creation of “page insights” are the following:
Communication and interaction with interested persons and job applicants; dissemination of information; anonymised analysis and presentation of the LinkedIn page usage.
When you visit our LinkedIn page, LinkedIn collects, among other things, your IP address and further information available as cookies on your terminal device. In this context, we do not receive any personal data from LinkedIn.
The data collected about you are processed by LinkedIn and transferred by LinkedIn to countries outside the Eu-ropean Union and the European Economic Area (EEA). LinkedIn provides information on how data are transferred by LinkedIn from the EU, EEA, Switzerland, and Great Britain at the following URL: https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=en. LinkedIn is certified under the Data Privacy Framework (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000L0UZAA0&status=Active). Data transfers to the USA are based on the adequacy decision and LinkedIn's certification under the Data Privacy Framework or on the basis of the EU stand-ard data protection clauses (Implementing Decision (EU) 2021/914 of 4 June 2021). The standard data protection clauses agreed with LinkedIn are part of the data processing agreement concluded with LinkedIn, which is available at the following URL: https://www.linkedin.com/legal/l/dpa
LinkedIn agreed to take responsibility under the GDPR for the provision of “page insights” and to comply with all applicable obligations under the GDPR with respect to the processing of data for the creation of “page insights”. This includes, but is not limited to, Articles 12-22 and Articles 32-34 of the GDPR. LinkedIn ensures, in particular, that you are informed about the data being processed and supports you in exercising your data subject rights.
If you wish to exercise a data subject right under the GDPR, please note that we will not be able to completely comply with all these rights. Therefore, it would certainly be more effective for you to contact LinkedIn directly. However, if you need help, feel free to contact us.
The respective responsibilities, in particular with regard to the safeguarding of data subject rights, between e.solutions and LinkedIn are specified in the “Page Insights Joint Controller Addendum“ (https://legal.linkedin.com/pages-joint-controller-addendum). Further details about how to exercise these rights are provided by LinkedIn in “5.5 Contact Information” of LinkedIn’s Privacy Policy, which is available at the following URL: https://www.linkedin.com/legal/privacy-policy.
II. e.solutions’ sole responsibility
Apart from that, e.solutions is also solely responsible for certain data processing on the LinkedIn page. This is the case when our employees communicate with the LinkedIn users. Then, we process the following personal data:
• Profile name and data provided by the user in the course of the communication as well as data stored as visible in the LinkedIn profile, for example, in order to process requests.
Processing is carried out for the purpose of responding to your requests, communicating with you, and publishing information on e.solutions’ available job offers, products, and services. The legal basis of the processing is, on the one hand, Art. 6(1)(b) GDPR, provided that a contract with the LinkedIn user is in the making (e.g., an employment contract or the start of an application procedure) or concluded. On the other hand, in other cases, Art. 6(1)(f) GDPR is the legal basis. The legitimate interest is to effectively inform the users, job applicants, and interested persons and to communicate with these persons.
A link to this data privacy statement is also available on our LinkedIn page under “About us”.
F. Online presence on further social media platforms (Indeed, Kununu, X (formerly Twitter), XING, and YouTube)
I. Market research and advertising purposes of the social media platforms
We maintain further online presences within social networks and platforms in order to communicate with customers, interested persons, and users who are active there and to inform them about our services there. When you visit our online presences, please note that the users’ personal data are processed there by the respective social media platform for market research and advertising purposes. For these purposes, cookies are usually stored on the users’ computers, in which the users’ behaviour and interests are stored. Furthermore, data can also be stored in the usage profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to these). The respective platform provides us with these user data in an anonymised and aggregated form for analysis. Our legal basis with regard to this data processing is Art. 6(1)(f) GDPR. Our legitimate interest is to effectively inform the users of the networks and platforms and to communicate with the users.
Please note that, in the case of requests for information and the enforcement of users’ rights, directly contacting the providers will be most effective. The respective providers have direct access to the users’ data and can directly take corresponding measures and provide information. However, if you need help, feel free to contact us.
The data collected by the social media platforms are also partially processed by the platform providers outside the European Union and the EEA. The social media platform providers usually use appropriate safeguards (Art. 46(1) GDPR) or derogations for specific situations (Art. 49(1) GDPR) as a mechanism for such data transfers. For data transfers to the USA, the legal basis is sometimes also the adequacy decision in combination with a certification of the operator of a network or platform under the Data Privacy Framework. For more detailed information on data transfers by the providers and for a detailed description of the respective processing and opt-out options, please refer to the providers’ details linked below.
•·Indeed Ireland Operations Ltd., 124 St. Stephen’s Green, Dublin 2, Ireland; https://hrtechprivacy.com/brands/indeed#privacypolicy (the certifications of the American Indeed entities under the Data Privacy Framework are available at the following URL: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnW1AAK&status=Active);
• Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; https://twitter.com/en/privacy;
•·XING and Kununu (New Work SE, Am Strandkai 1, 20457 Hamburg, Germany) – Privacy Policy: https://privacy.xing.com/en/privacy-policy; and
According to Twitter, it transfers personal data on the basis of the EU standard data protection clauses (Implementing Decision (EU) 2021/914 of 4 June 2021; twitter.com/en/privacy;
• YouTube, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; policies.google.com/privacy.
II. Contact with the users
e.solutions is also responsible for data processing when users contact our employees on the platforms stated above. In this case as well, the profile name and any data provided in the course of communication are processed by e.solutions to respond to a request.
Processing is carried out for the purpose of responding to your requests, communicating with you, and publishing information on e.solutions’ events, products, and services. The legal basis of the processing is Art. 6(1)(b) GDPR, provided that a contract with the Facebook user is in the making or concluded. Otherwise, Art. 6(1)(f) GDPR is the legal basis. The legitimate interest is to effectively inform the users, customers, and interested persons and to communicate with these persons.
A link to this data privacy statement is also available in the page information on the respective social media presence.
G. Application via a social media platform
You have the option of applying to us via a social media platform. In this case, we store the data and documents sent by you for subsequent checking and possible further use for the application process and the decision on the establishment of an employment relationship. We use the applicant management tool “onlyfy one” from New Work SE (Am Strandkai 1, 20457 Hamburg, Germany), in which your application information is stored. We inform you about data processing using onlyfy one and other processing activities in the application process in our data privacy statement for application procedures, which is available here.
H. Data subject rights
Provided that a sole responsibility applies, e.solutions will give you information about the personal data concerning you stored at e.solutions pursuant to Art. 15 GDPR at any time on request. Moreover, you may have your personal data rectified pursuant to Art. 16 GDPR, erased pursuant to Art. 17 GDPR, or restrict their processing pursuant to Art. 18 GDPR by e.solutions at any time. Pursuant to Art. 20 GDPR you have the right to have delivered to you or to a third party data that we process automatically based on your consent or to perform a contract in a commonly used and machine-readable format. If you demand direct transmission of the data to another controller, this will only be done if it is technically feasible. Excluded from erasure are only those data which e.solutions requires to accomplish yet outstanding tasks or to assert existing rights and claims and data that must be kept by e.solutions due to statutory regulations. Such data will be made unavailable, however.
Moreover, pursuant to Art. 77 GDPR you have the right to lodge a complaint with a data protection supervisory authority.
If you gave e.solutions your consent to the processing of personal data within the framework of the usage of e.solutions’ services, you may revoke this consent at any time pursuant to Art. 7(3) GDPR. The revocation may be sent by e-mail to the following e-mail address: datenschutzbeauftragter@esolutions.de or in writing to the address stated above. The effects of the revocation are restricted to the storage and usage of personal data that may not be stored and used even without your consent due to legal permissions. Such a revocation will affect the admissibility of the processing of your personal data after you have expressed it to us. Please note, however, that in this case processing of the relevant data will no longer be possible in the future.
If and when the processing of your personal data is based on the weighing of interests, you may object to the processing pursuant to Art. 21 GDPR. This is the case especially if the processing is not required to perform a contract with you. If you lodge such an objection, please state the reasons why we should not process your personal data as we do. In the case of your justified objection, we will examine the facts and either stop or adapt the data processing or present to you our compelling legitimate grounds due to which we will continue the processing. If you exercise your right to object, the controller will no longer process your personal data unless compelling legitimate grounds for the processing apply which override your interests, rights, and freedoms, or the processing serves for the establishment, exercise, or defence of legal claims.