Data Protection

Basic principles

We attach great importance to protecting your personal data. This means that we save, edit and delete your personal data only on the basis of the statutory provisions of the GDPR (General Data Protection Regulation) and the BDSG (Federal German Data Protection Act) in its revised version. In this information sheet on personal data protection, we brief you on the key aspects of data processing in connection with our website.

Your rights

On the basis of the statutory provisions you have the following rights vis-á-vis our company regarding your personal data:

  • right of information
  • right of rectification and deletion
  • right of limitation of processing
  • right to object to processing
  • right of data portability.

If in your opinion the processing of your data contravenes legislation on the protection of personal data or that your data protection rights are otherwise being infringed, you may consult the data protection authorities that have jurisdiction over our company.

Responsible regulatory agency

Der Landesbeauftragte für den Datenschutz
und die Informationsfreiheit Baden-Württemberg
Königstrasse 10a, 70173 Stuttgart, Tel.: 0711/615541-0
poststelle@lfdi.bwl.de

Responsible company officer

Responsible for protection of personal data within our company is:

Dr. Werner Brettreich-Teichmann
Fichtner GmbH & Co. KG
Sarweystrasse 3 · 70191 Stuttgart · Germany
datenschutzbeauftragter@fichtner.de

Contact via e-mail and contact form

If you contact us by filling out the form on the website or via e-mail, the data you transmit will be kept by us for six months to process your inquiry and to respond to any follow-up queries and will be processed by the employees responsible depending on the matter at hand. Any further processing of your data will be carried out exclusively in accordance with the rules of the GDPR.

Encryption

To ensure protection of your personal data for further transmission, we use TLS encryption (Transport Layer Security).

Use of cookies

Our website uses "cookies". These are small text files that are stored on your terminal device with the help of our browser. They are not harmful and their purpose is to render our services user-friendly. As a rule we use session cookies which will be automatically deleted when you exit our website. Other cookies will be stored on your computer until you delete them. They help to recognize your computer the next time you access our website. If you do not wish this, you can so configure your browser that you will be informed of the placement of cookies and will only accept these on a case-by-case basis.

Web analysis

Our website uses Matomo web analysis software. This software is installed on the web server of our service provider Mittwald (Mittwald CM Service GmbH & Co. KG, Königsberger Str. 4-6, 32339 Espelkamp. Germany, www.mittwald.de) . Matomo uses cookies that allow an analysis of how visitors use our website. The information thereby generated is transferred to the server of the service provider and there stored. Your IP address is recorded but is immediately pseudonymized by deleting the final two segments. Data processing is done on the basis of the statutory provisions of § 96 para. 3 of the German Telecommunications Act, TKG, as well as Art. 6 para. 1 f) (legitimate interest) of the GDPR.

When visiting the website, with the analysis software the following information is recorded by means of a Javascript tracker:

  • accessed page (URL)
  • browser type and version
  • operating system used
  • Referrer URL (the previously accessed page)
  • IP address of the accessing computer (pseudonymized by deleting the final two bytes)
  • date and time of the server inquiry
  • device type as well as browser type, version and language, operating system in use, set screen resolution
  • files that are opened or downloaded
  • outgoing links to other websites
  • visitor's geographical location: country, region, town and approximate geo-coordinates.

Management of job applications

So that we can ensure efficient processing of your job application, Fichtner deploys the online recruitment platform P&I Bewerber3 (P&I Personal & Informatik AG, Kreuzberger Ring 56, 65205 Wiesbaden, Germany). The service provider undertakes data processing on behalf and at the instruction of Fichtner and is subject to the relevant legal requirements on protection of personal data under Art. 28 of the General Data Protection Regulation (GDPR).

Use of data in connection with job applications

We use our online recruitment platform for registering and administering job applicants and for matching the requirements to the specific qualifications. This system means that we can offer you a position that precisely fits your professional profile. Your personal data will be collected, processed and used to the extent and over the time needed for the purpose of contract initiation (Art. 6 (1)(b) GDPR).

As a rule, the required personal data encompass the particulars that are usually contained in a CV together with those that are necessary for successful job placement. These comprise in particular: family name, given name, date of birth, address, contact data, educational details, qualifications and professional career, current professional situation, desired place of assignment, availability, and salary expectations as well as checklists on applicant interviews and formal assessment criteria we are required to observe.

The application entered into the system will be processed as quickly as possible by HR management. This also possibly includes forwarding of your data to the specialist department concerned and likewise the possibility of access by HR management staff in connection with personnel recruitment.

Data security

The particulars you enter into the online platform will be treated with absolute confidentiality. The electronic data transfer to the platform is encrypted.

Deletion of data

Your data will be stored as long as your application is included in the staff recruitment process. You can withdraw your application at any time. Further, you can delete your job application profile or request us to do so whenever you wish. Upon completion of the staff recruitment process or if you withdraw your application, your data will be deleted as required under the statutory provisions.

Use of web fonts

When calling up a page, your browser downloads the required external web fonts into your browser cache for correct display of texts and fonts. For this purpose, your browser must contact the servers of the web font provider. If your browser does not support this function, a standard font from your computer is used for the screen display. These web fonts are used in the interests of a uniform and appealing presentation of our online offers. This is a legitimate interest as defined by Art. 6 para. 1 lit. f of the GDPR. For a uniform presentation, use is made of external fonts from Fonts.com, a fonts service of Monotype GmbH, Werner-Reimers-Strasse 2-4, 61352 Bad Homburg, Germany or Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). You can find further information under www.monotype.com/legal/privacy-policy respectively www.google.com/intl/de/policies/privacy.

Google Maps

This website uses the Google Maps product from Google Inc. for the purposes of visually depicting geographical information. During the use of Google Maps, data relating to the website visitors’ use of the maps functions are also collected, processed and used by Google. You will find the terms of service for Google Maps at: “Google Maps Terms of Service” (https://www.google.com/intl/en_gb/help/terms_maps.html).

Use of social plug-ins

If for our website we make use of so-called "social plug-ins" of social networks like Twitter, LinkedIn, XING or Kununu, we incorporate these as follows. When you visit our website these social plug-ins are deactivated, which means there is no transmission of any data to the operators of these networks. If you would like to use one of these networks, click on the respective social plug-in to establish a direct connection to the one concerned. If you have a user account with the network and at the time of activating the social plug-in you are logged onto it, the network can assign your visit to our website to your account. If you wish to avoid this, log out of the network before activating the social plug-in. When you activate a social plug-in, the network transmits the contents that thus become available directly to your browser, which ties them into our website. In this situation, data transfers can also take place, which are initiated and controlled from the respective social network. For your connection to a social network, for the data transfers that take place between the network and your system as well as your interactions with this platform, the data protection regulations of the network concerned apply exclusively. The social plug-in remains active until you deactivate it or delete your cookies.

Here Maps

This website uses the Here Maps product from HERE Global B.V. for the purposes of visually depicting geographical information. During the use of Here Maps, data relating to the website visitors’ use of the maps functions are also collected, processed and used by HERE Global B.V. You will find the terms of service for HERE Global B.V. at: “Privacy Policy” (https://legal.here.com/en-gb/privacy).

Social Media

Fichtner IT Consulting GmbH operates the following social media pages:

LinkedIn: https://www.linkedin.com/company/fichtner-it-consulting-gmbh
Twitter: https://twitter.com/FIT_Fichtner
XING: https://www.xing.com/pages/fichtneritconsultinggmbh

Data processing on our social media pages is carried out in the interest of our public relations and communications, with the legal basis being Art. 6 (1) (1) (f) GDPR. The data you enter on our social media pages, such as comments, videos, images, likes, public messages, etc., will be published by the social media platform and will not be used or processed by us for any other purpose at any time. We only reserve the right to delete content if it is necessary to do so. We may share your content on our page if this is a feature of the social media platform and communicate with you through the social media platform. Besides us, there is also the operator of the social media platform itself. That operator is also another controller in this respect, who carries out data processing over which we, however, have only limited influence. At those points where we can exert influence and carry out data processing, we work towards data protection-compliant handling by the operator of the social media platform within the scope of the possibilities available to us. At many points, however, we cannot influence the data processing by the operator of the social media platform and also do not know exactly what data that operator is processing.

However, the operator informs you about this in its respective privacy policy:

LinkedIn: https://de.linkedin.com/legal/privacy-policy
Twitter: https://twitter.com/en/privacy
XING: https://privacy.xing.com/en/privacy-policy

If, in the context of joint controllership, you wish to object to a specific data processing over which we have no influence, or if you wish to exercise your data subject rights, please directly contact the platform operator or our responsible company officer. We will then seek to enforce your rights with the platform operator within the scope of our possibilities.

Digital workspace and collaboration

We provide secure digital work environments for distributed collaboration with our business partners. For this purpose, it is necessary to process personal data for service operation and contract fulfillment as well as a proper and efficient project performance. In addition, these services store transaction data to ensure the data privacy principles availability, confidentiality, integrity, and resilience. These data will be deleted upon completion of the project unless the storage is necessary to fulfill a legal obligation or to exercise or defend legal claims. We ensure that the services provided for this purpose are operated under the conditions and within the scope of EU-GDPR.

Data processing in the case of suppliers and business partners

References, CVs and declarations may need to be submitted and checked to enable proper processing of procurement and assignment procedures, suitability assessment and bid evaluation as well as the ascertainment of grounds for exclusion.

The purpose of the processing is the initiation or conclusion of a contract (Art. 6 (1) (b) GDPR). In exceptional cases, it will be due to an overriding business interest in accordance with Art. 6 (1) (f). If you do not provide required data, you will have to expect that your request cannot be processed or a contract cannot be concluded with you.

Market survey and contract initiation

Contact details and role in the procurement process for the purpose of making contact and allocating documents.

Request for proposal or invitation to tender

Depending on the subject matter, data necessary for contract award may be collected and processed in addition to contact details, e.g.:

  • project-related qualifications and CVs of relevant persons (e.g. project managers, instructors) as well as
  • contact details of the contact person for references named by the bidder.

Bid evaluation and contract award decision

As part of bid evaluation and contract award decision, it may be that interviews or presentations are recorded in writing as evidence of justification for the contract award. In individual cases, the authorship will be included as proof.

In special cases, audio or video recordings will be made of such presentations. You will be informed separately for this special case and will receive data protection information tailored to it.

Execution of an assignment, after sales service and continuation of a business relationship or performance of services

If you process personal data on our behalf in the context of a procurement or assignment, you are obliged to conclude an order processing agreement pursuant to Art. 28 GDPR in parallel to conclusion of the contract. In that agreement, you will be asked to name the recipient of the instructions or the person giving the instructions.

To support the proper and efficient handling of procurement and assignment procedures (contract execution, performance of services), we provide on a case-by-case basis a secure electronic working environment for distributed collaboration with our business partners (project management, collaboration and documentation), for access control authorizations (e.g. ID cards, locking system) or comparable situations. For this purpose, it is necessary to process personal data for the technical and professional operation of these platforms and the contractual purposes pursued with them. In doing so, we ensure that the project progresses in an orderly manner and that business relationships are documented. In addition, these platforms store transaction data to ensure the fundamental data protection principles of availability, confidentiality, integrity, and resilience as required by law.

Completion of a project or ending of a contractual relationship

The contract award documentation as well as the bids, requests to participate and their attachments must be retained for at least three years from the date of the award or until the end of the term of the contract and the related statutory retention periods.

Your other personal data will be deleted upon completion of the project, unless their storage is required for the fulfillment of a legal obligation or for the exercise or defense of legal claims.

Categories of recipients

We treat your data confidentially. Within our company, only those departments and employees who need to access your data in order to fulfill the above-mentioned purposes will have access to them. Personal data will be transmitted by us to third parties only if this is necessary for the aforementioned purposes and permitted by law or if you have given your prior consent (e.g. IT service providers as well as competent authorities).

If external service providers are involved as consultants in a contract award procedure, your personal data will also be passed on to them for the purpose of reviewing and evaluating the bids (Art. 6 (1) (f) GDPR).

If necessary, order processing agreements pursuant to Art. 28 GDPR will protect the legal necessities to process your data (e.g. for external consulting companies or our project platforms).