1 Introduction
metru, M7 19-20, 68161 Mannheim (hereinafter referred to as "metru", "we", "us") operates the website "metru" under the domain: www.metru.io. On the web portal, companies can carry out employer branding, create job advertisements and receive and manage applications. Candidates can create and send application profiles including videos. metru processes personal data as part of this activity on behalf of and for the purposes of these companies and candidates. Thank you for your interest in our company. This privacy policy applies to all services associated with metru and their applications. Data protection is of a particularly high priority for metru. It is possible to use the metru.io website without providing any personal data.
However, if a data subject wishes to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to metru.io.
By means of this data protection declaration, we would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this privacy policy.
As the controller, metru has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.
2 Definitions
Our data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
2.1 Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.2 Data subjects
A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
2.3 Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2.4 Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.
2.5 Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
2.6 Pseudonymization
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
2.7 Controller or data processor
The controller or data processor is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
2.8 Processor
A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
2.9 Recipient
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
2.10 Third Parties
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
2.11 Consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
3 Name and address of the controller
The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is
metru
M7 19
68161 Mannheim
Germany
Phone: +49 221 899 94 254
E-mail: office@metru.io
Website: www.metru.io
If you wish to object to the collection, processing or use of your data in accordance with this privacy policy as a whole or for individual measures, you can send your objection by e-mail or letter to the contact details just mentioned. This also applies to all other questions regarding the collection, processing and use of your personal data.
4 Address of the data protection officer
metru
Data protection officer
M7 19
68161 Mannheim
Germany
Phone: +49 221 899 94 254
E-mail: datenschutz@metru.io
5 Cookies
The Internet pages of metru use cookies. Cookies are text files that are placed and stored on a computer system via an Internet browser, and many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified via the unique cookie ID.
Through the use of cookies, we can provide the users of this website with more user-friendly services that would not be possible without the cookie setting, so that the information and offers on our website can be optimized for the user. By means of a cookie, the information and offers on our website can be optimized for the user. As already mentioned, cookies enable us to recognize the users of our website.
The purpose of this recognition is to make it easier for the user to use our website. For example, the user of a website that uses cookies does not have to re-enter their access data each time they visit the website, as this is taken over by the website and the cookie is stored on the user's computer system. Another example is the cookie of a shopping cart in an online store. The online store uses a cookie to remember the items that a customer has placed in the virtual shopping cart.
The data subject can prevent the setting of cookies by our website at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.
The setting of cookies is not subject to consent and, as already mentioned above, can only be prevented via the settings of the Internet browser used. Cookies that are used to analyze user behavior on our website are only set with your consent. If we use cookies that require consent, a cookie banner will appear on your first visit to our website asking for your consent to the use of cookies that require consent.
6 Collection of general data and information
Our website collects a series of general data and information each time a data subject or automated system accesses it. This general data and information is stored in the server log files.
The (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called (4) the sub-websites which are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information which serve to avert danger in the event of attacks on our information technology systems.
When using these general data and information, metru does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, metru analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
6.1 What information do we collect?
The use of metru services, e.g. via the candidate profile, requires the processing of personal data. This requires registration, during which name, e-mail address, a password and possibly other personal data are requested. The data we collect depends on how our services are used.
By agreeing to this privacy policy, you consent to metru storing your data collected during the application process and forwarding it exclusively to the company to which your application is addressed for application purposes. You agree that metru and the company to which you are applying may store and use the applicant data beyond the end of the specific application process in order to contact you at a later date if you are considered for another position. A video interview recorded during the application process is excluded from this and will be deleted no later than 2 months after the end of the specific application process.
By conducting and recording a video interview, you also consent to the processing of the corresponding voice recording as described below. Your voice recording will be transcribed. The applicant data provided during the recording (surname, first name, email address and gender) will also be processed.
The voice recording will be processed by PRECIRE Technologies GmbH, Charlottenburger Allee 40, 52068 Aachen, Germany on behalf of metru after notification and consent before the start of the video interview.
The transcript created from your voice recording is evaluated as part of an automated process. The transcript is evaluated with regard to certain language features by comparing it with a reference set. The result is a categorization according to various communicative behaviors (so-called profiling), which allows conclusions to be drawn about the applicant's communicative competence. This result and the conclusions drawn from it are forwarded to the company to which you are applying. This evaluation is only carried out after notification and consent.
6.2 Registration on our website
The data subject has the possibility to register on the website of the controller by providing personal data. Which personal data is transmitted to the controller is determined by the respective input mask used for registration. The following personal data is collected to create an applicant profile: First name, last name, e-mail address, password.
The following data is also collected to create a company account: Company name, industry, number of employees. The password will not be accessible under any circumstances and at any time. metru will not pass this data on to third parties and/or make it available to third parties in any other way.
The personal data entered by the data subject is collected and stored exclusively for internal use by the controller and for its own purposes. The controller may arrange for the data to be passed on to one or more processors, such as a parcel service provider or an IT service provider, who will also use the personal data exclusively for internal use attributable to the controller.
When registering on the controller's website, the IP address of the data subject assigned by the Internet service provider (ISP), the date and time of registration are also stored.
The storage of this data takes place against the background that this is the only way to prevent the misuse of our services and, if necessary, to enable the investigation of criminal offenses committed. In this respect, the storage of this data is necessary for the protection of the data controller. This data will not be passed on to third parties unless there is a legal obligation to pass it on or it serves the purpose of criminal prosecution.
The registration of the data subject with the voluntary provision of personal data serves the purpose of the controller to offer the data subject content or services which, due to the nature of the matter, can only be offered to registered users. Registered persons are free to change the personal data provided during registration at any time or to have it completely deleted from the controller's database.
The registration of the data subject with the voluntary provision of personal data serves the purpose of the controller to offer the data subject content or services which, due to the nature of the matter, can only be offered to registered users. Registered persons are free to change the personal data provided during registration at any time or to have it completely deleted from the controller's database.
6.3 Information that you provide to us
We collect content, data and other information that you provide to us in order to use our products. This includes the aforementioned registration data for creating an account on our website, creating a profile and providing profile information (education, highest degree, type of employment sought), as well as exchanging messages, uploading documents and sending information. There is also metadata, such as the date on which a photo or file was created. Our systems process and store your information, but do not use it for analysis purposes.
6.4 KPIs and connections
We collect information about applications you send, people you are connected to and interactions that take place on your profile. This includes who visits your profile, how many views your profile or profile video has.
6.5 Information about you based on the activities of others
We receive information about you that other people provide. For example, when your profile is commented on or a message is sent to you.
6.6 How do we use this information?
The purpose of processing and data collection is to provide our services. We also use your data to contact you. For example, to inform you about our products or about policies and terms of use. We also use your information when you contact us to respond to you. If we want to use your data in a way that goes beyond what is described in the privacy policy, we will obtain your express consent in advance.
6.7 How is this data passed on? Who receives data about you?
When you use our metru portal, you decide with whom you share this information. For example, if you send your profile to a company via a link, you decide that this company and the people associated with it will have access to your information. They will be able to view your information associated with metru. We only pass on your personal data to third parties if this is necessary to fulfill our own business purposes, i.e. in particular to provide the services owed to you. In particular, we exchange data between applicants and companies that are intended for the application (e.g. if we make your profile available to another user), and we also pass on your data if you have previously expressly consented to this (e.g. after completion of a video interview) or if we are obliged to do so by law or by court or official order.
6.7.1 IT service provider
We are supported in the provision of our services by subcontractors as IT service providers and as part of hosting services. These are based in Germany. If other processors are commissioned with maintenance work, they may gain access to your data as part of their activities. In such a case, metru contractually obliges the processors to comply with the applicable data protection regulations and the provisions on data protection and confidentiality in accordance with this agreement.
6.8 Content that others share about you
Consider carefully who you share content with. People and companies to whom you send your content can share it with other people and companies.
6.9 New owner
If the ownership or control of all or part of our products or their assets changes, we may transfer your data to the new owner.
7 Contact via the website
Due to statutory provisions, the website of metru contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the data controller by e-mail or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the controller are stored for the purposes of processing or contacting the data subject. This personal data is not passed on to third parties.
8 Third-party services
8.1 Third-party services
We use Google Maps on our website. This service is provided by Google Maps (API) of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Maps is used to provide you with geographical information to show you our location so that you can better plan your trip.
The legal basis for the use of Google Maps is our legitimate interest in accordance with Art. 6 (1) f) GDPR.
The terms of use for Google Maps can be found at
https://www.google.com/intl/de_US/help/terms_maps.html.
Ausführliche Information on data protection in connection with the use of Google Maps can be found on the Google website ("Google Privacy Policy"): http://www.google.de/intl/de/policies/privacy/http://www.google.de/intl/de/policies/privacy/
8.2 Verwendung von Google Fonts
We use external fonts, so-called web fonts, for the uniform display of fonts. Google is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The legal basis for the use of the service is Art. 6 para. 1 f) GDPR. Our legitimate interest is to be able to present the fonts to you in a standardized form.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/
8.3 Hubspot
We use the service provider HubSpot as part of our online marketing. This is an integrated software solution that we use to cover various aspects of our online marketing.
Visitors to our website can use the login service to find out about companies, download content and send us their contact details. This information is stored on the servers of our software partner Hubspot. This enables us to contact visitors to our website and find out which of our company's services might be of interest to them. In doing so, we always comply with the requirements of the General Data Protection Regulation (GDPR).
The legal basis for the use of the service here is Art. 6 para. 1, in particular lit. a), and f) GDPR. We have the necessary data processing agreement with Hubspot in accordance with Art. 28 GDPR.
Further information can be found at: https://legal.hubspot.com/privacy-policy HubSpot is headquartered in Cambridge, Massachusetts, USA and has a branch in Ireland.
Contact: HubSpot, Ground Floor, Two Dockland Central Guild Street, Dublin 1, Irland, www.hubspot.de.
8.4 Social Plugins
We have not integrated any social media plugins on our website that load data directly from the servers of the respective social media providers. The integrated "plugins" are simple links to the respective third-party sites. There is therefore no transmission of personal data to the operator of the social media service through the plugins.
8.5 YouTube
We also link to YouTube, LLC. If you click on this link, you will leave our website and establish a direct connection between your browser and the YouTube servers. Further information on data processing at You Tube LLC can be found here: https://policies.google.com/privacy?hl=de&gl=de
8.6 Google Analytics
We use the service of Google Inc. ("Google") on our website. Google Analytics uses so-called "cookies", text files that are stored on your computer.
The information collected by the cookies is generally sent to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Google will use this information on behalf of the operator of this website. In exceptional cases, the full IP address may be transmitted to a Google server in the USA and truncated there. Your use of the website is analyzed for the purpose of compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You have the option of preventing the storage of cookies on your device by making the appropriate browser settings. In this case, you may not be able to use all the functions of this website.
You can also use a browser plugin to prevent the information collected by cookies (including your IP address) from being sent to Google Inc. and used by Google Inc.
You can find the corresponding plugin at:
https://tools.google.com/dlpage/gaoptout?hl=de Google Analytics cookies are stored on the basis of Art. 6 para. 1 lit. a GDPR.
Information about Google: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland
Here you will find further information on the use of data by Google Inc:
https://support.google.com/analytics/answer/6004245?hl=de Further information on data protection from Google:
https://policies.google.com/privacy
8.7 Facebook Pixel
We use the "conversion pixel" or visitor action pixel of Facebook Inc, 1601 S. California ave, Palo Alto, CA 94304, USA ("Facebook") on our website. In the event that you purchase a product on our website, for example, the Facebook pixel is triggered and stores your activities on our website in one or more cookies. These cookies enable Facebook to match your user data (customer data such as IP address, user ID) with your Facebook account data. This data is deleted by Facebook after a certain period of time. This collected data is not visible to us as it is anonymized and is only used in the context of advertisements.
Our aim is to show our services and products only to those people who are interested in them.
With Facebook pixels, we are able to better tailor our advertising measures to your wishes and interests. In this way, Facebook users, provided they have given their consent, see suitable advertising. In addition, Facebook uses the data collected for analysis purposes and its own advertisements.
You can find more information about Facebook on their data protection information at
https://www.facebook.com/about/privacy/.
If you wish to withdraw your consent to the conversion pixel, please go to
https://www.facebook.com/settings?tab=ads
8.8 TikTok Pixel
Our website uses the so-called "TikTok pixel" of the social network TikTok, which is operated by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok"). With the help of this technology, it is possible for TikTok to determine you as a visitor to our online offer as a target group for the display of advertisements (so-called "TikTok ads"). We therefore use the TikTok pixel to show the TikTok ads placed by us only to those who we have already identified as being interested in our online offering. With this information, TikTok (so-called "Custom Audience") can ensure that our TikTok ads correspond to the potential interest of users and are not annoying. With the help of the Tik Tok pixel, we are also able to track the effectiveness of TikTok ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Tik Tok ad (so-called "conversion") Information on the use of data by TikTok can be found at: https://www.tiktok.com/legal/privacy-policy?lang=de
Further information on the Tik Tok Pixel can be found at: https://www.tiktok.com/legal/tiktok-website-cookies-policy?lang=de
The legal basis for the use of the TikTok pixel and the storage of "conversion cookies" is Art. 6(1)(a) GDPR.
8.9 Partner offers
We have integrated offers from partners on our website. These are identified by corresponding graphic symbols. The partners alone are responsible for these offers. We do not collect or transmit any personal data to these partners for these partner offers either. When you click on these partner offers, you leave our website and establish a direct connection between your browser and the partner offers. Detailed information on the data processing procedures can be found in the privacy policy of the respective partner offer.
9 Rights of the data subject:
9.1 Right to confirmation
Each data subject shall have the right granted by the European legislator to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to avail himself of this right of confirmation, he or she may, at any time, contact our Data Protection Officer or another employee of the controller.right to confirmation
9.2 Right to information
Any person affected by the processing of personal data has the right granted by the European legislator of directives and regulations to receive information free of charge at any time from the controller about the personal data stored about him/her and a copy of this information.
In addition, the European legislator has granted the data subject the right of access to the following information
- the purposes of the processing
- the categories of personal data processed
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular to recipients in third countries or to international organizations
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
- the existence of the right to lodge a complaint with a supervisory authority
- if the personal data are not collected from the data subject: all available information about the origin of the data
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Furthermore, the data subject has the right to obtain information as to whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate guarantees in connection with the transfer. If a data subject wishes to avail himself of this right of access, he or she may, at any time, contact our Data Protection Officer or another employee of the controller.
9.3 Right to correction
Any person affected by the processing of personal data has the right granted by the European legislator of directives and regulations to demand the immediate correction of incorrect personal data concerning them. Furthermore, taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement If a data subject wishes to exercise this right to rectification, he or she may at any time contact our Data Protection Officer or another employee of the controller.
9.4 Right to erasure (right to be forgotten)
Each data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary
- The personal data have been collected or otherwise processed for purposes for which they are no longer necessary.
- The data subject withdraws consent on which the processing is based according to Art. 6 (1) (a) GDPR, or Art. 9 (2) (a) GDPR, and where there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) GDPR.
- The personal data have been processed unlawfully.
- The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
- The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by metru, he or she may at any time contact our Data Protection Officer or another employee of the controller. The Data Protection Officer of metru or another employee shall promptly ensure that the erasure request is complied with immediately.
If the personal data has been made public by metru and if our company as the controller is obliged to erase the personal data pursuant to Article 17(1) GDPR, metru shall take appropriate measures, including technical measures, taking into account the available technology, to inform other controllers processing the published personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data, unless the processing is necessary. The Data Protection Officer of metru or another employee will arrange the necessary measures in individual cases.
9.5 Right to restriction of processing
Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
- The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims.
- The data subject has objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
9.6 Right to data portability
Each data subject shall have the right granted by the European legislator to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Ferner hat die betroffene Person bei der Ausübung ihres Rechts auf Datenübertragbarkeit gemäß Art. 20 Abs. 1 DSGVO das Recht, zu erwirken, dass die personenbezogenen Daten direkt von einem Verantwortlichen an einen anderen Verantwortlichen übermittelt werden, soweit dies technisch machbar ist und sofern hiervon nicht die Rechte und Freiheiten anderer Personen beeinträchtigt werden.
Um das Recht auf Datenübertragbarkeit geltend zu machen, kann sich die betroffene Person jederzeit an den von metru bestellten Datenschutzbeauftragten oder einen anderen Mitarbeiter wenden.
9.7 Recht auf Widerspruch
Jede von der Verarbeitung personenbezogener Daten betroffene Person hat das vom Europäischen Richtlinien- und Verordnungsgeber gewährte Recht, aus Gründen, die sich aus ihrer besonderen Situation ergeben, jederzeit gegen die Verarbeitung sie betreffender personenbezogener Daten, die aufgrund von Art. 6 Abs. 1 DSGVO erfolgt, Widerspruch einzulegen. Dies gilt auch für ein auf diese Bestimmungen gestütztes Profiling.
metru verarbeitet die personenbezogenen Daten im Falle des Widerspruchs nicht mehr, es sei denn, wir können zwingende schutzwürdige Gründe für die Verarbeitung nachweisen, die den Interessen, Rechten und Freiheiten der betroffenen Person überwiegen, oder die Verarbeitung dient der Geltendmachung, Ausübung oder Verteidigung von Rechtsansprüchen.
Verarbeitet metru personenbezogene Daten, um Direktwerbung zu betreiben, so hat die betroffene Person das Recht, jederzeit Widerspruch gegen die Verarbeitung der personenbezogenen Daten zum Zwecke derartiger Werbung einzulegen. Dies gilt auch für das Profiling, soweit es mit solcher Direktwerbung in Verbindung steht. Widerspricht die betroffene Person gegenüber metru der Verarbeitung für Zwecke der Direktwerbung, so wird metru die personenbezogenen Daten nicht mehr für diese Zwecke verarbeiten.
Darüber hinaus hat die betroffene Person das Recht, aus Gründen, die sich aus ihrer besonderen Situation ergeben, gegen die sie betreffende Verarbeitung personenbezogener Daten, die bei metru zu wissenschaftlichen oder historischen Forschungszwecken oder zu statistischen Zwecken gemäß Art. 89 Abs. 1 DSGVO erfolgen, Widerspruch einzulegen, es sei denn, eine solche Verarbeitung ist zur Erfüllung einer im öffentlichen Interesse liegenden Aufgabe erforderlich.
Zur Ausübung des Rechts auf Widerspruch kann sich die betroffene Person direkt an den Datenschutzbeauftragten von metru oder einen anderen Mitarbeiter wenden. Der betroffenen Person steht es ferner frei, im Zusammenhang mit der Nutzung von Diensten der Informationsgesellschaft, ungeachtet der Richtlinie 2002/58/EG, ihr Widerspruchsrecht mittels automatisierter Verfahren auszuüben, bei denen technische Spezifikationen verwendet werden.
9.8 Automated decisions in individual cases, including profiling
Each data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, unless the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is based on the data subject's explicit consent.
If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject's explicit consent, metru shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision. If the data subject wishes to exercise the rights concerning automated individual decision-making, he or she may at any time directly contact our Data Protection Officer of the controller or another employee of the controller.
9.9 Right to withdraw consent under data protection law
Any person affected by the processing of personal data has the right granted by the European directive and regulation giver to revoke consent to the processing of personal data at any time.
If the data subject wishes to exercise their right to withdraw consent, they may contact our data protection officer or another employee of the controller at any time.
9.10 Right to lodge a complaint with a supervisory authority
If you believe that the processing of your personal data by metru is unlawful, you have the right to lodge a complaint with a supervisory authority.
The competent supervisory authority within the meaning of Art. 55 GDPR is the
State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
P.O. Box 10 29 32
70025 Stuttgart
Telephone: 0711 / 61 55 41 - 0
Fax: 0711 / 61 55 41 - 15
E-mail: poststelle@lfdi.bwl.de
10 Data protection for applications and in the application process
The controller collects and processes personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits relevant application documents to the controller by electronic means, for example by e-mail or via a web form on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents are automatically deleted two months after notification of the rejection decision, provided that the deletion does not conflict with any other legitimate interests of the controller. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).
11 Legal basis of the processing
Article 6 I lit. a GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service or consideration, the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, for example in the case of inquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may become necessary in order to protect the vital interests of the data subject or another natural person.
This would be the case, for example, if a visitor were injured on our premises and as a result their name, age, health insurance details or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d GDPR. Finally, the processing operations could be based on Art. 6 I lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the aforementioned legal bases if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. We are permitted to carry out such processing operations in particular because they have been expressly mentioned by the European legislator. In this respect, it has taken the view that a legitimate interest can be assumed if the data subject is a customer of the controller (Recital 47, Sentence 2 GDPR).
12 Legitimate interests in the processing by the controller or a third party
Where the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is to carry out our business activities for the benefit of the well-being of all our employees and our shareholders.
13 Duration of storage of personal data
We store your data until it is no longer needed for the provision of our services and metru products or until your account is deleted, whichever comes first. This is a case-by-case decision and depends on things such as the type of data, the reason for collecting and processing the data and the relevant legal or operational storage requirements. For example, if you create and send a video application on metru, the sent video application will be deleted after 2 months. If you submit a copy of your official ID for the purpose of account verification, we will delete this copy 30 days after submission. If you delete your account, we will delete the data you have saved, such as photos and videos as well as personal data. You will not be able to recover this information afterwards. Information that others have shared about you does not belong to your account and will not be deleted. To delete your account at any time, please contact office@metru.io. In addition, the criterion for the duration of the storage of personal data is the respective statutory retention period. Once this period has expired, the corresponding data is routinely deleted, provided it is no longer required for the fulfillment or initiation of a contract.
14 Legal or contractual regulations on the provision of personal data; necessity for the conclusion of the contract
Legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision. We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. information on the contractual partner). Sometimes it may be necessary for a contract to be concluded for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before the data subject provides personal data, the data subject must contact our data protection officer. Our data protection officer will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.
15 How do we notify you of changes to this policy?
We will notify you before we make any changes to this policy and give you the opportunity to review the revised policy before you decide to continue using our products.