1. responsible party
The responsible party pursuant to Art. 4 (7) EU General Data Protection Regulation (DSGVO) is:
SOCA BUSINESS CONSULTING GmbH & Co.KG.
Große Hamburger Str. 31
2. information about the collection and storage of personal data
a) Access data and log files
Based on our legitimate interests according to Art. 6 para. 1 lit. f. DSGVO, we collect data about every access to the server on which this service is located (so-called server log files). This information is stored temporarily in a so-called log file. The access data includes the IP address of the requesting computer, date and time of access, name and URL of the accessed file, website from which the access is made (referrer URL), browser used and, if applicable, the operating system of your computer and the name of your access provider. Log file information is stored for security reasons and to ensure the functionality of our website for a maximum of seven days and then deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.
b) In addition to the aforementioned data, technically necessary and optionally, if you give your consent, technically unnecessary cookies are stored on your computer. Cookies are small text files that are assigned to the browser you are using on your hard drive and through which certain information flows to the body that sets the cookie. They serve to make the Internet offer as a whole more user-friendly and effective.
c) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.
d) If our service providers or partners are based in a country outside the European Union (EU) or the European Economic Area (EEA), we will inform you about the consequences of this circumstance at the appropriate place in this data protection declaration.
e) contacting us
For questions of any kind, we offer you the opportunity to contact us by e-mail or via a form provided on the website. In doing so, you must provide a valid e-mail address, your name and the content of your message so that we know who sent the inquiry and can respond to it. Further information (e.g. telephone number) can be provided voluntarily. Data processing for the purpose of contacting us is based on your voluntarily given express consent or in the context of pre-contractual measures (Art. 6 para. 1 lit. a) and b) DSGVO). We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are legal retention obligations.
We use the Content Delivery Network (CDN) of Cloudflare Inc. (101 Townsend St., San Francisco, CA 94107, USA) (Cloudflare) to increase the security and delivery speed of our website. This corresponds to our legitimate interest (Art. 6 para. 1 lit. f DSGVO). A CDN is a network of [globally] distributed servers that is able to deliver optimized content to the website user. For this purpose, personal data may be processed in server log files by Cloudflare.
You have the right to object to the processing. Whether the objection is successful is to be determined in the context of a balancing of interests.
Cloudflare keeps data logs only as long as necessary and this data is deleted within 24 hours in most cases. However, there is information that Cloudflare keeps indefinitely as part of its permanent logs in order to improve Cloudflare’s overall performance. However, this data is not personally identifiable and is anonymized by Cloudflare.
We have entered into an order processing agreement with Cloudflare. Cloudflare is also a certified participant of the “EU-US Privacy Shield Framework”. Cloudflare has committed to handling all personal data received from European Union (EU) member states in accordance with the “Privacy Shield Framework”.
For more information about Cloudflare’s security and privacy practices, please visit: https://www.cloudflare.com/privacypolicy/.
4. disclosure of data and transmission to third countries
a) Data is only passed on to third parties within the framework of legal requirements. We only pass on users’ data to third parties if this is necessary, for example, on the basis of Art. 6 para. 1 lit. b) DSGVO for contractual purposes or on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f. DSGVO in the economic and effective operation of our business. If we commission third parties to provide our services, we take appropriate legal precautions and corresponding technical and organizational measures to ensure the protection of personal data in accordance with the relevant statutory provisions. To this end, we have concluded commissioned data processing agreements with these providers in accordance with Art. 28 DSGVO, which ensure that the data processing is carried out in a permissible manner.
b) If content, tools or other means from other providers (hereinafter jointly referred to as “third party providers”) are used within the scope of this data protection declaration and their named registered office is located in a third country, it is to be assumed that a data transfer to the third party providers’ countries of domicile takes place. Third countries are countries in which the GDPR is not directly applicable law, i.e. countries outside the EU or the European Economic Area. The transfer of data to third countries takes place under the conditions of Art. 44 et seq. GDPR.
Some third countries are certified by the European Union through so-called adequacy decisions to have data protection comparable to the EEA standard. However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed.
This is possible via binding company regulations, standard contractual clauses of the European Commission for the protection of personal data pursuant to Art. 46 (1), (2) lit. c DSGVO, certificates or recognized codes of conduct.
a) We use links to content on websites of other website operators.
b) We have no influence on the data collected there or the data processing procedures, nor do we know the entire scope of the data collection, the purpose of the processing or the retention periods.
c) We also have no information about the deletion of the collected data by the linked provider. In this respect, we are not responsible under data protection law for the data processing on the linked website.
d) Further information on the purpose and scope of data collection and processing by the website operator can be found in the privacy statements of the respective websites. There you will also find further information about your rights in this regard and the settings options for protecting your privacy.
6. deletion of data
The data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations.
Your data will also be deleted if the processing was based on your consent and you have revoked it.
If the user data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for reasons of commercial or tax law.
7. application documents
a) You can send us application documents by e-mail or post.
b) Your data required for contacting us and for the application process will be stored for the purpose of carrying out an application procedure in compliance with the statutory provisions. The legal basis for this is Art. 6 para.1 lit. b) DS-GVO and § 26 para. 1 in conjunction with. Abs. 8 S. 2 BDSG (implementation of pre-contractual measures).
c) The following data may be processed by us in the application process:
– Master data (title, first name, surname, date of birth, if applicable)
– Contact data (address, telephone or mobile phone number, private e-mail address)
– Application data (e.g. profile picture as well as further documents such as CV, cover letter, overall application, certificates).
d) In the event of employment, the data will be transferred to the personnel file. Information on the storage period can be found in the information on the processing of personal data of our employees.
e) If an application for a specific job posting is unsuccessful, your data will be stored for evidentiary purposes for at least up to 6 months after the conclusion of the application process for the purpose of asserting, exercising or defending any legal claims.
f) With your consent, we will gladly include your application in our applicant pool until revoked. We store unsolicited applications for the search for a suitable position for you until revoked.
g) The provision of the data is not required by law or contract. You are not obliged to provide the data. However, if you do not provide the data, it will not be possible to carry out an application procedure and, if applicable, to hire you.
8. data subject rights
a) You have the following rights vis-à-vis us with regard to the personal data concerning you:
– Right to information,
– Right to correction or deletion,
– Right to restriction of processing,
– right to object to processing,
– Revocation of a granted consent,
– right to data portability.
b) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
9. revocation or objection to the processing of your data
a) If you have given your consent to the processing of your data, you may revoke it at any time. Such revocation will affect the permissibility of the processing of your personal data after you have expressed it to us.
b) If your personal data is processed on the basis of legitimate interests pursuant to Article 6 (1) sentence 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Article 21 DSGVO, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation. If you wish to exercise your right of revocation or objection, it is sufficient to send an e-mail to our above-mentioned e-mail address.
10. data security
We use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser. We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
11. topicality and change of this data protection explanation
Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on the website at www.socasports.com/en/data-protection.
Status: October 2023