Privacy policy

As the operator of this website, SINC NOVATION GmbH takes the protection of your personal data very seriously. We treat your data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

Information obligations when collecting personal data (Art. 13 EU GDPR; Section 25 TDDDG)

Since May 25, 2018, we have been subject to the provisions of the European General Data Protection Regulation (EU GDPR) and the provisions of the new German Federal Data Protection Act (BDSG). In addition, the Telecommunications Digital Services Data Protection Act (TDDDG) has applied to the storage of information and access to information in terminal equipment, e.g. by means of cookies, since December 1, 2021. The TDDDG serves to protect privacy and confidentiality in the use of terminal equipment, as guaranteed by Art. 7 of the Charter of Fundamental Rights, regardless of whether personal data is processed. In the following, we inform you in accordance with the provisions of Art. 13 EU GDPR how we collect and process your personal data in accordance with the law when you use our website. Furthermore, we describe which specific technologies we use to store information in terminal equipment and to access information already stored, § 25 TDDDG.

1. Scope, purpose and legal basis of data processing (Art. 13 para. 1 lit. c) and d) EU GDPR)

a. Visiting our website

Our website is intended to provide information about us and our activities. In connection with our website, we only process personal data insofar as this is necessary for the provision, use and optimization of our website and to safeguard our legitimate interests (Art. 6 para. 1 subpara. 1 lit. f) EU GDPR). In addition, we only process your data in connection with our website if you have expressly consented to this (Art. 6 para. 1 subpara. 1 lit. a) EU GDPR).

Insofar as it is possible to enter personal data on our website, this data is provided by the visitor on an expressly voluntary basis.

b. Logging – server log files

Computer-related data is logged and stored for the purpose of identifying and tracking unauthorized attempts to access our web server. User profiles are not created. No data, including excerpts, is passed on to third parties. Depending on the access protocol used, the log data record (server log files) contains information with the following content:

  • Date (date): The date of the request.
  • Time (time): The time of the request (in UTC [Coordinated Universal Time]).
  • Client IP address (c-ip): The IP address (Internet Protocol) of the client that made the request.
  • Protocol status (sc-status): HTTP or FTP status code.
  • Reference (cs(Referer)): The last site visited by the user. This site provided a link to the current site.
  • User agent (cs(UserAgent)): The browser type used by the client.

The log data is stored on the legal basis of Art. 6 para. 1 subpara. 1 lit. f) EU GDPR. Our legitimate interest here is to maintain the security of our website. The data is ONLY evaluated in the event of unauthorized access. The evaluation is carried out by employees of our company and any external IT service providers commissioned.

c. Cookies

Our website uses cookies. Cookies are small text files that are stored on your end device and saved by your browser. They do not cause any damage to your device and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure.
Most of the cookies we use are only used for the technical delivery of the pages and are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit.

Most browsers are set to accept cookies automatically. You can set your browser so that you are informed about the placement of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. This makes the use of cookies transparent for you.

Technically necessary cookies, which are absolutely necessary for the operation or display of the website, are stored on the legal basis of Section 25 (2) No. 2 TDDDG. The storage of such cookies is in the interest of a technically error-free and optimized provision of our website and is therefore also absolutely necessary in the interest of the end user.

All other cookies (e.g. those used to analyze your user behavior) are stored on the legal basis of Section 25 (1) TDDDG if you give us your consent in the cookie banner. When you visit our website, an opt-in checkbox appears in the cookie banner in which you can declare your consent to the storage of cookies. You can revoke your consent at any time with effect for the future by calling up the cookie settings again and using the opt-out checkbox there. The revocation only affects the future storage of cookies, but not the cookies already stored with your consent. You must remove these yourself manually or via the automatic browser settings.

d. Hosting

We host the content of our website with the following provider:

RAIDBOXES
provider is RAIDBOXES GmbH, Hafenstr. 32, 48151 Münster, Germany (hereinafter RAIDBOXES). When you visit our website, RAIDBOXES collects various log files including your IP addresses.

For details, please refer to the RAIDBOXES privacy policy: https://raidboxes.io/legal/privacy/.

The use of RAIDBOXES is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in displaying our website as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1TDDDGTDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. for device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Order processing
We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which guarantees that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

e. Social media (Facebook and Instagram)

SINC NOVATION GmbH operates a Facebook page and an Instagram profile. Links to our Facebook and Instagram profiles can be found on our websites. The provider of Facebook and Instagram in Germany is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The parent company of Meta Platforms Ireland is Meta Inc, 1 Hacker Way, Menlo Park, California 94025, USA. User data and information is processed by Meta Platforms Ireland in the EU and by Meta Inc. in third countries such as the USA.

Please note that every time you visit our Facebook page or our Instagram profile (via the links provided on our website or otherwise), Instagram/Facebook processes personal data to a specifically unknown extent. This includes, among other things, your IP address and the website from which you accessed Facebook/Instagram. In addition, Instagram/Facebook uses cookies and tracking technologies every time you visit our Facebook page or our Instagram profile. This enables Facebook to track and analyze your user behavior far beyond the Facebook and Instagram websites.

All this happens regardless of whether you are logged into your Facebook and/or Instagram user account or have one at all. If you are logged into your Facebook and/or Instagram user account, you enable Facebook to assign your user behavior directly to your personal profile across devices. According to the company, you can prevent this by logging out of your Facebook or Instagram user account. Further information on data protection at Facebook and Instagram can be found in the data policies and cookie guidelines of Facebook and Instagram at: https://de-de.facebook.com/privacy/explanation, https://help.instagram.com/519522125107875/?helpref=hc_fnav&bc[0]=Instagram%20Help&bc[1]=Privacy%20and%20Safety%20Center, https://de-de.facebook.com/policies/cookies/, https://help.instagram.com/1896641480634370. We have no influence on the processing of your data by Facebook and on whether Facebook complies with the applicable data protection regulations.

Further information on the processing of personal data by Facebook and regarding data processing when visiting our Facebook page and our Instagram profile can be found in our „Privacy Policy for Social Networks“.

f. YouTube

Videos are integrated on our websites via the provider YouTube. These videos have been embedded using the “extended data protection mode” offered by YouTube. According to the company itself, YouTube does not initially initiate any data processing operations unless you watch the video. If you watch the video, YouTube will process data to an unknown extent (including your IP address) and may store cookies if you have given your prior consent. YouTube is in turn connected to the Google DoubleClick network. The Google DoubleClick network processes data to a specifically unknown extent (including your IP address) and may store cookies if you have given your prior consent.

The provider of YouTube in Germany is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The parent company of YouTube is Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043. User data and information are processed by YouTube and Google in the EU and in third countries such as the USA.

Data is only stored and read out with the help of YouTube if you give us your consent to do so in accordance with Section 25 (1) TDDDG. Subsequent further processing and analysis of the personal data will only take place if you give us your consent in accordance with Art. 6 para. 1 subpara. 1 lit. a) EU GDPR.

By giving your consent or clicking on the YouTube video, you document that you agree to the transfer of personal data to YouTube and Google and thus also to the transfer of data to third countries (outside the EU). Consent to the storage and reading of information in accordance with Section 25 (1) TDDDG and consent to the processing of personal data in accordance with Art. 6 (1) (1) (a) EU GDPR is regularly granted by the same action (bundling of consents).

SINC NOVATION GmbH also operates its own YouTube channel. Please note that every time you access our YouTube channel (via a link or in any other way) on the YouTube websites, YouTube/Google processes personal data to a specifically unknown extent. This includes, among other things, your IP address and the website from which you accessed YouTube. In addition, YouTube/Google uses cookies and tracking technologies every time you visit our YouTube channel. This enables Google to track and analyze your user behavior far beyond the YouTube websites. All this happens regardless of whether you are logged into your YouTube user account or even have one. If you are logged into your YouTube user account, you enable YouTube to assign your user behavior directly to your personal profile. According to the company, you can prevent this by logging out of your YouTube account. You can find more information on data protection at YouTube in YouTube’s data policy and cookie policy at: https://www.google.de/intl/de/policies/privacy, https://policies.google.com/technologies/cookies?hl=de&gl=de. We have no influence on the processing of your data by Google and on whether Google complies with the applicable data protection regulations.

Further information on the processing of personal data by YouTube/Google and regarding data processing when visiting our YouTube channel can be found in our „Datenschutzerklärung für Soziale Netzwerke.

g. Google Web Fonts

Our website uses so-called web fonts provided by Google LLC (“Google”) for the uniform display of fonts. When you access the page, your browser establishes a connection to our web server. The Google fonts are stored locally there so that no data flows to Google. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers. No personal data is processed through the use of web fonts. If your browser does not support web fonts, a standard font will be used by your computer.

h. Contact

If you would like to contact us, please use the contact details provided. If you contact us by telephone, e-mail or post, the personal data you provide (e.g. your name, e-mail address / telephone number / address, date / time of contact and the content of the message you send) will be stored by us. The data will be used strictly for the purpose of processing your request. The legal basis for this data processing is Art. 6 para. 1 subpara. 1 lit. f) EU GDPR. Our legitimate interest here is to process your inquiries and other requests as promptly and comprehensively as possible and to your satisfaction. The data will be deleted when the purpose for the processing no longer applies, i.e. specifically after the contact with you has finally ended. Mandatory statutory retention periods remain unaffected.

i. Newsletter

If you would like to receive our e-mail newsletter, we need your name and e-mail address. The personal data you provide will be stored by us. The data will be used strictly for the purpose of sending the newsletter and will not be passed on to third parties. We send out our e-mail newsletter with regular information and to ask for your support for our concerns. The legal basis for data processing as part of the newsletter subscription is consent in accordance with Art. 6 para. 1 subpara. 1 lit. a) GDPR. We use the so-called “double opt-in procedure” to ensure that the consent was actually given by the owner of the specified email address. In doing so, we log the declaration of consent given using the online form, the sending of a confirmation email and the receipt of the response requested therein. No further data is collected. You can revoke your consent at any time without giving reasons with effect for the future. You can withdraw your consent by using the unsubscribe link at the end of each newsletter. The data will be deleted if the purpose for processing no longer applies, i.e. if you unsubscribe from the newsletter or withdraw your consent. Mandatory statutory retention periods remain unaffected.

j. Job advertisements and application procedure

We process the personal data that you provide in your application insofar as this is necessary for the decision on the establishment of an employment relationship with us. The legal basis for this is Art. 88 EU GDPR i.V.m. § Section 26 para. 1 sentence 1 var. 1 in conjunction with para. para. 8 sentence 2 BDSG.

Your personal data will be treated confidentially and processed exclusively for the purpose of processing your application, i.e. for recruitment, recruitment and drawing up an employment contract. In order to handle the application process, it is essential that employees of the HR department, the respective specialist department and, if applicable, the responsible committees, such as the representative body for severely disabled employees, have access to your personal data.

If you give us your consent to do so, we will process your personal data beyond the application for a specific position or a specific hiring date and contact you for other positions that match your profile.

The general retention and deletion periods apply. We generally store your personal data for as long as is necessary for the decision on your application and beyond that only if there is another legal reason for further storage. Such other legal grounds may arise in particular from tax and accounting obligations or from the defense against possible legal claims, in particular under the General Equal Treatment Act (AGG).

If you have not consented to further data processing for other positions that may match your profile, we will delete your data no later than six months after completion of the application process. If you have consented to being considered for other positions or have submitted an unsolicited application without a time limit, we will store your personal data for a maximum period of three years, starting at the end of the year in which you gave us your consent or submitted your unsolicited application. If your application is successful, we will transfer your application documents to your personnel file.

2. Recipients / categories of recipients of the personal data
(Art. 13 para. 1 lit. e) and f) EU GDPR)

The recipient of the data associated with the use of the website is exclusively SINC NOVATION GmbH. Your data will be treated confidentially by us and will not be passed on to third parties, neither to recipients within Germany or the European Union, nor to recipients in third countries. The data is not used commercially and no profiling is carried out.

However, we may use external service providers who process personal data on our behalf. These are considered processors within the meaning of Art. 28 EU GDPR. When passing on data to these partners, an order processing contract is therefore always concluded in accordance with the legal requirements in order to ensure the control and protection of the data.

SINC NOVATION GmbH will transfer personal data to institutions (authorities) entitled to receive such information if it is obliged to do so by law or by court order.

3. Duration of storage and deletion of personal data
(Art. 13 para. 2 lit. a) EU GDPR)

  • Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You withdraw your consent on which the processing was based and there is no other legal basis for the processing.
  • You object to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2).
  • The personal data was processed unlawfully.
  • The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which SINC NOVATION is subject.

Exceptions, according to which your data does not have to be deleted although one of the listed reasons exists, are also regulated in Art. 17 EU GDPR.

4. Your rights as a data subject (Art. 13 para. 2 lit. b) and c) EU GDPR)

The EU GDPR gives data subjects affected by the processing of personal data various options for reviewing and influencing the handling of their personal data themselves. You therefore have the following rights:

  • Right to information (Art. 15 EU GDPR)
  • Right to rectification (Art. 16 EU GDPR)
  • Right to erasure (Art. 17 EU GDPR, see above)
  • Right to restriction of processing (Art. 18 EU GDPR)
  • Right to data portability (Art. 20 EU GDPR)
  • Right to withdraw any consent given (Art. 7 (3) EU GDPR)

You also have the right to object (Art. 21 EU GDPR): You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Art. 6 (1) EU GDPR. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims. If we process personal data for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing.

If you would like to exercise one of the rights described above, please send an e-mail to the address given under point 5.

5. Responsible body (Art. 13 para. 1 lit. a) EU GDPR)

The controller responsible for the processing of personal data on this website within the meaning of the EU GDPR is:
SINC NOVATION GmbH
Hammerbrücker Straße 3
08223 Falkenstein

Represented by:
Niclas Helgers
Dipl.-Kfm. Jakob Stiels
Thomas Meeß

Telefon: +49 (0) 37 45.7 64 00-10
E-Mail: contact@sincnovation.com
Web: https://www.sincnovation.com/

6. Our local external data protection officer (Art. 13 para. 1 lit. b) EU GDPR)

Appointed as data protection officer pursuant to Art. 37 EU GDPR:
Dirk Fromm
Lawyer, certified data protection officer and data protection auditor (TÜV® PersCert)
Information Security Officer – ISO/IEC 27001 (TÜV® PersCert)
CE21 – Gesellschaft für Kommunikationsberatung mbH
Bergfeldstraße 11, 83607 Holzkirchen

Information via NRW branch:
Donnerbachweg 1, 53332 Bornheim
Tel.: +49 89 7167211-30
Fax: +49 2227 904541
E-Mail: dirk.fromm@ce21.de

7. Right to lodge a complaint with the competent supervisory authority
(Art. 13 para. 2 lit. d), Art. 77 EU GDPR)

In addition to the rights listed above, you also have the right to lodge a complaint with a data protection supervisory authority in any country of the European Union. Below you will find a list of all state data protection officers in the federal states:
www.bfdi.bund.de/DE/Infothek/Anschriften_Links/AufsBehoerdFuerDenNichtOeffBereich/AufsichtsbehoerdenNichtOeffBereich_liste.htm

8. Security

a. Technical and organizational measures

SINC NOVATION GmbH uses technical and organizational measures within the meaning of Art. 32 EU GDPR to protect the data you provide against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously improved in line with technological developments. We have committed all employees to confidentiality. To ensure compliance with data protection regulations, our employees also receive regular training from our data protection officer. We also ensure that the data protection regulations are also observed by the external service providers involved.

b. E-mail

If you send us an e-mail, your e-mail address will only be used for correspondence with you. An encryption procedure is not used. E-mails are sent via the unsecured Internet. We would like to point out that the Internet harbors many risks of attack and that absolutely secure transmission cannot be guaranteed. Complete protection of data against access by third parties is not possible. Therefore, please do not send us any confidential or strictly confidential data by e-mail.

c. TLS encryption (Transport Layer Security)

Our website uses TLS encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If TLS encryption is activated, the data you transmit to us cannot be read by third parties.

9. Links to other websites

Our website contains links to other websites. We have no influence whatsoever on their content and on whether their operators comply with the applicable data protection regulations. The purpose and scope of any data collection, further processing and use of the data by the respective third party operating the corresponding website, as well as your rights in this regard and setting options for protecting your privacy, can be found in the data protection information of the third party. We also have no influence on the current and future design or authorship of the content of the linked pages. We hereby declare that at the time the links were created, no illegal content was recognizable on the linked pages. We expressly distance ourselves from all content that may be relevant under criminal or liability law or offend common decency. Liability for illegal, incorrect or incomplete content and for damages resulting from the use or non-use of other websites lies solely with the provider of the linked site.

10 Definitions

The legislator requires that personal data be processed lawfully, fairly and in a transparent manner that is comprehensible to the data subject. Our privacy policy should therefore be easy to read and understand for any interested person. To ensure this, we would like to explain the terminology used last.

We use the following terms, among others, in this privacy policy:

Person concerned

Data subject is any identified or identifiable natural person whose personal data is processed by us.

Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.

Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

Pseudonymization

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller or controller responsible for the processing

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Receiver

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

Third

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Consent

Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

11. Final clause

Due to the further development of our website or the implementation of new technologies, it may become necessary to amend this privacy policy. We reserve the right to change this privacy policy at any time with effect for the future. The version available at the time of your visit always applies.

Further information, e.g. on copyright, can be found in the legal notice.