Privacy Policy
We take data protection seriously.
Protecting your privacy when processing personal data is an important concern for us. When you visit our website, our web servers automatically store the IP address of your Internet service provider, the website from which you visit us, the web pages that you visit on our site, as well as the date and duration of your visit. This information is strictly necessary for the technical transmission of the web pages and the secure operation of the server. A personalized analysis of this data does not take place.
Controller:
athagoras Holding GmbH
Theatinerstrasse 14
80333 Munich
Phone: +49 (0)89 9430 1091
Email: contact@athagoras.com
You can contact our Data Protection Officer at the above-mentioned postal address with the addition “To the Data Protection Officer,” or at the email address: datenschutz@athagoras.com . Our Data Protection Officer is also happy to hear your questions, suggestions or criticism regarding data protection.
Purpose of processing personal data
Processing of data for the performance of contractual services
You may submit inquiries regarding the commissioning of contractual services to us via our website (contact form) and the contact details provided there. If, for this purpose or otherwise in connection with such inquiries, you transmit personal data to us, we process your data in order to respond to your inquiry, to perform the assignment/contract, and for invoicing purposes. For this, we require your name, address details and email address. Without this information, we are unable to perform the contract with you. Additional information, such as your telephone number, may be requested so that we can communicate with you regarding the service you have commissioned. Depending on the specific assignment/contract, we may require further information, which we will inform you about on a case-by-case basis.
For suppliers/service providers, we process the personal data you provide in order to place orders and request services on our part, as well as to pay for your services. For this, we require the (company) name, address details and bank account information. Depending on the specific service/contract, we may require further information, about which we will inform you on a case-by-case basis.
The legal basis for this processing is Article 6 (1) lit. b GDPR, which permits the processing of data for the performance of a contract or for taking steps prior to entering into a contract.
Processing of data to communicate with you
In addition to the contractual data, we process your communication data (names of contact persons, telephone number, email address, message) in order to contact you and communicate with you. Personal data that you provide to us by email, via the contact form or by telephone is processed solely for the purpose of corresponding with you and only for the purpose for which you provided the data to us.
The legal basis for this processing is Article 6(1) lit. b GDPR, which permits the processing of data for the performance of a contract or for taking steps prior to entering into a contract.
Processing of data in the context of exercising data subject rights
We also process your communication data (name, address, telephone number, email address) as well as all information that you voluntarily provide to us (e.g., by email, by telephone or via our contact form) for the purpose of exercising your data subject rights in accordance with Chapter 3 of the GDPR. Personal data that you provide to us in this context is processed solely for the purpose of corresponding with you and only for the purpose for which you have provided the data to us.
The legal basis for this processing is Article 6(1) lit c GDPR, as we are legally obliged to do so.
If we receive your data during our activities as an external Data Protection Officer in connection with the exercise of data subject rights, we will process the personal data provided to us for this purpose. Where necessary, your request may need to be forwarded to the respective client or controller responsible for the data processing to which the exercise of your data subject rights relates, in order to ensure that your request can be fulfilled.
The processing is carried out based on our contract with the client pursuant to Article 6(1)(b) GDPR as well as our legal obligation pursuant to Article 6(1) lit. c GDPR.
Server log files
The provider of these pages automatically collects and stores information in so‑called server log files, which your browser automatically transmits to us. These are:
- Date and time of the request
- Name of the requested file
- Page from which the file was requested
- Access status (file transferred, file not found, etc.)
- Browser used and operating system used
- Full IP address of the requesting computer
- Amount of data transferred
This data is not combined with other data sources. The processing is carried out pursuant to Article 6(1) lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short period of time. It is not possible for us to draw any conclusions about individual persons based on this data. After no more than seven days, the data is anonymized by shortening the IP address at domain level, so that it is no longer possible to establish a link to an individual user. In anonymized form, the data is also processed for statistical purposes; no comparison with other data sets or transfer to third parties, even in extracts, takes place.
Processing of data to secure legitimate interests
We also process your data where this is necessary in order to secure our legitimate interests or those of third parties. This may be the case to ensure IT security and IT operations—including in the context of support inquiries—or to be able to reconstruct and document facts in the event of legal disputes. The legal basis for this processing is Article 6(1) lit. f GDPR. We have an economic and legal interest in ensuring IT security as well as in the use of data in the context of legal disputes.
Use of Cloudflare
We use the service “Cloudflare” provided by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA, in order to protect our website against attacks, to optimize performance and to ensure the secure and stable provision of our online offering. Cloudflare acts as a Content Delivery Network (CDN) and security service. In this context, technical connection data between your browser and our servers is routed through Cloudflare. This includes the IP address, browser and system information, as well as server log data.
Cloudflare is certified under the EU‑US Data Privacy Framework (DPF), ensuring an adequate level of data protection in accordance with Article 45 GDPR.
As part of its functionality, Cloudflare receives access to technical data relating to the website visit; the processing is carried out based on our legitimate interest pursuant to Article 6(1) lit. f GDPR in the secure, high‑performance and functional provision of our website.
Cloudflare cookies (technically necessary)
Cookies are small text files that are stored on a visitor’s computer and contain data relating to the respective user in order to enable access to various functions.
Cloudflare uses cookies that serve exclusively to ensure technical functionality, to distinguish legitimate access from potential attacks, and to secure the website. These are technically necessary cookies that do not require consent under Section 25 TDDDG or Article 6(1) lit. a GDPR.
LinkedIn Page Analytics, Ads and Insight Tags
We operate a company page on the social network linkedin.com provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”), and we are provided with so‑called Page Analytics by LinkedIn in relation to our services. For the operation of the LinkedIn company page, we and LinkedIn are joint controllers within the meaning of Article 26 GDPR.
The type and scope of the information provided by LinkedIn, the purposes of the related data processing by LinkedIn, the lawfulness of such processing, as well as information on the exercise of your rights can be found in LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy and in the joint controller arrangement available at: https://legal.linkedin.com/pages-joint-controller-addendum.
LinkedIn Ads (https://business.linkedin.com/de-de/marketing-solutions/ads) provides the possibility to place targeted advertisements on LinkedIn. The data processing takes place for the purposes of conversion tracking, advertising, remarketing as well as the optimization of our advertising activities and page activities. For this purpose, a cookie is set and pixels and ad tags are used. The following data is processed: IP address, user agent data, device ID, search terms, viewed articles, visited pages, viewed advertisements, followers, connections, videos viewed, profile information, advertising identifier, information about the operating system, device information.
Page Analytics (https://www.linkedin.com/help/linkedin/answer/4499/linkedin-page-analytics-overview) consist of aggregated data that provide us with insights into how people interact with our page. The creation and provision of these Page Analytics are carried out under LinkedIn’s responsibility; we have no influence over this. LinkedIn assumes all obligations under the GDPR regarding the processing of Insights data (including Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR).
The purpose of our processing of the data provided by LinkedIn is the statistical evaluation of the use of our company page. This enables us, for example, to determine preferred visiting times and interaction times of our users and to use these insights to optimize our posts and our company page. In addition, we process personal data that you have made publicly available on LinkedIn (e.g., real name in the user profile) as well as data that is directly connected to activities on our company page (e.g., comments, posts, likes, tags), also for the purpose of communicating with you.
For some of our services, we may use the LinkedIn conversion tracking and retargeting tool “LinkedIn Insight Tags”. In this process, a cookie is stored in your browser that enables us to track the behaviour of visitors to our online activities after they have been redirected to our offerings by clicking on a LinkedIn advertisement. In this way, we can evaluate the effectiveness of our LinkedIn advertisements for statistical and market research purposes and optimize future advertising measures. The data collected in this context is anonymous to us, and we cannot identify individual users. However, the data is stored and processed by LinkedIn, allowing a connection to the respective user profile and enabling LinkedIn to use the data for its own advertising purposes. By means of retargeting, LinkedIn may display advertisements outside our services. This use of the data cannot be influenced by us as the page operator. If you are a LinkedIn member, you can manage the remarketing function via your account settings or deactivate it by setting an opt‑out cookie (see below). We have an interest in analysing user behaviour in order to optimize both our offering and, where applicable, advertising for our offering.
If you do not agree with the storage and use of your data in the context of the LinkedIn Insight Tag, you can deactivate such storage and use here. In this case, an opt‑out cookie is stored in your browser, preventing LinkedIn from storing usage data. If you delete your cookies, this also results in the deletion of the opt‑out cookie. The opt‑out must then be activated again upon your next visit to our page.
Opt‑out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
The legal basis for the above data processing is Article 6(1) lit. a GDPR. If you have provided the corresponding consent to LinkedIn, you may withdraw this consent at any time with effect for the future. If you have provided such consent to us, you may withdraw it from us at any time with effect for the future.
Otherwise, the legal basis for our data processing is Article 6(1) lit. f GDPR, which permits the processing of data for the purpose of legitimate interests pursued by the controller, provided that the interests or fundamental rights and freedoms of the data subject do not override those interests. Our interest lies in providing content and communicating with LinkedIn users as well as improving the reach and effectiveness of our posts.
You may exercise your rights of access, rectification, erasure, restriction of processing and data portability regarding your stored Insights data directly with LinkedIn, as LinkedIn has assumed the corresponding obligations:
LinkedIn Ireland Unlimited Company
Wilton Place
Dublin 2
Ireland
Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Opt‑out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Duration of data storage
Generally, we delete your data as soon as it is no longer required for the purposes mentioned above, unless temporary retention is still necessary. We store your data due to statutory documentation and retention obligations, which arise, among other things, from the German Commercial Code and the German Fiscal Code. The retention periods are up to ten full years. In addition, we retain your data for the period during which claims may be asserted against our company (statutory limitation period of three or up to thirty years).
Categories of recipients of personal data
Your contractual and communication data are forwarded to the responsible department and the responsible employees within our company in order to respond to your inquiries, to communicate with you or to perform the assignment. The legal basis for this is again Article 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or for taking steps prior to entering into a contract.
Your personal data will only be disclosed or otherwise transmitted to third parties outside our company if this is necessary for the purpose of contract execution or billing, if you have given your prior consent, or if there is a legal basis for the disclosure.
Where we make use of services provided by third parties (so‑called processors) for the execution and handling of processing operations, the provisions of the GDPR are complied with. Service providers that support us in delivering our services to you include:
- Hosting providers
- Email service providers
- IT service providers
- IT service providers for applicant management software (SAS)
- Service providers for data destruction
We also disclose personal data, within the scope of legal permissibility and necessity, to the following third parties who process personal data under their own responsibility (so‑called controllers, cf. Article 4(7) GDPR):
- Chartered Accountant
- Authorities
- Tax advisors
Data security
Your personal data is securely transmitted to us through encryption. For this purpose, we use the SSL (Secure Socket Layer) encryption system. Furthermore, we secure our websites and other systems through technical and organizational measures to protect your data against loss, destruction, access, alteration or dissemination by unauthorized persons. Our security measures are continuously improved in line with technological developments. However, we expressly point out that data transmission over the internet may involve security vulnerabilities and cannot be completely protected against access by third parties, which applies particularly and especially to unencrypted communication by email.
Rights of data subjects
Every data subject has the right of access pursuant to Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR, and the right to data portability pursuant to Article 20 GDPR. To exercise the aforementioned rights, you may contact the offices mentioned above.
If you have given us consent to process your data, you may withdraw this consent at any time without formal requirements. For this purpose, you may contact the office mentioned above.
If we process your data to secure legitimate interests, you may object to such processing at any time, without formal requirements, on grounds relating to your particular situation. You may likewise contact the offices mentioned above for this purpose.
If you exercise your rights under Articles 12 to 22 GDPR, we will process the personal data transmitted in this context for the purpose of implementing these rights and for the purposes of data protection monitoring and otherwise restrict processing in accordance with Article 18 GDPR. These processing activities are based on the legal basis of Article 6(1) lit. c GDPR.
Furthermore, you have the right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR).