Privacy
Privacy Policy
Status at 1 January 2024
When using this website and other external online offers, such as our social media offer on LinkedIn, your personal data will be processed by us as the data controller. With this data protection declaration, we inform you, as a data subject whose personal data we process (data subject), about the type, scope, purpose and duration of the processing of your personal data. You will receive information about what data is processed, what purposes we pursue, what legal obligations we have to fulfil and what rights you are entitled to.
According to Art. 4 No. 1 of the EU General Data Protection Regulation (GDPR), personal data is any information relating to an identified or identifiable natural person.
I. Name and address of the person responsible
The responsible party within the meaning of the General Data Protection Regulation (GDPR) and other international and national data protection regulations is:
AMX Germany GmbH
Rheinpromenade 4a
40789 Monheim am Rhein
Germany
Phone: +49 173 19 555 75
E-Mail: hi@amxconsulting.com
Web: www.amxconsulting.com
Commercial register: HRB 188044 B
Represented by the managing director: Sebastian Paasch
II. Name and address of the data protection officer
We are not obliged to appoint a data protection officer. If you have any questions regarding data protection, please contact:
Sebastian Paasch
Phone: +49 173 19 555 75
E-Mail: sebastian.paasch@amxconsulting.com
III. Data subject rights
If your personal data is processed by us, you are entitled to the following data subject rights under the GDPR.
Right to information
You may request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request the following information from the controller:
the purposes for which the personal data are processed;
the categories of personal data processed;
the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
the envisaged duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the duration of the storage;
where the personal data have not been collected from you as the data subject, any available information on the source of the data.
the existence of automated decision-making in individual cases, including profiling in accordance with Article 22 of the GDPR, and meaningful information about the underlying logic and its effects.
Furthermore, you have the right to request information on whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.
Right of rectification
You have a right of rectification and/or completion vis-à-vis the controller if the personal data processed concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.
Right to restrict processing
You may request the restriction of the processing of personal data concerning you under the following conditions:
if you contest the accuracy of the personal data concerning you, for a period enabling the controller to verify the accuracy of the personal data;
the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
the controller no longer needs the personal data for the purposes of the processing but you need them for the establishment, exercise or defence of legal claims; or
if you have objected to the processing pursuant to Article 21(1) DSGVO and it has not yet been determined whether the legitimate grounds of the controller outweigh your grounds.
Where the processing of personal data relating to you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
Right to erasure
a. Obligation to delete
You may request the controller to erase the personal data concerning you without delay and the controller is obliged to erase this data without delay if one of the following reasons applies:
The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
You withdraw your consent on which the processing was based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) of the GDPR and there is no other legal basis for the processing.
You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
The personal data concerning you have been processed unlawfully.
The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
The personal data concerning you has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.
b. Information to third parties
If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to, or copies or replications of, that personal data.
c. Exceptions
The right to erasure does not exist insofar as the processing is necessary:
to exercise the right to freedom of expression and information;
for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
for the assertion, exercise or defence of legal claims.
Right to information
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients by the controller.
Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You have the right to transmit this data to another controller without hindrance by the controller to whom the personal data have been provided, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b) and the processing is carried out by automated means.
When exercising this right to data portability, you also have the right to have the personal data transferred directly from one controller to another controller where this is technically feasible.
The rights and freedoms of other persons must not be affected by the right to data portability.
The right to portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(e) or (f) DSGVO. This also applies to profiling based on these provisions.
The controller will then no longer process the personal data relating to you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing. In this case, we will immediately stop the processing. It is not necessary to specify a particular situation. If you wish to exercise your right of objection, simply send an e-mail to: privacy@amxconsulting.com.
Right to revoke the declaration of consent under data protection law
You have the right to revoke your consent to the processing of personal data at any time. This means that we may no longer process the data based on this consent in the future. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
You do not have this right if the decision:
is necessary for the conclusion or performance of a contract between you and the controller,
is permissible under Union or Member State legislation to which the controller is subject and that legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or
is done with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.
With regard to the cases mentioned under a and c, the controller shall take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, which include at least the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.
Right to complain to a supervisory authority
You have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy the right to lodge a complaint in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR. The competent supervisory authority for the controller is:
Bavarian Data Protection Authority
Promenade 27
91522 Ansbach
Germany
Phone: 0981 / 53 1300
E-Mail: poststelle@lda.bayern.de
IV. General information on the processing of personal data
Scope of the processing of personal data
The data controller processes personal data of data subjects insofar as this is necessary for the provision of this website and other external online offers, as well as for the use of our content and services. Personal data is only processed with the consent of the data subject. An exception applies in those cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted or required by legal regulations.
Legal basis for the processing of personal data
The legal basis for the processing of personal data is Art. 6 para. 1 sentence 1 lit. a GDPR if the processing is based on the consent of the data subject.
The legal basis for the processing of personal data is Art. 6 (1) sentence 1 lit. b GDPR if the processing is carried out for the performance of a contract to which the data subject is a party. The legal basis also applies to processing that is necessary for the performance of pre-contractual measures.
The legal basis for the processing of personal data is Art. 6 para. 1 sentence 1 lit. c GDPR, if the processing is necessary for compliance with a legal obligation.
The legal basis for the processing of personal data is Art. 6 para. 1 sentence 1 lit. d GDPR if vital interests of the data subject or another natural person make the processing necessary.
The legal basis for the processing of personal data is Art. 6 (1) sentence 1 lit. f GDPR if the processing is necessary to protect the legitimate interests of the controller or a third party and the interests, fundamental rights and freedoms of the data subject do not override the interests of the controller..
Data deletion and storage period
The personal data of the data subject shall be erased or blocked as soon as the purpose for which they were collected or otherwise processed no longer applies. Processing may continue if it is necessary for compliance with a legal obligation to which the controller is subject under Union or Member State law or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Furthermore, processing may continue if it is necessary for the establishment, exercise or defence of legal claims.
V. Provision of the website and creation of log files
Description and scope of the processing of personal data
Each time this website is used, the server of the responsible party automatically collects data and information from the browser of the calling end device.
The following data is collected:
Information about the type of browser and the version used
The operating system of the end device
The Internet service provider of the terminal device
The IP address of the terminal device
Date and time of access
Websites from which the user's terminal device accesses our website
Websites that are accessed by the user's system via our website
The data is stored in so-called log files of our system. This data is not stored together with other personal data of the user.
Legal basis for the processing of personal data
The legal basis for the processing of personal data is Art. 6 para. 1 p.1 lit. f GDPR.
Purpose of the processing of personal data
The temporary storage of the IP address of the requesting end device by the system is technically necessary to enable the connection between the end device of the user and the server of the responsible party and to ensure the delivery of the website to the end device. Furthermore, the responsible party processes the IP address for technical and administrative purposes when establishing the connection, in order to be able to guarantee the stability of the connection, to ensure the security and functionality of the online offers and to be able to pursue any illegal attacks.
The storage in log files takes place in order to ensure the functionality of the website. From the processing of the IP address and the information in the log files, the responsible party does not draw any direct conclusions about your identity. An evaluation of the data for marketing purposes does not take place in this context.
The legal basis for the processing of the IP address and the information of the log files is Art. 6 para. 1 p. 1 lit. f GDPR. The legitimate interest of the responsible party is the secure and trouble-free provision of our website.
Data deletion and storage period
The personal data of the data subject shall be deleted or blocked as soon as the purpose for which they were collected or otherwise processed ceases to apply. In the case of the processing of data for the provision of the website, this is the case when the respective session has ended. When processing the data in log files, this is the case after 30 days at the latest.
Possibility of objection and removal
The processing of the IP address to provide the website and the processing of the data in log files is absolutely necessary for the operation of the website. Therefore, there is no possibility for the user to object.
VI. Contact form and email contact
Description and scope of the processing of personal data
If you use a contact form on this website or send an e-mail to the person responsible, the data you provide will be automatically processed by the person responsible in order to be able to deal with your request. When using the contact form, in addition to the contents of the form, the date, time and time of sending the message will also be stored. Before sending the message, your consent is obtained and confirmation that you have understood and accepted the data protection declaration. If you contact us by e-mail, your personal data will also be stored. The data will only be processed in order to be able to deal with your request. It will not be passed on to third parties.
Legal basis for the processing of personal data
The legal basis for the processing of personal data in the case of your consent is Art. 6 para. 1 p.1 lit. b GDPR.
The legal basis for the processing of personal data when communicating by e-mail is Art. 6 para. 1 sentence 1 lit. f GDPR.
If the processing of personal data serves the purpose of concluding a contract by e-mail or via a form, the legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR.
Purpose of the processing of personal data
The purpose of processing the personal data collected via contact form or e-mail is to process the sender's request. The additional personal data collected is used to prevent the misuse of forms and to ensure the information security of the systems of the controller. The legal basis for processing the information is Art. 6 para. 1 p. 1 lit. f GDPR.
Data deletion and storage period
The personal data of the data subject shall be deleted as soon as the purpose for which they were collected or otherwise processed ceases to apply. For the personal data from the contact form and/or sent by email, this is the case when the respective communication with the user has ended. The communication is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
Possibility of objection and removal
The user can revoke his consent to the processing of personal data at any time. If the user contacts us by email, he or she can object to the storage of his or her personal data at any time. In such a case, communication cannot be continued.
All personal data stored in the course of contacting us will be deleted in this case.
VII. Use of Salesforce CRM
Description and scope of the processing of personal data
The responsible person uses the customer relationship management system (CRM system) of the provider Salesforce (Salesforce). Salesforce.com is a service of the provider Salesforce.com Germany GmbH, Erika-Mann-Str. 63, 80636 Munich, Germany. The responsible person uses Salesforce to be able to process enquiries from users of the website, as well as from customers and interested parties, more quickly and efficiently. Salesforce only uses this data for the technical processing of the enquiries and does not pass it on to third parties. To use Salesforce, at least a correct e-mail address is required. Pseudonymous use is possible. In the course of processing service requests, it may be necessary to collect further data (name, address).
Information on data protection at Salesforce can be found in the Salesforce privacy policy: https://www.salesforce.com/de/company/privacy/.
For transfers of personal data to the U.S., Salesforce is certified under the EU-U.S. Privacy Shield. You can access more information about the Privacy Shield here: https://www.privacyshield.gov/. You can view Salesforce's certification here: https://www.privacyshield.gov/list. Rechtsgrundlage für die Verarbeitung personenbezogener Daten
The legal basis for the processing of personal data in connection with the use of the CRM system Salesforce is Art.6 para.1 p.1 lit.f GDPR.
Purpose of the processing of personal data
The purpose of using Salesforce is to maintain relationships with customers and prospects quickly and efficiently, and to respond to relevant enquiries.
Data deletion and storage period
We delete CRM data if it is no longer necessary. We review the necessity every two years. In addition, the statutory archiving obligations apply.
Possibility of objection and removal
If you do not agree with the processing of your data in Salesforce's systems, we offer you alternative ways to contact us. You can contact us by e-mail, telephone, fax or post.
VIII. Application by post, application form and application by email contact
Description and scope of the processing of personal data
When handling the application process, the controller processes the personal data of applicants (e.g. contact and communication data, application documents, notes taken during interviews, etc.) to the extent necessary to decide on the establishment of an employment relationship. Processing may be carried out by physical or electronic means. Electronic processing takes place in particular when an applicant submits his or her application documents to the controller by electronic means, for example by e-mail or via an online application form.
If the controller concludes an employment contract with an applicant, the data provided will be stored for the purpose of implementing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded by the controller, if the applicant rejects a job offer, withdraws his or her application, revokes his or her consent or requests the controller to delete his or her data, the application documents are automatically deleted two months after the notification of the termination decision, provided that no other legitimate interests of the controller prevent deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).
Purpose of the processing of personal data
The purpose of the processing is the decision on the establishment of an employment relationship. The legal basis for the processing of personal data is Section 26 (1) BDSG under German law, Art. 6 (1) lit. b GDPR. If the responsible party processes the data on the basis of consent given, the legal basis for this is Section 26 (2) BDSG under German law, Art. 6 (1) a GDPR. The consent can be revoked at any time. In certain cases, the controller processes personal data on the basis of legitimate interest. The legal basis for the processing of personal data is then Art. 6 (1) lit. b GDPR.
Data deletion and storage period
If the controller is unable to make a job offer, the applicant rejects a job offer, withdraws his or her application, revokes his or her consent, or requests the controller to delete his or her data, the application documents, including any existing physical application documents, will be deleted a maximum of six months after the conclusion of the application procedure, provided that no other legitimate interests of the controller prevent deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).
Possibility of objection and elimination
The applicant may revoke his consent to the processing of personal data at any time. If the user contacts the responsible person by email, he can object to the storage of his personal data at any time. In such a case, the application process cannot be continued.
IX. Use of our company profile on LinkedIn
Description and scope of the processing of personal data
The responsible party uses the platform of LinkedIn, Wilton Place, Dublin 2, Ireland for the company presence. On our company website, we provide information and offer LinkedIn users the opportunity to communicate and interact with us. If you perform an action on our corporate presence on LinkedIn, your personal data may be made public. Information on the processing of your personal data by LinkedIn and on data protection at LinkedIn can be found in LinkedIn's privacy policy, which you can access here: https://privacy.linkedin.com/de-de.
Legal basis for the processing of personal data
The legal basis for the processing of personal data in connection with the use of our corporate presence on LinkedIn is Art.6 para.1 p.1 lit.f GDPR.
Purpose of the processing of personal data
The purpose of the company's presence on LinkedIn is to inform the users of LinkedIn about products, services and services of the responsible party. In doing so, every user is free to publish personal data through activities.
Data deletion and storage period
The responsible party, stores the activities and personal data published via the LinkedIn until revoked. In addition, the responsible party complies with the statutory retention periods.
Possibility of objection and elimination
You can object at any time to the processing of your personal data collected by the data controller in the context of the use of the company presence on LinkedIn and assert your data subject rights.
LinkedIn offers the possibility to manage the settings for the processing of personal data by LinkedIn under https://www.linkedin.com/psettings/.
X. Use of Google Workspace
Description and scope of the processing of personal data
The responsible person uses the Google Workspace of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043. Google Workspace is a software accessible via the Internet and executed on the servers of Google (cloud service, software as a service. When using Google Workspace, personal data may be processed and stored on Google's servers, insofar as this is part of the communication with us or from us. This data may include, in particular, master data and contact data of users, data on operations, other processes and content of the communication. Google also process usage data and metadata to ensure the security of and used for service optimization. More information on data protection and security of processing at Google Workspace can be found here: https://cloud.google.com/product-terms.
Legal basis for the processing of personal data
The legal basis for the processing of the users' personal data is the user's consent according to Art. 6 para. 1 p. 1 lit. a GDPR, pre-contractual inquiries and the fulfillment of contracts according to Art. 6 para. 1 p. 1 lit. b. GDPR as well as the legitimate interest according to Art. 6 para. 1 p. 1 lit. f. GDPR.
Purpose of the processing of personal data
The Controller uses Google Workspace for the organization of its business. This includes, but is not limited to, the following processing purposes: storing and managing documents in the cloud, managing appointments, contacts and calendars, sending and receiving email, spreadsheets, presentations, exchanging documents, content and information with specific recipients, publishing forms or other content and information, conducting chats and participating in audio and video conferences.
Data deletion and storage period
The personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this is provided for by the European or national legislator in Union regulations, laws or other provisions to which we are subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.
Possibility of objection and elimination
They have the option to revoke their consent to the processing of personal data at any time and may object to the storage of their personal data at any time. In such a case, communication and the customer relationship may not be able to continue.
XI. Use of Matomo
Description and scope of the processing of personal data
The controller uses the software "Matomo" (www.matomo.org), a service of the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. Matomo enables the anonymised analysis of user behaviour on the website. The following data is stored: the user's IP address, shortened by the last two bytes (anonymised); the page accessed and the time of access; the page from which the user accessed our website (referrer); which browser with which plug-ins, which operating system and which screen resolution is used; the time spent on the website; the pages accessed from the sub-page accessed. The data collected with Matomo is stored on our own servers. It is not passed on to third parties.
Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is the legitimate interest according to Art. 6 para. 1 p. 1 lit. f. DSGVO.
Purpose of the processing of personal data
The data controller needs the data to analyse the surfing behaviour of the users and to obtain information about the use of the individual components of the website. This enables him to continuously optimise the website and its user-friendliness. These purposes constitute the legitimate interest according to Art. 6 Para. 1 lit. f DSGVO. By anonymising the data, the data controller takes into account the interest of users in the protection of personal data. The data will never be used to personally identify the user of the website and will not be merged with other data.
Data deletion and storage period
Personal data will be deleted after 6 months and aggregated into monthly reports with no personal reference.
Possibility of objection and removal
You have the option to revoke your consent to the processing of personal data at any time and can object to the storage of your personal data at any time. You can activate the "Do-not-Track" setting in your browser The Matomo system is configured to respect this setting.
XII. Use of Userlike
This website uses Userlike, live chat software produced by the company Userlike UG (haftungsbeschränkt), Probsteigasse 44-46, 50670 Cologne, Germany. You can use Userlike to chat with our employees in real-time. At the start of the chat, the following personal data is collected:
Date and time of the chat,
Browser type/version,
IP address,
Operating system used,
URL of the previously visited website,
Amount of data sent. And if provided by you: first name, surname, and e-mail address.
Depending on the course of the conversation with our employees, further personal data may be provided by you in the chat. The nature of this information depends heavily on your request or the problem you are describing.
All our employees have been trained in data protection and in the handling of customer data. All our employees are obliged to maintain confidentiality and have accordingly signed an addendum to their employment contracts which obliges them to maintain confidentiality and observe data protection.
By accessing the AMX Germany GmbH web page, the chat widget is loaded as a JavaScript file from AWS Cloudfront. The chat widget technically represents the source code executed on your computer that enables the chat.
In addition, AMX Germany GmbH stores the history of live chats. The purpose of this is to save our customers from having to go through a long history of requests, and for us to constantly monitor the quality of our live chat service. Processing is permitted pursuant to Art. 6 Para. 1 Book f, GDPR. If you do not wish your live chat history to be stored, please do not hesitate to contact us using the contact details listed below. Stored live chats and any other of your data will then be deleted by us immediately.
The storage of chat data also serves the purpose of ensuring the security of our information technology systems. This is also our legitimate interest, which is why processing is permitted under Art. 6 Para. 1 Book f, GDPR. The legal basis for the processing of the data provided in the chat is also Art. 6 Para. 1 Books b and f, GDPR.
Further information can be found in the <a href="http://www.userlike.com/terms#privacy-policy">Data processing terms of Userlike</a> UG (haftungsbeschränkt).