Privacy Policy

1. General information

1.1. Data protection at a glance

General information
The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data by which you can be personally identified. For detailed information on the subject of data protection, please refer to our data protection declaration listed below this text.

Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find his contact details in the imprint of this website.

How do we collect your data?
On the one hand, your data is collected by you providing it to us. This can be, for example, data that you enter in a contact form.
Other data is collected automatically by our IT systems when you visit the website. This is mainly technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter our website.

Andere Daten werden automatisch beim Besuch der Website durch unsere IT-Systeme erfasst. Das sind vor allem technische Daten (z.B. Internetbrowser, Betriebssystem oder Uhrzeit des Seitenaufrufs). Die Erfassung dieser Daten erfolgt automatisch, sobald Sie unsere Website betreten.

What do we use your data for?
Part of the data is collected in order to ensure error-free provision of the website. Other data may be used to analyse your user behaviour.

What rights do you have regarding your data?You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to demand the correction, blocking or deletion of this data. You can contact us at any time at the address given in the imprint for this purpose and for further questions on the subject of data protection. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

In the following, you will find detailed information in accordance with the EU General Data Protection Regulation on the fulfilment of our information obligations.

1.2. Objective and responsibility

This privacy policy informs you about the nature, scope and purpose of the processing of personal data in relation to our website and related functions and content (hereinafter collectively referred to as the “Website”). Details of these processing activities can be found in section 2.

Details of data processing for the purposes of carrying out our business processes are described in section 3.

The provider of this website and responsible for data protection is Pecan Development GmbH, Bockenheimer Landstr. 72, 60323 Frankfurt am Main, Germany) – hereinafter referred to as “provider”, “we” or “us”.

Our website is provided by Host Europe GmbH (Postfach 92 02 54, 51152 Cologne, Germany); formerly Domainfactory. The server is located in France.

Questions regarding data protection can be directed to the email address info@pecan.de.

The term “user” includes all customers and visitors to our website.

1.3. Legal basis

We collect and process personal data based on the following legal bases:

  1. Consent pursuant to Article 6(1)(a) of the General Data Protection Regulation (GDPR). Consent is any voluntary, specific, informed and unambiguous expression of will in the form of a statement or other unambiguous affirmative act by which the data subject indicates his or her agreement to the processing of personal data relating to him or her.
  2. Necessity for the performance of a contract or the implementation of preparatory measures pursuant to Article 6(1)(b) of the GDPR, i.e. the data is necessary for us to be able to fulfil our contractual obligations towards you or we need the data to prepare for the conclusion of a contract with you.
  3. Processing for compliance with a legal obligation pursuant to Article 6(1)(c) of the GDPR, i.e. processing of the data is required by law or other regulations.
  4. Processing for the purposes of legitimate interests pursuant to Article 6(1)(f) GDPR, i.e. that the processing is necessary to protect legitimate interests on our part or on the part of third parties, unless such interests are overridden by the interests or fundamental rights and freedoms of you which require the protection of personal data.

1.4. Data subject rights

You have the following rights in relation to data processing by us:

  1. Right to lodge a complaint with a supervisory authority pursuant to Article 13(2)(d) GDPR and Article 14(2)(e) GDPR
  2. Right to information pursuant to Article 15 GDPR
  3. Right of rectification pursuant to Article 16 of the GDPR
  4. Right to erasure (“right to be forgotten”) pursuant to Article 17 GDPR
  5. Right to restriction of processing pursuant to Article 18 GDPR
  6. Right to data portability pursuant to Article 20 GDPR
  7. Right to object pursuant to Article 21 GDPR.

Note: Users may object to the processing of their personal data in accordance with the legal requirements at any time with effect for the future. The objection may in particular be made against processing for direct marketing purposes.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

1.5. Data erasure and storage period

The personal data of the data subject will be erased or blocked as soon as the purpose of the storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.

1.6. Security of processing

We have implemented appropriate and state-of-the-art technical and organisational security measures (TOMs). This means that the data we process is protected against accidental or intentional manipulation, loss, destruction and unauthorised access.

The security measures include in particular the encrypted transmission of data between your browser and our server.

1.7. Data transfer to third parties, subcontractors and third-party providers

Personal data is only transferred to third parties within the framework of legal requirements. We only pass on users’ data to third parties if this is necessary, for example, for billing purposes or for other purposes if the transfer is necessary to fulfil contractual obligations to users.

If we use subcontractors for our website, we have taken appropriate contractual precautions as well as corresponding technical and organisational measures vis-à-vis these companies.

If we use content, tools or other means from other companies (hereinafter collectively referred to as “third party providers”) and their named registered office is located in a third country, it is to be assumed that a transfer of data to the third party providers’ countries of domicile takes place. The transfer of personal data to third countries by us will only take place if there is an adequate level of data protection, user consent or other legal permission.

2. Processing within the framework of our website

2.1. Collection of information on the use of the website

When the website is used, information is automatically transmitted to us by the user’s browser; this includes the name of the website accessed, file, date and time of access, volume of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

The processing of this information is based on legitimate interests in accordance with Article 6 paragraph (1) lit. f GDPR (e.g. optimisation of our website) as well as to ensure the security of the processing in accordance with Article 5 paragraph (1) lit. f GDPR (e.g. for the defence and clarification of cyber attacks).

The information will be automatically deleted a maximum of 14 days after the end of the connection – i.e. use of the website – provided that there are no other retention periods.

The collection of data and the storage of data in log files is absolutely necessary for the provision of the website. Therefore, the user has no right to delete, object to or correct the data.

1.2. Contact form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you have provided there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.

The processing of the data entered in the contact form is therefore based exclusively on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time with effect for the future. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your enquiry). Mandatory legal provisions – in particular retention periods – remain unaffected.

1.3. Links to other websites

While using some of our services, you may be automatically redirected to other websites.

Please note that this data protection declaration is not valid there. The data protection declaration of the linked website may differ considerably from this one.

3. Processing for the purpose of carrying out our business processes

3.1. Personnel application

For reasons of better readability, the simultaneous use of masculine and feminine and various forms of language is dispensed with – within the framework of the following explanations. All references to persons apply to all genders: m/f/d.

3.1.1. Direct applications

We offer you the opportunity to apply to us (e.g. by e-mail or post). In the following, we inform you about the scope, purpose and use of your personal data collected during the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other legal provisions and that your data will be treated in strict confidence.

Scope and purpose of data collection
When you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG, German Data Protection Law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation) and – if you have given your consent – Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.

If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of § 26 BDSG and Art. 6 para. 1 lit. b GDPR for the purpose of implementing the employment

Storage period of the data
If we are unable to make you a job offer, if you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted for up to 6 months from the end of the application process (rejection or withdrawal of the application) on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR). The data will then be deleted and the physical application documents destroyed. This storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for further storage no longer applies.

Longer storage may also take place if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if legal storage obligations prevent deletion.

3.1.2. Inclusion in the applicant pool

If we do not make you a job offer, we may be able to include you in our applicant pool. In the event of inclusion, all documents and details from the application will be transferred to the applicant pool in order to contact you in the event of suitable vacancies.

The inclusion in the applicant pool is based exclusively on your express consent (Art. 6 para. 1 lit. a GDPR). The provision of consent is voluntary and is not related to the current application process. The person concerned can revoke his/her consent at any time. In this case, the data from the applicant pool will be irrevocably deleted, unless there are legal reasons for retention.

The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given.

3.2. Contacting us by email

When contacting us by e-mail, the data provided by the user will be processed exclusively for the purpose of handling the enquiry and its processing.

The data will only be used for other purposes on the basis of a separate consent by the user.

4. Cookie-Policy

4.1. General information

Cookies are pieces of information that are transferred from our web server or third party web servers to users’ web browsers and stored there for later retrieval. Cookies may be small files or other types of information storage.

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this website.

4.2. Cookie overview

Name: wp-wpml_current_language
Provider: pecan.de
Purpose: WordPress cookie to store the language selection.
Retention period: Until the end of the session

4.3. Objection options

The functional cookie used is used in order to be able to offer our website in different languages.

The legal basis is §25 Para. (2) No. 2 TTDSG (German Law on the Regulation of Data Protection and Privacy in Telecommunications and Telemedia). There are no objection options in this respect.

5. Changes to the data protection declaration

We reserve the right to change this data protection declaration with regard to data processing in order to adapt it to changed legal situations, to changes to the website or to data processing.

If the consent of the users is required or if parts of the data protection declaration contain regulations of the contractual relationship with the users, the changes will only be made with the consent of the users.

Users are requested to inform themselves regularly about the content of this data protection declaration.

Version: September 2022