Data protection

1. Name and address of the controller

Controller for the purposes of the General Data Protection Regulation (GDPR) and the Bundesdatenschutzgesetzes neu (BDSG neu) and other laws with data protection determinations is:

CeH4 technologies GmbH
Celler Str. 5A | 29229 Celle | Germany
Phone: +49 5141 933 48 0

2. Contact to the Data Protection Officer

Data Protection Officer of the CeH4 technologies GmbH, Mr. Thies
Phone: +49 5141 933 48 0

3. Collection of general data

This Internet site collects with every call a series of general data and information which are may be stored in the log files of the server. Collected could be the used browsers and versions, the operating system, the Internet site from which an accessing system reaches our website, date and time of the access, the IP address and the provider of the accessing person. By using these general data and information, the CeH4 technologies GmbH does not draw any conclusions to the person / user. This information is needed to deliver the content of our website correctly, and to provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. The data from the server log files are stored separately from all personal data provided by a data subject.

4. Data protection during contacts via website contact-field, e-mail or phone

The controller or controller responsible collects and processes the personal data of contact-searching for the purpose of the handling up the contact-searching. In addition to under 3) named data, may be the name, e-mail, phone number and other data given by you are collected if necessary. This happens only for the period which is necessary for reaching the storage purpose or provided that this is planned by the European legislation or other laws / regulations. If the storage purpose is cancelled or tramps the prescribed memory term, the personal data will be closed or deleted.

5. Data protection during job application / application for employment

The controller or controller responsible collects and processes the personal data of applicants for the purpose of the processing the application procedure. The processing may also be carried out electronically. This is the case, if an applicant submits corresponding application documents by e-mail to the CeH4 technologies GmbH. If the CeH4 technologies GmbH concludes an employment contract with an applicant, the submitted data will be collected and processed for the purpose of processing the employment relationship in compliance with legal requirements. If no employment contract is concluded with the applicant, the application documents shall be erased, provided that no other legitimate interests are opposed to the erasure. A legitimate interest is for example a burden of proof in a procedure under the General Equal Treatment Act (AGG – Allgemeinen Gleichbehandlungsgesetz).

6. General information on the processing of personal data

Article 6 in Chapter 2 of the GDPR serves as the legal basis for the lawful processing of personal data. The provision of personal data is partly required by law (e. g. tax regulations) or may also result from general contractual provisions (e. g. information on the contractual partner). Affected persons are obliged to provide us with personal data if CeH4 technologies GmbH concludes a contract with them in which the provision is necessary. Failure to provide the data would result in the contract not being concluded. The criterion for the storage duration of personal data is the respective legal retention period. After expiry of this period and if the data are no longer required for the fulfilment of the contract, they will be deleted in accordance with data protection regulations.

The data subject has the following rights according to the articles in chapter 3 of the GDPR:

-Right of confirmation of processing personal data
-Right of access of processing personal data
-Right of correction of processing personal data
-Right of restriction of processing personal data for example by illegal collection
-Right to erasure incorrect personal data for example by illegal collection
-Right to portability / access own personal data
-Right to individual decision-making of processing personal data
-Right of objection to the processing / data protection consent of personal data

7. General definitions used in the GDPR

This data protection declaration contains terms that are defined and determined by the legislator in Article 4 of Chapter 1 of the GDPR. In order to make this data protection declaration easier and more understandable to read, some terms are explained in the following.

„Personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

“Health Data” personal data that relates to the physical or mental health of an individual, including the provision of healthcare, and that provides information about their health.