TME – Transformation. Management. Experts.

Privacy Policy

Thank you very much for your interest in our company and for visiting our website. Below, you will see the individual segments of our Data Privacy Notice:

1. Name and Address of the Controller

TME Associates GmbH
Giselastr. 12 | 80802 München
+49 89 38 37 732-0

kontakt@tme-associates.com
www.tme-associates.com

2. Name and Address of the Data Protection Officer

The duties of the corporate data protection officer are performed by Dominik Mikulovic.

Herr Dominik Mikulovic
DATA Security GmbH

Bodenseestr. 12 | 83059 Kolbermoor
+49 8031 4696 931

info@data-security.one
www.data-security.one

3. Scope of Personal Data Processing

We process the personal data of data subjects only insofar as it is required to provide this website and for services as a company. We process personal data after having received the consent of the data subject or based on legal provisions that allow us to process such data.

If we provide links to websites of other organisations, this privacy policy does not apply to the processing of personal data by that organisation. We encourage you to read the privacy statements of other websites you visit.

4. Legal Basis for Personal Data Processing

Legal basis for the processing of personal data is Art. 6(1) point (b) of the GDPR of the EU. It is necessary for the performance of the contracts concluded with the data subject. That also applies to processing activities necessary for realising measures prior to entering into a contract.

If the processing is necessary to protect the vital interests of the data subject or of another natural person, Art. 6(1) point (d) of the GDPR serves as the legal basis for processing.

If the processing is necessary for the purposes of the interests pursued by our company or by a third party, we us Art. 6(1) point (f) of the GDPR as legal basis for the processing.

5. Erasure of Data and Retention Period

The data subject’s personal data will be erased or blocked once the purpose of storage ceases to apply. The data will also be blocked or erased once a retention period specified by the aforementioned standards expires, unless further retention of the data is required for the conclusion or performance of a contract.

6. Google (Web) Fonts (hosted locally)

We use Google Fonts on our website, i.e. fonts provided by Google Inc. (USA) or its representative office through Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland.

Google Fonts is also an important module in keeping the quality of our website high. All Google Fonts are automatically optimized for the web, which saves data volume, and the fonts are a great advantage especially for use on mobile devices. When you visit our site, the low file size ensures a fast loading time.

Google Fonts are also secure web fonts. Different image synthesis systems (rendering) in different browsers, operating systems and mobile devices can lead to errors. Such errors can sometimes visually distort texts or entire websites. Accordingly, we use Google Fonts to make our entire online presentation as beautiful and consistent as possible.

The use of Google Fonts does not require you to register or to enter a password. No cookies are stored in your browser either. The files (CSS, fonts) are exclusively requested locally via our own server, i.e. the fonts are not loaded via (external) requests to Google servers, as is usually the case. This ensures that user data is not forwarded to Google services, among others.

On our part, there is a legitimate interest in using Google Fonts to optimize our website. The corresponding legal basis for this is Article 6 (1) (f) DS-GVO (Legitimate Interest).

7. Use of Cookies

Our website uses cookies, whereby we automatically record the following data and information from the system of the respective user each time our website is accessed:

(1) Information about the browser type/version
(2) The user's operating system
(3) The Internet provider of the user
(4) The IP address of the user
(5) Date and time of access
(6) Internet pages from which the user's system accesses our website
(7) Internet pages that are called up by the user's system via our website

The collected data and information will only be used for internal and purpose-related purposes and will not be passed on to third parties under any circumstances.

Cookies are small data packages that are stored on the user's computer system during a visit to our website. The characteristic string of a cookie enables the browser to be uniquely identified when the website is called up again and facilitates the search sequence as well as security for the user when surfing.

The legal basis on which we rely for the processing of personal data using cookies is Article 6(1)(f) of the DS-GVO (Legitimate Interest).

We process only technically necessary cookies for the purpose of simplifying the use of our website for users or visitors and because some functions of our website cannot be offered without the use of cookies. For these functions, it is necessary that the user's browser is recognized even after a web page change. The duration of the storage of our technically necessary session cookies is usually a maximum of 20 minutes.

Cookies are stored on the user's computer and transmitted from there to our website. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website completely.

8. Use of the XING Share Button

Our website uses a service of XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany: it uses the “XING Share Button”.

When you visit this website, your browser will establish a short-term connection with the servers of XING AG (“XING”), with which the functions of the “XING Share Button” are provided (particularly the calculation/display of the counted value). XING will not save any of your personal data when you visit this website. In particular, XING will not save any IP addresses. Furthermore, no evaluation of your user behaviour through the use of cookies will take place in connection with the “XING Share Button”.

The currently valid data protection information regarding the “XING Share Button”, as well as further information, are available at the following website: https://www.xing.com/app/share?op=data_protection

9. Use of the LinkedIn Share Button

Our website uses features of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you access one of our pages that contains LinkedIn features, a connection is established to LinkedIn servers. LinkedIn will be notified that you have visited our web pages with your IP address. If you click the LinkedIn "recommend" button and are logged into your LinkedIn account, LinkedIn will be able to matche your visit to our site with you and your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn.

Further information on this can be found in LinkedIn's data protection declaration at: https://www.linkedin.com/legal/privacy-policy

10. Data protection in applications and in the application process

a) Description, categories and scope of data processing

We process data associated with your job application. These might be general data on your person (such as e.g. name, address and contact data), information on your professional qualification and education or information on your advanced professional training or other information that you transfer in connection with your application. Such processing can also be made electronically e.g. by e-mail or contact form on our website. If a user takes the opportunity to contact us via our contact form, the data entered in the input mask is transmitted to us and stored. CAPTCHA is used to protect against various abuses and manipulations during data entry.
At the time of sending the message the following data is also stored: The IP address of the user, date and time of registration. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.

In addition, we may also process any professional information that you have made available publicly, such as e.g. your profile in professional social media networks.

b) Legal basis and purpose of the data processing

We process these personal data for the purpose of your application with regard to an employment relationship with us to the extent this is required for the decision on the establishment of such employment with us. Legal basis is Sec. 26(1) in conjunction with (8) sentence 2 of the BDSG [German Federal Data Protection Act].

Furthermore, we are entitled to process your personal data if this is required for the defence against legal claims asserted against us arising from the application procedure. Legal basis shall be Article 6(1) point (f) of the GDPR and the legitimate interest is, for example, the burden of proof in proceedings according to the Allgemeines Gleichbehandlungsgesetz (AGG) [German General Equal Treatment Act].

Should an employment relationship between you and us be established, then we will be entitled to further process the personal data already obtained from you in accordance with Sec. 26(1) of the BSDG for the purposes of the employment relationship if this is required for the implementation or termination of the employment relationship or the execution or fulfilment of the rights and obligations of the representation of interests of the employees resulting from a law or collective agreement, a company or work agreement (collective agreement).

c) Retention period

We store your personal data for as long as this is required for the decision on your application. Should an employment contract not be concluded between you and us, then we may still store your data if this might be required in order to defend against any future rights. However, your application documents will be deleted six months after the announcement of the decision on refusal, unless a longer storage period is required for the defence in any legal disputes.

11. Rights of Data Subjects

a. Right of access

You can request a confirmation from the controller whether we process personal data relating to you.

If such processing takes place, you can request the controller to provide you with the following information:

(1) the purposes of personal data processing;

(2) the categories of personal data concerned;

(3) the recipients or categories of recipients to which the personal data relating to you have been or are to be disclosed;

(4) the envisaged period for which the personal data concerning you will be stored, or, if not possible, the criteria used to determine that period;

(5) the existence of the right to request from the controller rectification or erasure of personal data or a right to restriction of processing of personal data concerning you by the controller or to object to such processing;

(6) the right to lodge a complaint with a supervisory authority;

(7) where the personal data is not collected from the data subject, any available information as to its origin;

(8) the existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4) of the GDPR and - at least in those cases - meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to obtain access to information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you have the right to be informed of the appropriate safeguards pursuant to Art. 46 of the GDPR relating to the transfer.

b. Right to rectification

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data related to you is incorrect or incomplete. The controller must perform rectification immediately.

c. Right to restriction of processing

You have the right to obtain restriction of processing of the personal data concerning you where one of the following applies:

(1) if you contest the accuracy of the personal data relating to you for a period that enables the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;

(3) if the controller no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or

(4) if you have objected to processing pursuant to Art. 21(1) of the GDPR, pending the verification whether the legitimate grounds of the controller override your legitimate grounds.

Where processing of the personal data concerning you has been restricted, such data may, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

Where processing has been restricted pursuant to the aforementioned conditions, you will be notified by the controller before the restriction is lifted.

d. Right to erasure

a) Erasure obligation

You may demand the controller to erase your personal data without undue delay and the controller is obliged to erase such data without undue delay where one of the following grounds applies:

(1) the personal data concerning you is no longer necessary in relation to the purposes for which it was collected or otherwise processed;

(2) you withdraw your consent on which the processing is based according to Art. 6(1) point (a) or of Art. 9(2) point (a) of the GDPR, and where there is no other legal ground for the processing;

(3) you object to the processing pursuant to Art. 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) of the GDPR;

(4) the personal data concerning you has been unlawfully processed;

(5) your personal data have to be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject;

(6) the personal data concerning you has been collected in relation to the offer of information society services referred to in Art. 8(1) of the GDPR.

b) Information to Third Parties

Where the Controller has made your personal data public and is obliged pursuant to Art. 17(1) of the GDPR to erase them, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copies or replications of those personal data.

c) Exemptions

The right to erasure does not apply to the extent that processing is necessary

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health in accordance with Art. 9(2) points (h) and (i) as well as Art. 9(3) of the GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) of the GDPR insofar as the right referred to in point (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or

(5) for the establishment, exercise or defence of legal claims.

e. Right to Information

If you have exercised the right to rectification, erasure or restriction of processing vis-à-vis the controller, the latter is obliged to notify all recipients, to whom your personal data have been disclosed, of such rectification or erasure of the data or restriction of processing, unless this proves to be impossible or produces disproportionate burdens.

You have the right vis-à-vis the controller to be informed of such recipients.

f. Right to data portability

You have the right to receive any personal data related to you that has been provided by you to the controller in a structured, commonly used and machine-readable format. Moreover, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data has been provided, where

(1) the processing is based on consent pursuant to Art. 6(1) point (a) of the GDPR or Art. 9(2) point (a) of the GDPR or on a contract pursuant to Art. 6(1) point (b) of the GDPR; and

(2) the processing is carried out by automated means.

In exercising such right, you further have the right to have the personal data concerning you transmitted directly from one controller to another controller, where technically feasible. This must not adversely affect the rights and freedoms of other persons.

The right to data portability does not apply to any personal data processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

g. Right to object

You have the right to object, on grounds relating to your particular situation, at any time, to any processing of your personal data which is based on Art. 6(1) point (e) or (f) of the GDPR, including profiling based on those provisions.

The controller no longer processes your personal data, unless the controller demonstrates compelling legitimate grounds for processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to any processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.

In the context of the use of information society services - and notwithstanding Directive 2002/58/EC - you may exercise your right to object by automated means using technical specifications.

g. Right to withdraw the consent given under data protection laws

You have the right to withdraw your declaration of consent under data protection laws at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

i. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged informs the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy according to Art.

Competent supervisory authority in Bavaria: https://www.lda.bayern.de/de/index.html

12. Information for data subjects pursuant to Art. 13 and Art. 14 EU-DSGVO

Name and Address of the Controller

TME Associates GmbH

Giselastr. 12 | 80802 München

+49 89 38 37 732-0

kontakt@tme-associates.com

www.tme-associates.com

Name and Address of the Data Protection Officer

The duties of the corporate data protection officer are performed by Dominik Mikulovic.

Herr Dominik Mikulovic

DATA Security GmbH

Bodenseestr. 12 | 83059 Kolbermoor

+49 8031 4696 931

info@data-security.one

www.data-security.one

a) Purposes and legal bases of processing

Customers:

Your data will be collected in order to establish, execute and, if necessary, terminate the contractual relationship.

The data is processed on the basis of:

  1. Consent of the data subjects for one or more of the above purposes (Art. 6 para. 1 a DS-GVO).
  2. Processing required to carry out pre-contractual measures at the request of the data subject (Art. 6 para. 1 b DS-GVO).
  3. Performance of the contract where the data subject is party to the contract (Art. 6 para. 1 b DS-GVO).
  4. Legal obligation to which the person responsible is subject (Art. 6 para. 1 c DS-GVO).
  5. Protection of vital interests of the persons concerned or other persons (Art. 6 para. 1 d DS-GVO).
  6. Safeguarding the legitimate interests of the data controller or of a third party, whereby the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, do not prevail (Art. 6 para. 1 f DS Block Exemption Regulation does not apply to processing carried out by authorities in the performance of their duties).

 

Applicants:

Your data will be collected and processed for the purpose of establishing, carrying out and terminating the employment relationship.

The data will be processed on the basis of:

  1. 26 BDSG (Establishment, implementation and termination of employment);
  2. Art. 6 Para. 1 S. 1 lit. c) DSGVO in connection with § 257 HGB, § 147 AO, § 16 Abs. 2 ArbZG, § 41 Abs. 1 Satz 9 EstG, § 28f Abs. 1 S. 1 und 2 SGB IV (storage regulations) and
  3. Art. 6 para. 1 S: 1 lit. f) DSGVO (defence against AGG claims)

 b) Categories of personal data to be processed

We process the following personal data:

Customers:

(1) general data

(2) contact details

(3) identification data

(4) communication data

(5) data required for the appropriate execution of the business relationship

Applicants:

(1) general data

(2) contact details

(3) identification data

(4) communication data

(5) the data necessary for the proper performance of the industrial relation/employee relationship

 

 c) Recipients or categories of recipients of the personal data

Personal data will be transmitted to:

(1) service provider according to Art. 28 DSGVO

(2) authorities

(3) institutions

(4) tax consultant

(5) banks

 

d) Transfer to third States or international organisations

Data will only be transferred to third countries (countries outside the European Economic Area - EEA) or international organisations if this is necessary for the execution of the relationship or if you have given us your consent or if this is otherwise legally permissible. In this case, we will take measures and only transfer data to recipients who ensure the protection of your data in accordance with the provisions of the DSGVO for transfer to third countries (Art. 44 to 49 DSGVO), in particular standard contractual clauses, corporate binding rules, adequacy decision of the European Commission.

US companies (at any global location) are obliged to hand over personal data to security authorities without you, as the responsible person or data subject, being able to take legal action against this. Therefore, it cannot be ruled out that, among others, US authorities (in particular intelligence agencies) process, evaluate and permanently store this data for monitoring purposes. We have no influence on these processing activities and storage practices.

e) Duration of storage of personal data

After collection, your data will be stored by us for as long as is necessary in compliance with the statutory retention periods in accordance with § 257 HGB, § 147 AO, § 16 Abs. 2 ArbZG, § 41 Abs. 1 Satz 9 EstG, § 28f Abs. 1 S. 1 und 2 SGB IV.

 

f) Affected party rights

According to the basic EU data protection regulation, you have the following rights:

  1. If your personal data are processed, you have the right to obtain information about the data stored about your person (Art. 15 DSGVO).

  2. Should incorrect personal data be processed, you have the right to correction (Art. 16 DSGVO).

  3. If the legal requirements are met, you can request the deletion or restriction of the processing and lodge an objection against the processing (Art. 17, 18 and 21 DSGVO).

  4. If you have consented to data processing or a data processing agreement exists and data processing is carried out using automated procedures, you may be entitled to data transferability (Art. 20 DSGVO).

  5. If you make use of the rights mentioned above, we will check whether the legal requirements for this have been met.

  6. To exercise your rights, please contact our data protection officer. Contact details are listed under point 2.

  7.  If you have any complaints regarding data protection, you can contact the responsible supervisory authority.

 

Please see:

https://www.lda.bayern.de/de/index.html