If you feel something is missing don’t hesitate to Email us.
Reviewing Our Privacy Statement
We review this Privacy Statement regularly. Occasionally we may need to make changes or additions to this Statement that may affect how we handle your data. We will indicate on this page when the Privacy Statement has changed so please refer to this site for the latest version.
Data Protection Officer
You can contact the data protection officer appointed by the operator directly via email@example.com .
Plunet GmbH is the controller for the processing of personal data as defined by the General Data Protection Regulation and other applicable data protection laws. Plunet GmbH is represented by its managing director and is located at Marktplatz 24, 97070 Würzburg, Germany. Contact information: Phone +49 (0)931 321 12 20, Fax +49 (0)931 321 12 22, firstname.lastname@example.org.
Data protection officer
You can directly contact the data protection officer appointed by the operator via email@example.com.
The websites of our company use Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses “cookies”, text files that are stored on your computer and enable an analysis of how you use the website. The company providing the service in the European Economic Area and Switzerland is Google Ireland Limited, a company registered and operated under Irish law, with its registered office at Gordon House, Barrow Street, Dublin 4. Google will use this information to evaluate your usage of the website, in order to compile reports on website activity for the website operators and to provide other services relating to website usage and internet usage. Google will also pass on this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.
The information generated by the cookie about your usage of our websites may be sent to Google servers located in the United States or Google may obtain access to data from the United States. We have activated IP anonymization on our websites (“anonymizeIP”), which means that your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. In exceptional cases, the full IP address will be sent to a Google server and shortened there. Google USA uses standard data protection clauses pursuant to Art. 46 para 2 (c) and (d) of the GDPR. Google Analytics and Google Analytics 360 are certified according to ISO 27001. You can prevent cookies from being stored via the relevant setting in your browser software; however, we must point out that this setting may prevent you from utilizing the full scope of functionalities on our website. Furthermore, you can prevent the data created by the cookie regarding your use of the website (including your IP address) from being collected and processed by Google. To do this, download and install the browser plugin that is available via the following link.
We use Google Ads Conversion Tracking and Remarketing on our website to record its usage and optimize our services. Google places a Cookie on your computer if you accessed our website via a Google advertisement. The data generated by the Cookie is transferred to a Google server in the USA and stored there. We have entered into a contract with Google to ensure data protection in line with GDPR. You can withdraw your consent at any time using the Cookie Management Tool. For more information, please see Google’s data protection instructions on Conversion Tracking.
Objection to data collection
Understanding Cookies Used on Our Website
A Comprehensive List of our Cookies
Use of Personal Information
In some cases, Plunet GmbH may utilize the personal information of users for the purpose of analyzing general usage patterns on its websites, for contacting the user to clarify ambiguous information, for the processing of customer support queries or for marketing purposes. Personal information in this context are name (company affiliation, if applicable), address, phone number and email address.
Login via Google account:
When you log into Google, a token is generated and transmitted to Plunet BusinessManager. This token allows Plunet BusinessManager to acces your identity data and email account to automatically receive and send emails. You can revoke this permission at any time in your Google account. Please contact your account administrator.
Login via Microsoft account:
When you log into Microsoft, a token is generated and transmitted to Plunet BusinessManager. This token allows Plunet BusinessManager to acces your identity data and email account to automatically receive and send emails. You can revoke this permission at any time in you Microsoft account. Please contact your account administrator.
Links to websites of third-party providers
We may also provide social media features that enable you to share information with your social networks and to interact with Plunet on various social media sites. Your use of these features may result in the collection or sharing of information about you, depending on the feature. We encourage you to review the privacy policies and settings on the social media sites with which you interact to make sure you understand the information that may be collected, used, and shared by those sites.
The Plunet GmbH homepage uses SSL encryption for security reasons and in order to safeguard the transmission of confidential information, e.g. the requests you send to us as the website operator. An encrypted connection is established when the address line in your browser switches from “http://” to “https://” and a lock icon is displayed in the address line. Data transmitted to us cannot be accessed by third parties when SSL encryption is activated.
When you visit our Websites we may send a ‘cookie’ to your computer. Cookies are files that store information on your hard drive or browser. They enable our Websites to identify your computer, and recognise that you have visited before. Cookies themselves do not contain any personal information. However, we may link the information we store in cookies to any personally identifiable information you submit while on our site. This three types of cookies are used on this website:
Presence in social networks (social media)
Plunet GmbH has an online presence within social networks and processes user data in this context, in order to communicate with active users and provide them with information about us.
We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could be more difficult to assert users’ rights.
Furthermore, user data is usually processed within social networks for market research and advertising purposes. For example, usage profiles may be created based on usage behavior and the resulting interests of the users. Usage profiles may in turn be used, for example, to place advertisements within and outside of the networks that are presumed to correspond to the users’ interests. Cookies are usually stored on the users’ computers for this purpose. The usage behavior and interests of the users are stored in the cookies. In addition, data may be stored in the usage profiles independently of the devices used by the users (particularly if the users are members of the respective platforms and logged in).
For a detailed representation of the respective forms of processing and the opt-out options, please refer to the privacy policies and information provided by the respective network.
In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information.
Further guidance on processing operations, procedures and services:
Privacy statement for the usage of Facebook plugins
These webpages use plugins from the social network facebook.com, which is operated by Meta Platforms Ireland Ltd. 4 Grand Canal Square Grand Canal Harbour, Dublin 2 Ireland (“Facebook”). If you visit any of the webpages on our website that have this plugin, a connection to the Facebook servers will be established and the plugin will be displayed on the webpage by means of a message to your browser. This sends information to the Facebook server about which of our webpages you have visited. If you are logged in as a Facebook user, Facebook will connect this information to your personal Facebook user account. When you use the plugin functions (e.g. clicking the “Like” button, posting a comment), this information will also be associated with your Facebook account. You can only prevent this by logging out before using the plugin. If you do not want Facebook to associate the collected information with your Facebook profile, you must either log out before visiting our website or use a “Facebook blocker” to block the Facebook plugins from loading.
Further information about the collection and usage of data by Facebook, your rights in this regard, and options for protecting your privacy, please refer to Facebook’s data policy: https://www.facebook.com/policy.php
Privacy statement for the usage of XING
This website uses features of the network XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time you open our website, which contains features from XING, a connection is established with the XING servers. As far as we know, personal data are not retained in the process. In particular, no IP addresses are saved and no usage behavior is evaluated. Further information about privacy and the XING “Share” button can be found in XING’s data protection guidelines: https://www.xing.com/app/share?op=data_protection
Privacy statement for the usage of Instagram
Privacy statement for the usage of YouTube
We embed Youtube videos on some of our websites. The company providing the service on de.youtube.com in the European Economic Area and Switzerland is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). The videos are embedded in “privacy enhanced mode”. This means that a connection between your browser and a server of the operator in the USA will only be established when you play the videos. The following information about your visit and your IP address will be stored there: Date and time of access, IP address of the device or server, query details and target address, page accessed, information about the browser type and the version being used, the operating system of the user.
The data will be transferred regardless of whether you have a user account with Youtube or Google. If you have a user account and are logged into Youtube or Google, your data will be directly associated with your account. To prevent this, you will need to log out before activating the button. Google stores your data as a user profile. You have the right to object to this, which you must assert when contacting Google. Data protection and data security: See the information on Google Maps. The user must give their consent to the processing of personal data used in this context before playing the Youtube video. A reference to this data protection information is also displayed in this context.
Newsletter subscription / Registration for events
Users of the Plunet GmbH website are given the option to subscribe to the newsletter published by our company. The type of personal data sent to the controller as part of your newsletter subscription request depends on the data entered in the relevant input fields. If you register for an event organized by Plunet GmbH, you can see which personal data will be saved in the input fields. This is usually data such as name, address, and company. The collection of this data is necessary to process the invitation and organization of the event.
Plunet GmbH uses the newsletter to periodically inform its customers and business partners about services provided by the company. In general, our company newsletter can only be received by the data subject if (1) the data subject has a valid email address and (2) the data subject has registered to receive the newsletter. When a data subject subscribes to the newsletter for the first time, a subscription confirmation email will be sent to email address provided by a data subject for legal reasons to provide a double opt-in. This confirmation email serves as verification that the holder of the email address provided as a data subject has authorized the newsletter subscription. This also applies accordingly when the data subject registers for an event.
As part of the newsletter or event registration process, we furthermore store the IP address assigned by the Internet service provider (ISP) to the computer system used by the data subject at the time of registration, as well as the date and time of registration. The collection of these data is necessary in order to trace any (potential) misuse of a data subject’s email address at a later time and therefore serves as a legal safeguard for the controller.
The personal data collected during the process of registering for the newsletter or event will be exclusively used for sending the newsletter / organizing the event. Furthermore, newsletter subscribers may be informed by email, if this is necessary for the operation of the newsletter service or a related registration, as may be the case if there are any changes to the newsletter service or to the technical conditions.
The personal data collected within the scope of a newsletter service or event registration will not be disclosed to third parties. The data subject can terminate the newsletter subscription at any time. Consent to store the data subject’s personal data for the newsletter service can be revoked at any time.
Each newsletter contains a corresponding link for the purpose of revoking consent. Subscribers can furthermore inform the controller of their decision to unsubscribe by other means (e.g. via email).
Contact options via the website
Due to statutory requirements, the Internet presence of Plunet GmbH contains information to allow quick electronic contact with our company as well as direct communication with us, which includes a general address for “electronic mail” (email address). To the extent that a data subject contacts the controller via email or a contact form, any personal data provided by the data subject will be stored automatically. Such personal data voluntarily transmitted by the data subject to the controller will be stored for the purpose of processing or contacting the relevant data subject. The personal data will not be disclosed to third parties.
Routine deletion and blocking of personal data
The data subject’s personal data will be processed and stored by the controller only for the length of time required to fulfill the purpose of its storage or to the extent that this is required by EU directives and regulations or other statutory provisions applicable to the controller.
Personal data is routinely blocked or deleted according to statutory provisions as soon as the reason for storage of such information is no longer applicable or the retention period prescribed by EU directives and regulations or other applicable statutory provisions has expired.
Legal basis for processing
Article 6, paragraph 1, point a GDPR is the legal basis for processing operations at Plunet GmbH for which we request consent for specific purposes. Where the processing of personal data is necessary for the performance of a contract in which the data subject is a contractual party, e.g. for processing operations required for the delivery of goods or the provision of other services or return services, then the processing shall be based on Article 6, paragraph 1, point b GDPR. The same shall apply for processing operations necessary in order to take steps prior to entering into a contract, e.g. for requests regarding our products or services.
Where our company is subject to a legal obligation requiring the processing of personal data, e.g. the fulfillment of tax obligations, then such processing shall be based on Article 6, paragraph 1, point c GDPR. In rare instances, the processing of personal data may become necessary for the protection of vital interests of the data subject or of another natural person. In such cases, the processing would be based on Article 6, paragraph 1, point d GDPR. Finally, processing operations may also be based on Article 6, paragraph 1, point f GDPR. This legal basis provides for processing operations not covered by any of the above if processing is necessary for the purposes of the legitimate interests pursued by Plunet GmbH or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. These processing operations are permitted in particular because they are mentioned specifically by the EU legislator. In its opinion, a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47, sentence 2 GDPR).
Rights of the data subject
Right to confirmation
The European legislative and regulatory body grants each data subject the right to obtain confirmation from the controller as to whether or not personal data concerning him or her are being processed. Where a data subject wishes to execute this confirmation right, he or she can contact an employee of the controller at any time.
Right of access
The European legislative and regulatory body grants any data subject affected by the processing of personal data the right to request at any time information about and a copy of the scope of personal data stored about his or her person free of charge from the controller. The European legislative and regulatory body furthermore grants the data subject the right to request the following information:
Furthermore, the data subject shall have the right to be informed about whether personal data have been transferred to a third country or to an international organization. To the extent that this is the case, the data subject furthermore has the right to be informed of the appropriate safeguards relating to the transfer.
Where a data subject wishes to execute this right of access, he or she can contact our data protection officer or another employee of the controller at any time.
Right to rectification
The European legislative and regulatory body grants any data subject affected by the processing of personal data the right to obtain without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject furthermore has the right to have incomplete personal data completed, including by means of providing a supplementary statement. Where a data subject wishes to execute this right to rectification, he or she can contact an employee of the controller at any time.
Right to erasure (‘right to be forgotten’)
The European legislative and regulatory body grants any data subject affected by the processing of personal data to obtain from the controller the erasure of personal data concerning him or her without undue delay, where one of the following grounds applies and to the extent that processing is not necessary:
Where one of the reasons listed above is applicable and a data subject wishes to arrange a deletion of his or her personal data stored by Plunet GmbH, he or she can contact an employee of the controller at any time.
Where Plunet GmbH has made the personal data public and our company is obliged as a controller pursuant to Article 17 (1) GDPR to erase the personal data, Plunet GmbH, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers which are processing the published personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data, provided their processing is not required.
Right to restriction of processing
The European legislative and regulatory body grants any data subject affected by the processing of personal data the right to request from the controller the restriction of processing where one of the following applies:
Where one of the conditions listed above is applicable and a data subject wishes to demand a restriction of the use of his or her personal data stored by Plunet GmbH, he or she can contact an employee of the controller at any time.
Right to data portability
The European legislative and regulatory body grants any data subject affected by the processing of personal data the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. The individual furthermore has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6 (1) GDPR or point (a) of Article 9 (2) GDPR or on a contract pursuant to point (b) of Article 6 (1), and the processing is carried out by automated means, unless processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising his or her right to data portability pursuant to Article 20 (1) GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and to the extent that this does not adversely affect the rights and freedoms of others.
The data subject can contact an employee of Plunet GmbH at any time in order to exercise the right to data portability.
Right to object
The European legislative and regulatory body grants any data subject affected by the processing of personal information the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6 (1) GDPR, including profiling based on those provisions.
In case of an objection, Plunet GmbH shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Where Plunet GmbH processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject submits his or her objection to Plunet GmbH regarding the processing for direct marketing purposes, Plunet GmbH shall no longer process these personal data for such purposes.
Where personal data are processed at Plunet GmbH for scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) GDPR, the data subject, on grounds relating to his or her particular situation, shall furthermore have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
The data subject can directly contact an employee of Plunet GmbH at any time in order to execute the right to object. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may furthermore exercise his or her right to object by automated means using technical specifications.
Automated individual decision-making, including profiling
The European legislative and regulatory body grants every data subject affected by the processing of personal data the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her unless the decision (1) is necessary for entering into, or performance of, a contract between the data subject and a data controller; or (2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or (3) is based on the data subject’s explicit consent.
Where the decision (1) is necessary for entering into, or performance of, a contract between the data subject and a data controller, or (2) where the decision is based on the data subject’s explicit consent, Plunet GmbH shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
Where a data subject wishes to execute his or her rights regarding automated decisions, he or she can contact our data protection officer or another employee of the controller at any time.
Right to withdraw a data protection consent
The European legislative and regulatory body grants any data subject affected by the processing of personal data the right to withdraw his or her consent to process personal data at any time. Where the data subject wishes to execute his or her right to withdraw this consent, he or she can contact our data protection officer or another employee of the controller at any time.
Privacy statement of the company Plunet GmbH regarding job applications
We are pleased that you are applying for a job with us. In this document we will explain how we process your personal data during the application process and provide further information that is relevant in this context.
Who is responsible for processing your personal data?
The company Plunet GmbH Marktplatz 24, 97070 Würzburg (hereinafter known as “we”) is the Controller as defined in the EU General Data Protection Regulation (GDPR).
Data Protection Officer
For all questions regarding the processing of your personal data and exercising your rights according to the GPDR, please contact our Data Protection Officer at +49 (0)931 32112 15 / firstname.lastname@example.org.
For which purposes and in which legal situation do we process personal data?
We process personal data concerning you for the purpose of your application for employment, insofar as this is required for the decision about the justification of an employment contract with us. Applicant data is processed in order to comply with our (pre-)contractual obligations during the application process as defined in article 6, para. 1, letter b GDPR and article 6, para. 1, letter f GDPR, provided that data processing is necessary for us, e.g. in the context of a legal process (in Germany, § 26 BDSG (German federal data protection act) also applies).
Furthermore, we may process personal data concerning you, provided it is required in order to defend against any applicable legal claims against us that arise from the application process. The legal basis for this is article 6, para. 1, letter f of the GDPR, the legitimate interest is, for example, a burden of proof in a legal procedure under the General Act on Equal Treatment (Allgemeinen Gleichbehandlungsgesetz, AGG).
In the event that an employment contract is concluded between you and us, we may further process the personal data that we have already obtained from you for purposes of employment in accordance with article 26, para. 1 BDSG. This will occur if it is necessary for the fulfillment or termination of the employment contract, or to exercise or comply with the rights and obligations of representing the interests of employees that result from a law or wage agreement, company agreement or service agreement (collective agreement).
Which categories of personal data do we process?
We process the data that are associated with your application. These are general data related to your person (such as name, address, and contact details), information on your professional qualifications and education or information on professional training, or other information that you send us with your application. Furthermore, we may process any professional information that you have made public, such as a profile on professional social media networks. If special categories of personal data as defined in article 9, para. 1 GDPR data are voluntarily provided during the application process, they shall also be processed according to article 9, para. 2, letter b GDPR (for example, data concerning health, e.g. severely disabled status, or ethnic origin). In the event that special categories of personal data as defined article 9, para. 1 GDPR are requested from applicants during the application process, they shall also be processed according to article 9, para. 2, letter b GDPR (e.g. data concerning health, if this is required for professional activity).
What are the sources of personal data if we do not collect them from you?
If we do not directly receive data from you, but you have an active profile on Xing, LinkedIn, and other professional social media networks, or you disclose an inactive or partially active profile to us during the application process, we may also collect data about it.
Social media networks: Xing, LinkedIn
Job adverts are shared in the following social media networks: Xing, LinkedIn, Stepstone, Facebook, Instagram
Which categories of data recipients are there?
We may share your personal data with companies that are connected to us, provided this is permitted according to the purposes and legal basis described in para. 3. Furthermore, personal data shall be processed on our behalf based on contracts according to article 28 GDPR, particularly via host providers or providers of applicant management systems.
The recipients of your application documents are:
Stefan Dümig – Managing Director
Paulina Puluj – HR
In addition, in the subsequent process we will involve the departments for the positions to be filled in the evaluation of the knowledge we have gained from the application documents. In this way, the specialists shall gain an insight into your professional qualifications, education or information on professional training.
Furthermore, personnel-related processes shall be carried out for the company EDVK Software+Support GmbH & Co. KG (Marktplatz 24, 97070 Würzburg) as subcontractor. If you are applying to EDVK Software+Support GmbH & Co. KG, you explicitly agree that your personal data may be processed and stored by the abovementioned recipients during the application process.
We process your application using HRworks in particular, which means that HRworks GmbH (https://www.hrworks.de/unternehmen/datenschutz/) is also a recipient on our behalf. HRworks has signed a contract with us to ensure compliance with the regulations of the GDPR and BDSG.
Do we intend to transfer data to a third party country?
We do not intend to transfer data to a third party country.
How long will your data be stored?
We store your personal data as long as it is required in order to make a decision about your application. In the event that an employment contract is not concluded between you and us, we may still store your data provided this is necessary to defend against potential legal claims. The application documents shall be stored for six months after the rejection is communicated to the applicant, unless a longer period of storage is required due to legal disputes. Invoices for any travel cost reimbursements shall be archived in accordance with the tax regulations. Applicant data will also be deleted if an application is withdrawn, which you are entitled to at any time.
What rights do you have?
As an applicant, you have the following data protection rights depending on the individual situation. You can contact us or our Data Protection Officer about exercising these rights at any time via the contact information above.
Right to access
You have the right to receive information about which personal data are processed by us as well as request access to your personal data and/or copies of these data. This includes information about the purpose of usage, the category of the data being used, the recipient and accessor of the data, and, if possible, the planned period of data storage, or, if this is not possible, the criteria for how this period is defined.
Rectification, erasure or restriction of processing
You have the right to request the immediate rectification of any incorrect personal data that concerns you. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.
Right to object
If the personal data concerning you is processed due to article 6, para. 1, letter f GDPR, you have the right to object to the processing of the data at any time for reasons resulting from your specific situation. As a result, we shall no longer process these personal data, unless we can prove that there are urgent reasons for processing, due to which the data cannot be deleted, which outweigh your interests, rights, and freedoms, or the processing is required to assert, exercise or defend legal claims.
Right of revocation
If the processing is based on consent, then you have the right to revoke your consent at any time. This will not affect the legality of the processing that was already carried out based on consent before your consent was revoked. To this end, you can contact us or our Data Protection Officer using the contact information above.
Right to erasure
You have the right to request that we immediately delete the personal data concerning you, and we are obliged to delete personal data immediately, provided one of the following reasons applies:
This does not apply if the processing is necessary in order to:
Right to restriction of processing
You have the right to request the restriction of processing from us if one of the following conditions is met:
If the processing was limited according to para. “Right to restriction of processing”, then these personal data – notwithstanding their storage – can only be processed with your consent, or to assert, exercise or defend legal claims, or to protect the rights of another natural or legal person, or for reasons of significant public interest on the part of the Union or a Member State.
If you have effected a restriction of processing, then we will inform you before the restriction is removed.
Right to appeal
Notwithstanding any other administrative or judicial remedy, you have the right to appeal to a regulatory authroity, particularly in the Member State where you are staying, working or the location of the alleged breach, if you are of the opinion that the processing of the personal data concerning you violates the GDPR.
Necessity of providing personal data
The provision of personal data is neither legally nor contractually stipulated, and you are not obliged to provide personal data. However, providing personal data is required in order to enter into an employment contract with us. This means that if you do not provide any personal data in your application, we will not be able to enter into an employment contract with you.
No automated decision-making
No automated decision will be made in individual cases as defined by article 22 of the GDPR, which means that the decision about your application is not based on automated processing.
To help us improve our privacy policies, please give us your feedback, comments and suggestions.