Privacy Policy
Effective: October 01, 2023
Table of Contents
- Responsible entity
- Overview of processing
- Relevant legal bases
- Data processing in third countries
- Deletion of data
- Business services
- Provision of online offers and web hosting
- Registration, login, and user account
- Push messages
- Customer reviews and rating procedures
- Modification and update of the privacy policy
- Rights of the data subjects
Responsible Entity
SponJobs
Cheraghi GmbH
Dr. Ahmad Reza Cheraghi
Leichlinger Str. 16
40591 Düsseldorf
Email Address: info@sponjobs.com
Imprint: https://www.sponjobs.com/impressum
Overview of Processing
The following overview summarizes the types of data processed and the purposes of their processing and refers to the individuals affected.
Types of Processed Data:
- Inventory data.
- Payment data.
- Contact details.
- Content data.
- Contract data.
- Usage data.
- Meta, communication, and procedural data.
Categories of Affected Persons:
- Customers.
- Prospects.
- Communication partners.
- Users.
- Business and contractual partners.
Purposes of Processing:
- Provision of contractual services and customer care.
- Contact inquiries and communication.
- Security measures.
- Office and organizational procedures.
- Administration and answering inquiries.
- Feedback.
- Marketing.
- Provision of our online offer and user-friendliness.
- Information technology infrastructure.
Relevant Legal Bases
Below is an overview of the legal bases of the GDPR, on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations in your or our country of residence or domicile may apply. If more specific legal bases are relevant in individual cases, we will inform you in the privacy policy.
- Consent (Article 6 (1) (a) GDPR) - The data subject has given consent to the processing of their personal data for one or more specific purposes.
- Contract performance and pre-contractual inquiries (Article 6 (1) (b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the data subject's request.
- Legal obligation (Article 6 (1) (c) GDPR) - Processing is necessary to comply with a legal obligation to which the controller is subject.
- Legitimate interests (Article 6 (1) (f) GDPR) - Processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail.
In addition to the data protection provisions of the GDPR, national regulations on data protection in Germany apply. This includes, in particular, the Act to Protect Against Misuse of Personal Data in Data Processing (Bundesdatenschutzgesetz – BDSG). The BDSG contains, in particular, special provisions on the right to access, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for employment purposes (§ 26 BDSG), in particular regarding the establishment, performance, or termination of employment relationships and the consent of employees. In addition, state data protection laws of the individual federal states may apply.
Data Processing in Third Countries
If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if this occurs in the context of using the services of third parties or the disclosure or transmission of data to other persons, bodies, or companies, this only takes place in accordance with legal requirements.
Subject to express consent or transfer required by contract or law, we only process or let the data be processed in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, the existence of certifications, or binding internal data protection regulations (Article 44 to 49 GDPR, Information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).
Deletion of Data
The data we process is deleted in accordance with legal requirements as soon as consents allowed for processing are revoked or other permissions lapse (e.g., if the purpose of processing this data has lapsed or it is not required for this purpose). If the data is not deleted because it is required for other and legally permissible purposes, its processing is limited to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary to assert, exercise, or defend legal claims or to protect the rights of another natural or legal person.
Our privacy policy may also contain further information on the retention and deletion of data that primarily apply to our processing operations.
Business Services
We process the data of our contractual and business partners, e.g., customers and interested parties (collectively referred to as "contractual partners") within the framework of contractual and similar legal relationships as well as associated measures and within the context of communication with the contractual partners (or pre-contractual), e.g., to respond to inquiries.
We process this data to fulfill our contractual obligations, including performing the agreed services, updating obligations, and remedy warranty and other service disruptions. In addition, we process the data to protect our rights and for the purposes of the administrative tasks associated with these obligations and the corporate organization. We also process the data based on our legitimate interests in proper, economical business management and safety measures to protect our contractual partners and business operations against misuse, endangering their data, secrets, information, and rights (e.g., involving telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Within the scope of applicable law, we only pass on the data of contractual partners to third parties to the extent required for the aforementioned purposes or for the fulfillment of legal obligations. Contractual partners are informed about other forms of processing, e.g., for marketing purposes, within this privacy policy.
Which data are necessary for the aforementioned purposes, we share with the contractual partners before or in the course of data collection, e.g., in online forms, by special marking (e.g., colors) or symbols (e.g., asterisks or similar), or personally.
We delete the data after statutory warranty and comparable obligations have expired, i.e., generally after 4 years unless the data is stored in a customer account, e.g., as long as it must be retained for legal archiving reasons. The statutory retention period for documents relevant to tax and commercial law, such as business books, inventories, opening balance sheets, annual financial statements, working instructions, and other organizational documents and vouchers, is ten years, and for received commercial and business letters and copies of sent commercial and business letters, it is six years. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statement, or the management report was established, the commercial or business letter was received or sent, or the voucher was created, and the recording was made or other documents were generated.
To the extent that we use third-party providers or platforms to perform our services, the terms and conditions and privacy notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.
Processed Data Types: Inventory data (e.g., names, addresses, gender, date of birth); Payment data (e.g., bank connections, invoices, payment history); Contact data (e.g., email, phone numbers); Contract data (e.g., subject matter of the contract, term, customer category); Usage data (e.g., websites visited, interest in content, access times); Meta-, communication and procedural data (e.g., IP addresses, time stamps, identification numbers, consent status). Affected Persons: Customers; Prospects; Business and contractual partners.
Purposes of Processing: Providing contractual services and customer service; Security measures; Contact inquiries and communication; Office and organizational procedures; Administration and answering inquiries.
Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Abs. 1 S. 1 lit. b) GDPR); Legal obligation (Art. 6 Abs. 1 S. 1 lit. c) GDPR); Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) GDPR).
Further information on processing processes, procedures, and services:
Customer account: Contractual partners can create an account within our online offer (e.g., customer or user account, "customer account" for short). If the registration of a customer account is necessary, contractual partners are referred to this as well as to the data required for registration. Customer accounts are not public and cannot be indexed by search engines. During the registration and subsequent logins and use of the customer account, we store the IP addresses of the customers along with the access times to prove the registration and prevent any misuse of the customer account. If customers have terminated their customer account, the data relating to the customer account will be deleted, subject to their retention being necessary for legal reasons. It is the customers' responsibility to secure their data upon termination of the customer account; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6 Abs. 1 S. 1 lit. b) GDPR).
Provision of online offers and web hosting
We process the data of users to allow them to use our online services. For this purpose, we process the IP address of the