1. Introduction
With the following information, we would like to give you as a "data subject" an overview of the processing of your personal data by us and your rights under data protection laws. In principle, it is possible to use our website without entering personal data. However, if you would like to use special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is required and there is no legal basis for such processing, we will generally obtain your consent. The processing of personal data, such as your name, address or e-mail address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to "PINC Solutions GmbH".
With this data protection declaration, we would like to inform you about the scope and purpose of the personal data we collect, use and process. As the responsible party, we have implemented numerous technical and organizational measures to ensure the most complete possible protection of the personal data processed via this website. Nevertheless, internet-based data transmissions can fundamentally have security gaps, so that absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us by alternative means, such as telephone or post.You can also take simple and easy-to-implement measures to protect yourself from unauthorized access to your data by third parties. Therefore, we would like to give you some tips on how to handle your data securely at this point:
1. Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet or mobile device) with strong passwords.
2. Only you should have access to the passwords.
3. Make sure that you only use your passwords for one account (login, user or customer account).
4. Do not use a password for different websites, applications or online services.
5. In particular when using publicly accessible or shared IT systems, the following applies: You should always log out after each login to a website, application or online service.
Passwords should consist of at least 12 characters and should be chosen so that they cannot be easily guessed. Therefore, they should not contain common everyday words, your own name or the names of relatives, but should contain upper and lower case letters, numbers and special characters.
2. Responsible party
The responsible party within the meaning of the GDPR is:
PINC Solutions GmbH
Brienner Straße 48
80333 Munich
+49 (0) 89 413 262 320
E-mail: info@brauntesterclub.com
Representative of the responsible party: Andreas Keller
3. Data protection officer
You can reach the data protection officer as follows:
IITR Datenschutz GmbH
Dr. Sebastian Kraska
Marienplatz 2
80331 Munich
Phone: 089-18917360
E-mail: email@iitr.de
You can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.
4. Definitions
The data protection declaration is based on the terminology used by the European directive and regulatory body when enacting the General Data Protection Regulation (GDPR). Our data protection declaration should be easy to read and understand for both the public and our customers and business partners. To ensure this, we would like to explain the terms used in advance. In this data protection declaration, we use the following terms, among others:
4.1 Personal data
Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more special features that reflect the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
4.2 Data subject
The data subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).
4.3 Processing
Processing means any operation or set of operations which is carried out on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4.4 Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of restricting their future processing.
4.5 Profiling
Profiling means any form of automated processing of personal data consisting in the evaluation of those personal data to assess certain personal aspects relating to a natural person, in particular to analyse.
4.6 Pseudonymization
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
4.7 Processor
A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
4.8 Recipient
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
4.9 Third party
A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
4.10 Consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
5. Legal basis of the processing
Art. 6 para. 1 lit. a) GDPR (in conjunction with § 25 para. 1 TTDSG) serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 para. 1 lit. b) GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services.
If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 para. 1 lit. c) GDPR.
In rare cases, the processing of personal data may become necessary in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and their name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. The processing would then be based on Art. 6 para. 1 lit. d) GDPR.
Ultimately, processing operations could be based on Art. 6 para. 1 lit. f) GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if you are a customer of our company (Recital 47 Sentence 2 GDPR).
6. Transfer of data to third parties
Your personal data will not be transferred to third parties for purposes other than those listed below.
We only pass on your personal data to third parties if:
1. you have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a) GDPR,
2. the disclosure is permitted in accordance with Art. 6 para. 1 lit. f) GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
3. in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 lit. c) GDPR, and
4. this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 lit. b) GDPR.
In order to protect your data and, if necessary, to enable us to transfer data to third countries (outside the EU/EEA), we have concluded data processing agreements based on the European Commission's standard contractual clauses. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent may serve as the legal basis for the transfer to third countries in accordance with Art. 49 para. 1 lit. a) GDPR. This may not apply in the case of data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.
7 Technology
7.1 SSL/TLS encryption
This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us as the operator. You can recognize an encrypted connection by the "https://" instead of "http://" in the address line of the browser and by the lock symbol in your browser line.
We use this technology to protect your transmitted data.
7.2 Pantheon.io
We host our website at PantheonSysteme,Inc,717 California Street, Fl.2, San Francisco, CA94108 (hereinafter referred to as "Pantheon").
The use of Pantheon is based on Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in the most reliable presentation, provision and security of our website.
When you visit our website, your personal data (IP addresses) are processed on Pantheon's servers. Pantheon is certified as a US company under the EU-US Data Privacy Framework. An adequacy decision pursuant to Art. 45 GDPR has been issued. In addition, we have concluded a Data Processing Agreement (DPA) with the company.
You can view Pantheon's data policy at
https://legal.pantheon.io/ClientAgreements.html#contract-bjs3ml8q3
7.3 Amazon Web Services (AWS) - hosting of individual components
Components of Amazon Web Services (AWS) of Amazon.com Inc, Seattle, 410 Terry Ave N, United States, are integrated on our website. Amazon Web Services (AWS) is the world's most comprehensive and widely used cloud.
The purpose of using AWS in the present case is, among other things, to host applications and services on AWS and to rent resources for computing or storage-intensive tasks.
If you have consented to the use of the services hosted by AWS, the legal basis for the processing of personal data is Art. 6 para. 1 lit. a GDPR. In addition, it is in our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR to use the hosting of individual components at AWS in order to operate our website in an appealing and secure manner.
The parent company Amazon Inc. is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures.
You can view AWS's privacy policy at: https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice_German_2023-08-11.pdf.
8. Cookies
8.1 Technically necessary cookies are used
We only use technically necessary cookies on our website. You will therefore not see any cookie notices and no consent will be obtained for the use of cookies.
9 Contents of our website
9.1 Registration as a test candidate
You have the option of registering on our website by providing personal data.
Which personal data is transmitted to us in the process is determined by the respective input mask used for registration. The personal data you enter is collected and stored exclusively for internal use by us and for our own purposes. We may arrange for the data to be passed on to one or more processors, such as a parcel service provider, who will also use the personal data exclusively for internal use attributable to us.
By registering (only when creating an account) on our website, the date and time of registration are also stored. This data is not passed on to third parties. This does not apply if we are legally obliged to pass it on or if it serves the purpose of criminal prosecution.
Your registration, with the voluntary provision of personal data, also enables us to offer you content or services which, due to the nature of the matter, can only be offered to registered users. Registered persons are free to change the personal data provided during registration at any time or to have it completely deleted from our database. Please contact our PINC moderation team and we will change the data for you: contact@brauntesterclub.com
We will provide you with information about which personal data about you is stored at any time on request. We will also correct or delete personal data at your request, provided that this does not conflict with any statutory retention obligations. A data protection officer named in this privacy policy and all other employees are available to the data subject as contact persons in this context.
Your data is processed in the interest of convenient and easy use of our website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR.
9.2 Data processing when registering as a test candidate and or later tester for contract processing
In accordance with Art. 6 para. 1 lit. b) GDPR, personal data is collected and processed if you provide it to us for the execution of a contract or when opening an account. Which data is collected can be seen from the respective input forms. You can delete your account at any time, for example by sending a message to contact@brauntesterclub.com. We store and use the data you provide to process the contract. After complete processing of the contract or deletion of your account, your data will be blocked, taking into account tax and commercial law retention periods, and deleted after these periods have expired, unless you have expressly consented to further use of your data or we have reserved the right to further use of your data as permitted by law, about which we will inform you accordingly below.
9.4 Making contact via e-mail
Personal data is collected when you register with us on your own initiative. The data that is collected when you use a form can be seen from the respective forms. This data is stored and used exclusively for the purpose of responding to your request or for establishing contact and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. Your data will be deleted after final processing of your request; this is the case if it can be inferred from the circumstances that the matter in question has been finally clarified and the deletion does not conflict with any statutory retention obligations.
9.5 Tester management
We collect and process the personal data of applicants for the purpose of handling the application process. If we conclude a test contract with a tester, the transmitted data will be stored for the purpose of processing the test contract in compliance with the statutory provisions (5-year retention period). If we do not conclude a contract with the tester, the data will be deleted three months after the end of the campaign, provided that no other legitimate interests on our part prevent deletion.
The legal basis for the processing of your data is Art. 6 para. 1 lit. b)
10. Contacting for further test campaigns
10.1 Sending emails to prospective test participants
If you have provided your consent as a potential test candidate for further test campaigns, we reserve the right to send you corresponding offers on a regular basis. In accordance with Section 7 (3) UWG, we do not need to obtain separate consent from you for this. If you have initially objected to the use of your e-mail address for this purpose, we will not send you any e-mails. You are entitled to object to the use of your e-mail address for the aforementioned purpose at any time with effect for the future by using the unsubscribe link. Upon receipt of your objection, the use of your e-mail address for information purposes will cease immediately.
10.2 Mailjet
Transactional emails are sent via the mailing service provider Mailjet. The provider is SAS Mailjet, 13-13 bis, rue de l`Aubrac, 75012 Paris, France.
The purpose of data processing is to send test offers. Mailjet may use your data in pseudonymous form (without allocation to a user) to optimize or improve its own services, e.g. to technically optimize the sending and presentation of the e-mail or for statistical purposes. You will not be contacted by Mailjet itself, nor will your data be passed on to third parties.
The mailing service provider is used on the basis of Art. 6 para. 1 lit. f) GDPR and an order processing contract in accordance with Art. 28 GDPR. The legal basis for the processing of your personal data in connection with the information service is your consent given in the "opt-in" procedure within the meaning of Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time.
If you do not wish to be analyzed by Mailjet, you must unsubscribe from the notification option for test candidates. We provide a corresponding link for this purpose in every message.
The data you have stored with us for the purpose of notification will be stored by us until you unsubscribe and will be blocked for further mailing both on our servers and on Mailjet's servers after you unsubscribe from the information service. Should you also wish your data stored for the purposes of notification to be deleted, please let us know via contact@brauntesterclub.com. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.
You can find more information on Mailjet's data protection provisions at: https://www.mailjet.de/privacy-policy/.
11 Your rights as a data subject
11.1 Right to confirmation
You have the right to obtain confirmation from us as to whether or not personal data concerning you is being processed.
11.2 Right to information Art. 15 GDPR
You have the right to receive information from us at any time free of charge about the personal data stored about you and a copy of this data in accordance with the statutory provisions.
11.3 Right to rectification Art. 16 GDPR
You have the right to request the rectification of inaccurate personal data concerning you. You also have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
11.4 Erasure Art. 17 GDPR
You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds provided for by law applies and insofar as the processing or storage is not necessary.
11.5 Restriction of processing Art. 18 GDPR
You have the right to demand that we restrict processing if one of the legal requirements is met.
11.6 Data portability Art. 20 GDPR
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us to whom the personal data has been provided, provided that the processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, when exercising your right to data portability pursuant to Art. 20 para. 1 GDPR, you have the right to obtain that the personal data be transferred directly from one controller to another controller, insofar as this is technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.
11.7 Objection Art. 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) (data processing in the public interest) or (f) (data processing on the basis of a balancing of interests) of the GDPR.
This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing serves the establishment, exercise or defense of legal claims.
In individual cases, we process personal data for direct marketing purposes. You can object to the processing of your personal data for the purpose of such advertising at any time. This also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, we will no longer process the personal data for these purposes.
You also have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
You are free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
11.8 Withdrawal of consent under data protection law
You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.
11.9 Complaint to a supervisory authority
You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.
12 Routine storage, deletion and blocking of personal data
We process and store your personal data only for the period of time required to achieve the purpose of storage or if this is provided for by the legal provisions to which our company is subject.
If the storage purpose no longer applies or if a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
13. Duration of the storage of personal data
The criterion for the duration of the storage of personal data is the respective statutory retention period. After this period has expired, the corresponding data is routinely deleted, provided that it is no longer required for contract fulfillment or contract initiation.
14. Topicality and amendment of the data protection declaration
This privacy policy is currently valid and is dated April 2024.
It may become necessary to amend this privacy policy due to the further development of our website and offers or due to changes in legal or official requirements.