Privacy Policy

Thank you very much for your interest in our company. Privacy is of great importance to the SIS GmbH management. Using SIS GmbH websites is generally possible without the submission of personal data. If a person is interested in making use of special services that our company offers on our website, the processing of personal data could become necessary. If the processing of personal data is necessary and there is no legal basis for the processing of the data, we generally ask for the consent of the affected person.

Personal data, including name, address, email address or phone number of a data subject always follows the General Data Protection Regulation and will always be processed in accordance with the country-specific data protection regulation applicable to SIS GmbH. With this privacy policy, our company wants to inform the public about the manner, scope and purpose of the personal data that we collect, use and process. Furthermore, data subjects will be informed of their rights by this privacy policy.

As the data controller, SIS GmbH has implemented numerous technical and organisational measures to ensure the most complete protection of the personal data processed via this website. Nevertheless, Internet-based data transmission is inherently flawed with security vulnerabilities so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, such as telephone.

1. Definitions

SIS GmbH’s privacy policy is based on the terms used by the General Data Protection Directive. Our privacy policy is intended to be easy to read and understand both by the public and our customers and business partners. In order to guarantee this, we would like to explain the terms used in advance. We use the following terms in this privacy policy, among others:

a) Personal Data
Personal data means any information related to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data Subject
Data subject means any identified or identifiable natural person whose personal data is processed by the data controller.

c) Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of Processing
Restriction of processing means to flag stored personal data with the aim of limiting its processing in the future.

e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f) Pseudonymisation
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

g) Controller
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) Processor
Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

i) Recipient 
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether it is a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

j) Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

k) Consent
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and Address of the Data controller

The data controller on the basis of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions of data protection nature, is:

SIS GmbH
Zum Täckenfeld 12
21385 Amelinghausen
Germany

Tel.:  +49 (0) 4132 654 91-00
Fax.: +49 (0) 4132 654 91-13
E-Mail: info@s-i-s.com
Website: www.s-i-s.com
Data Protection Officer Inga Zobel

3. Cookies

SIS GmbH websites use cookies. Cookies are text files which are stored and saved on a computer system via an internet browser.

Many websites and servers use cookies. Many cookies contain a so-called cookie-ID. A cookie-ID is a unique identifier for the cookie. It consists of a string of characters through which websites and server can be assigned precisely to the specific internet browser in which the cookie was saved or stored. This enables the visited websites and servers to distinguish the individual internet browser of the data subject from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified via its unique cookie-ID.

By using cookies, SIS GmbH can provide users of its website with more user-friendly services that would not be possible without the inclusion of cookies.

The information and services on our website can be optimized in the interest of our customers by the use of cookies. Cookies enable us, as already mentioned earlier, to recognize the users of our website. The purpose of this recognition is to improve the usability of our website for our users. For example, the user of a website that uses cookies does not have to re-enter his login details each time he visits the website because this is done by the website and the cookie stored on the user's computer system. Another example are the cookies for shopping carts in online shops. The online shop remembers the items that a customer has put into their virtual shopping cart through a cookie.

The data subject can prevent the enabling cookies on our website at any time by adjusting the settings of the Internet browser used and thus permanently object to the setting of cookies. Cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all conventional Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable under certain circumstances.

4. Collection of General Data and Information

The SIS GmbH website collects a series of general data and information each time the website is accessed by a data subject or an automated system. These general data and information are stored in the log files of the server. The (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-sites which are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information used to avert dangers in the event of attacks on our information technology systems can be detected and recorded.

When using this general data and information, SIS GmbH does not draw any conclusions about the data subject. This information is needed (1) to correctly deliver the content of our website, (2) to optimize the content and advertising of our website, (3) to ensure the long-term functionality of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack. These anonymously collected data and information are therefore evaluated by SIS GmbH both statistically and with the aim of improving data protection and data security in our company, in order to ultimately achieve an optimal level of protection of the personal data. The anonymous data of the server log files are stored separately from all personal data provided by the data subject.

5. Subscription to our newsletter

On the SIS GmbH website, users are given the opportunity to subscribe to our company's newsletter. Which personal data is transferred to the data controller is determined by the input mask that is used for this purpose.

SIS GmbH informs its clients and business partners at regular intervals about the company's offers via a newsletter. The newsletter of our company can be received by the data subject only if (1) the data subject has a valid e-mail address and (2) the data subject registers to receive the newsletter. For legal reasons, a confirmation e-mail as part of the double opt-in procedure will be sent to the e-mail address that was first entered by the data subject for newsletter dispatch. This confirmation e-mail is used to check whether the owner of the e-mail address as the data subject has authorised the receipt of the newsletter.

When registering to the newsletter, we also store the IP address assigned by the Internet Service Provider (ISP) to the computer system used by the data subject at the time of registration as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of the e-mail address of a data subject at a later date and therefore serves to legally protect the data controller.

The personal data collected as part of a newsletter registration will only be used to send our newsletter. Furthermore, subscribers to the newsletter could be informed by e-mail if this is necessary for the operation of the newsletter service or registration in this respect, as might be the case in the event of changes to the newsletter offer or to the technical conditions. The personal data collected as part of the newsletter service will not be passed on to third parties. The subscription to our newsletter can be cancelled by the data subject at any time. The consent to the storage of personal data, which the data subject has given us for the newsletter dispatch, can be revoked at any time. For the purpose of revoking your consent, you will find a corresponding link in every newsletter. It is also possible to unsubscribe from the newsletter dispatch at any time directly on the website of the data controller or to inform the data controller of this in any other way.

6. Tracking of Newsletters

SIS GmbH's newsletters contain so-called tracking pixels. A tracking pixel is a thumbnail image embedded in emails sent in HTML format to enable log file recording and analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. SIS GmbH can use the embedded pixel-code to identify whether and when an e-mail was opened by the data subject and which links in the e-mail were accessed.

Personal data collected via the pixel-code contained in the newsletters are stored and evaluated by the data controller in order to optimise the newsletter dispatch and to adapt the content of future newsletters to the interests of the data subject. This personal data will not be shared with third parties. Data subjects have the right to revoke the relevant separate declaration of consent submitted via the double opt-in procedure at any time. After revocation, this personal data will be deleted by the data controller. SIS GmbH automatically interprets any cancellation from the newsletter as a revocation.


7. Contact Through the Website

In accordance with legal requirements, the SIS GmbH website contains information that enables fast electronic contact with our company and direct communication with us, which also includes a general address for so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject will be stored automatically. Such personal data transmitted voluntarily by a data subject to the controller are stored for the purposes of processing or contacting the data subject. This personal data will not be shared with third parties.

8. Routine Deletion and Blocking of Personal Data

The data controller shall process and store the personal data of the data subject only for the period of time necessary to achieve the storage purpose or as long as is provided for by the European directive and regulation maker or another legislator in laws or regulations to which the data controller is subject. If the storage purpose no longer applies or if a storage period prescribed by the European directive and regulation giver or another responsible legislator expires, the personal data shall be blocked or deleted routinely and in accordance with the legal provisions.

9. Rights of the Data Subject

a) Right of Confirmation
Every data subject has the right granted by the European directive and regulation maker to obtain confirmation from the controller as to whether personal data relating to him or her are being processed. If a data subject wishes to exercise this right of confirmation, he or she may contact our data protection officer or another employee of the data controller at any time.

b) Right of Access
Any data subject involved in the processing of personal data has the right, granted by the European directive and regulation body, to obtain at any time, information on the personal data related to that data subject and a copy of that information from the controller at no charge. Additionally, the European directive and regulation body has granted the data subject access to the following information:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third-party countries or international organisations;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data is not collected from the data subject, all available information about the of the data source;
  • the existence of automated decision-making including profiling, referred to in Art. 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

The data subject also has the right to know whether personal data has been transferred to a third country or to an international organisation. If this is the case, the data subject shall also have the right to obtain information on the appropriate safeguards in connection with the transfer. If a data subject wishes to exercise this right to information, he or she may contact our data protection officer or another employee of the data controller at any time.

c) Right to Rectification
Any person whose personal data is processed has the right, granted by the European directive and regulation body, to request the immediate rectification of any inaccurate personal data concerning him or her. Considering the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. If a data subject wishes to exercise this right of rectification, he or she can contact our data protection officer or another employee of the data controller at any time.

d) Right to Erasure (Right to Be Forgotten)
Any person subject to the processing of personal data shall have the right, granted by the European directive and regulation body, to require the controller to immediately erase the personal data concerning him or her, if the processing is not necessary and if one of the following reasons applies:

  • The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
  • The data subject withdraws consent on which the processing is based according to point (a) of Art. 6(1), or point (a) of Art. 9(2), and where there is no other legal ground for the processing;
  • The data subject objects to the processing pursuant to Art. 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21(2);
  • The personal data has been unlawfully processed;
  • The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  • The personal data has been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

If one of the above mentioned reasons applies and a data subject wishes to have personal data stored at SIS GmbH deleted, he or she can contact our data protection officer or another employee of the data controller at any time. The data protection officer of SIS GmbH or another employee will ensure that the request for deletion is fulfilled immediately.

If the personal data have been made public by SIS GmbH and if our company as the data controller is obliged to delete the personal data pursuant to Art. 17 (1) DS-GVO, SIS GmbH shall take appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform other data controllers who process the published personal data that the data subject has requested the deletion of all links to this personal data or copies or replications of this personal data from these other data controllers, insofar as such processing is not required. The data protection officer of SIS GmbH or another employee will take the necessary steps in individual cases.

e) Right to Restriction of Processing
Any data subject affected by the processing of personal data has the right, granted by the European directive and regulation body, to request the data controller to limit the processing if one of the following prerequisites is met:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  • The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  • The data subject has objected to processing pursuant to Art. 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored at SIS GmbH, he or she can contact our data protection officer or another employee of the data controller at any time. The data protection officer of SIS GmbH or another employee will arrange for the processing to be restricted.

f) Right to Data Portability
Any data subject affected by the processing of personal data has the right, granted by the European directive and regulation body, to obtain the personal data provided by the data subject to a data controller in a structured, common and machine-readable format. The data subject shall also have the right to communicate such data to another controller without interference from the data controller to whom the personal data have been provided, given that the processing is based on the consent referred to in Art. 6(1) a GDPR or Art. 9(2) a GDPR or on a contract referred to in Art. 6(1) b GDPR and that the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority assigned to the controller.

Furthermore, when exercising his right to data portability under Art. 20(1) GDPR, the data subject shall have the right to obtain that the personal data be transferred directly from one responsible person to another responsible person, insofar as this is technically feasible and insofar as this does not impair the rights and freedoms of other persons.

In order to enforce the right to data portability, the data subject may at any time contact the data protection officer appointed by SIS GmbH or another employee. 

g) Right to Object
Any person data subject to the processing of personal data has the right, granted by the European directive and regulation body, to object at any time, for reasons related to his/her particular situation, to the processing of personal data concerning him/her on the basis of Art. 6(1)(e) or (f) of the GDPR. This also applies to profiling based on these provisions.

SIS GmbH will not process personal data if the data subject objects to the processing, unless we are able to provide compelling reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves the assertion, exercise or defence of legal claims. If SIS GmbH processes personal data for the purpose of direct advertising, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling if it is related to such direct marketing. If the data subject objects to the processing for direct marketing purposes by SIS GmbH, SIS GmbH will no longer process the personal data for these purposes.

Additionally, the data subject has the right to object to the processing of personal data concerning him/her by SIS GmbH for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR for reasons arising from his/her particular situation, unless such processing is necessary for the performance of a task in the public interest.

In order to exercise the right to object, the data subject may contact the data protection officer of SIS GmbH or other employees directly. The data subject is also free to exercise his/her right of objection in relation to the use of information society services, regardless of directive 2002/58/EC, by means of automated procedures using technical specifications.

h) Automated Individual Decision-Making, Including Profiling
Any person data subject to the processing of personal data has the right under the European Directive and Regulation not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects upon him or her or significantly affects him or her in a similar manner, provided that the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the data controller, or (2) is authorised by Union or national law or by the Member States to which the data controller is subject and which provides for adequate measures to safeguard the rights and freedoms and the legitimate interests of the data subject, or (3) is taken with the express consent of the data subject.

If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the data controller or (2) is taken with the express consent of the data subject, SIS GmbH shall take appropriate measures to safeguard the rights and freedoms and the legitimate interests of the data subject, including at least the right to have the data controller intervene, to present his or her point of view and to contest the decision.

If the data subject wishes to exercise rights in relation to automated decisions, he or she may contact our data protection officer or another employee of the data controller at any time. 

i) Right to Withdraw Consent 
Any data subject concerned by the processing of personal data has the right, granted by the European directive and regulation body, to revoke consent to the processing of personal data at any time.

If the data subject wishes to exercise his/her right to revoke his/her consent, he/she can contact our data protection officer or another employee of the data controller at any time.

10. Data Protection for Applications and in the Application Process

The data controller collects and processes personal data of applicants for the purpose of processing the application. The processing may also happen by electronic means. This in particular is the case when an applicant sends the relevant application documents to the controller by electronic means, for example by e-mail or via a web form found on the website. If the data controller concludes an employment contract with an applicant, the transferred data will be stored for the purpose of processing the employment relationship in accordance with the legal regulations. If the controller does not conclude a contract of employment with the applicant, the application files will be automatically deleted two months after a refusal notification, unless the deletion would otherwise conflict with any other legitimate interests of the controller. Other legitimate interests in this sense include, for example, the duty to provide evidence in proceedings under the General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz - AGG).

11. Legal Basis of Processing

Art. 6 I lit. a GDPR serves our company as a legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract in which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 I lit. b GDPR. The same applies to processing operations that are necessary for the implementation of pre-contractual measures, such as in cases of inquiries about our products or services. If our company is subject to a legal obligation requiring the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor was injured in our facility and his name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d GDPR. Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations which are not covered by any of the legal bases mentioned above are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and fundamental freedoms of the data subject do not predominate. Such processing operations are permitted to us in particular because they have been specifically mentioned by the European legislator. He held the opinion that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 sentence 2 GDPR).

12. Legitimate Interests in the Processing Pursued by the Controller or by a Third Party

If the processing of personal data is based on Art. 6 I lit. f GDPR, our legitimate interest is the conduct of our business for the benefit of all our employees and shareholders.

13. Duration for Which the Personal Data Is Stored

The criterion for the duration of the storage of personal data is the respective legal retention period. After expiry of this period, the corresponding data will be routinely deleted unless it is required for the fulfilment or initiation of a contract.

Legal or contractual regulations governing the provision of personal data; necessity for the conclusion of a contract; obligation of the data subject to provide the personal data; possible consequences of non-provision.

We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary for a person concerned to make personal data available to us which must subsequently be processed by us in order for a contract to be concluded. For example, the data subject is obliged to provide us with personal data when our company concludes a contract with him or her. Non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before the data subject provides personal data, he or she must contact our data protection officer. Our data protection officer informs the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or is necessary for the conclusion of a contract, whether there is an obligation to provide the personal data and potential the consequences of not providing the personal data.

14. Analysis tools and advertising

Google Analytics

If you have given your consent, Google Analytics, a web analysis service of Google Ireland Limited ("Google") is used on this website. The use includes the "Universal Analytics" operating mode. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze a user's activities across devices. This data protection notice is provided by www.intersoft-consulting.de.

Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users interact with the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. We would like to point out that on this website Google Analytics has been extended to include IP anonymisation in order to ensure anonymous collection of IP addresses (so-called IP masking). The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. For more information on terms of use and data protection, please visit https://www.google.com/analytics/terms/gb.html or https://policies.google.com/?hl=en.

Purposes of the Processing
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website and Internet use.

Legal Basis
The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Recipients or Categories of Recipients
The recipient of the collected data is Google.

Transfer to Third Countries
Personal data will be transferred to the USA under the EU-US Privacy Shield on the basis of the European Commission's adequacy decision. You can download the certificate here.

Duration of Data Storage
The data sent by us and linked to cookies, user-identifiers (e.g. User-IDs) or advertising-identifiers are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.

Rights of the Persons affected
You can revoke your consent at any time with effect for the future by blocking the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functionalities of this website to their full extent.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the Browser Add-on. Opt-out cookies will prevent future collection of your data when you visit this website. To prevent Universal Analytics from collecting data across different devices, you must opt-out on all systems used. If you click here, the opt-out cookie will be set: Disable Google Analytics