Deutsche Cyber-Sicherheitsorganisation GmbH
Privacy Policy
Data Privacy Policy for the website and information provided to data subjects pursuant to Articles 13 and 14 of the EU General Data Protection Regulation
DCSO Deutsche Cyber-Sicherheitsorganisation GmbH (“DCSO”) as the operator of these pages takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection rules and this Data Privacy Policy.
When you use this website, various personal data are collected. Personal data is data by which you can be personally identified. This Data Privacy Policy explains what information we collect and how we use it. It also explains how and for what purpose this is done.
We would like to point out that data transmission on the internet (e.g. when communicating by email) can have security gaps. Complete protection of data against access by third parties is not possible.
1. General information
1.1 Information about the controller of the data
Company: DCSO Deutsche Cyber-Sicherheitsorganisation GmbH
Legal representative: Dr. Andreas Rohr, Dominic Coxinho
Address: EUREF-Campus 22, 10829 Berlin, Germany
Contact information for data protection officer: Datenschutz@dcso.de
1.2 How do we record your data?
On the one hand, your data are collected when you provide us with them. This can be, for example, data that you send us by email.
Other data are recorded automatically or with your consent by our IT systems when you visit the website. These are mainly technical data (e.g. internet browser, operating system or time of page view). These data are recorded automatically as soon as you enter this website.
1.3 What do we use your data for?
Some of the data are collected in order to ensure error-free provision of the website. Other data may be used to analyse your user behaviour.
1.4 What rights do you have regarding your data?
You have the right at any time to receive information free of charge about the origin, recipients and purpose of your stored personal data. You also have the right to request the rectification or erasure of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the responsible supervisory authority.
For this purpose, as well as for further questions on the subject of data protection, you can contact us at any time at the address given in the legal notice or the email address of our data protection officer.
2. General data processing information
2.1 Data on data subjects
Personal data are only collected if you provide us with them of your own accord. No other personal data are collected. Any processing of your personal data that goes beyond the scope of what is legally permissible will only be carried out on the basis of your express consent.
Purpose of processing:
Contract initiation, contract performance
Categories of recipients:
- Public bodies in the event of overriding legal requirements
- External service providers or other contractors
- Other external bodies insofar as the data subject has given his/her consent or a transmission is permissible for overriding interest
Third country transfers: In the context of the performance of the contract, processors outside the European Union may also be used
Duration of data storage: The duration of data storage depends on the statutory retention obligations and is usually 10 years
2.2 Request by email or telephone
If you contact us by email or telephone, your request including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent.
The processing of these data is based on Art. 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the request addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this has been requested.
The data you send us via contact requests will remain with us until you request us to erase them, revoke your consent to store them or the purpose for storing the data no longer applies (e.g. after your request has been processed). Compelling statutory provisions – in particular statutory retention periods – remain unaffected.
3. Specific information about the website
When visiting this website, your surfing behaviour may be statistically analysed. This is mainly done with so-called analysis programs. Detailed information on these analysis programmes can be found in the following Data Privacy Policy.
3.1 Usage data
When you visit our website, you transmit data to our web server (for technical reasons) via your internet browser. The following data are recorded during an ongoing communication connection between your internet browser and our web server:
-
- Date and time of the request
- Name of the requested file
- Page from which the file was requested
- Access status (file transferred, file not found, etc.)
- Web browser and operating system used
- Complete IP address of the requesting computer
- Amount of data transferred
For technical security reasons, in particular to defend against attempted attacks on our web server, we store these data for a short period of time. It is not possible for us to draw conclusions about individual persons on the basis of these data. After seven days at the latest, the data are anonymised by shortening the IP address at domain level, so that it is no longer possible to establish a link to the individual user. The data are also processed in anonymised form for statistical purposes; they are not aligned with other data or passed on to third parties, even in part.
3.2 Use of own “cookies”
This website uses its own “cookies” to increase user-friendliness (“cookies” are data records that are sent from the web server to the user’s browser and stored there for later retrieval). No personal data is stored in our own “cookies”. You can generally prevent the use of “cookies” by prohibiting the storage of cookies in your browser.
In some cases, cookies from third-party companies may also be stored on your terminal when you enter our site (third-party cookies). These enable us or you to use certain services provided by the third-party company.
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them. Other cookies are used to evaluate user behaviour or to display advertising. Cookies that are necessary to optimise the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal reason is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies has been requested, the relevant cookies will be stored exclusively on the basis of this consent (Art. 6 (1)(a) GDPR); consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic erasure of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be restricted.
3.3 Use of “Matomo”
DCSO uses the open-source software tool Matomo (formerly PI-WIK) to analyze user behavior on its website. Matomo is an open-source tool for web analysis that does not collect IP addresses or other (personal) information that could be traced back to the actual user. Matomo does not transmit any data to servers that are outside DCSO’s control.
Matomo uses cookies (text files) that are stored on your end device (computer, laptop, etc.) and enable DCSO to analyze the use of its website. The information thus obtained about usage behavior can be evaluated by DCSO to increase user-friendliness. For DCSO the information about your IP address is an anonymous identifier. In addition, the so-called “Universally Unique Identifier” (UUID) of the user is recorded. This ID is pseudonymized.
Cookies are stored on your computer and transmitted from it to our website. You therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for the website, it may no longer be possible to use all functions of the portal to their full extent. You can find more information on the privacy settings of the Matomo software under the following link: https://matomo.org/docs/privacy/.
With the help of web analysis using Matomo, the following data is collected when individual pages of our website are accessed:
- 2 bytes of the IP address of the user’s accessing system, the IP address is anonymized by “zeroing two digits of the IP range”
- The portal page accessed
- The portal page from which the user arrived at the accessed page (referrer)
- The subpages that are accessed from the portal page accessed
- The time spent on the portal page
- The frequency with which the portal page is accessed
- Contents (terms) of search queries
- Display of the retrievals and/or downloads carried out about the information (reports)
- Validity of the data: maximum 24 months
The data is deleted as soon as it is no longer required for our recording purposes. The generated statistics and underlying data are not deleted.
3.4 LINKEDIN
You can recognise access to LinkedIn, LinkedIn, 1000 W Maude Sunnyvale, CA 94085USA, by the “in” symbol on a blue background. If you activate our “in” button by double clicking it, a connection is established with the LinkedIn server and the LinkedIn plugin is reloaded on the respective webpage. The content of the “in” button is transmitted directly to your browser and integrated into the website by LinkedIn. This way your IP address may be transmitted to LinkedIn in the USA. For more information on the purpose and scope of data collection and the further processing and use of the data by LinkedIn, as well as your rights in this regard and the optional settings for protecting your privacy, please refer to LinkedIn’s Data Privacy Policy (http://www.linkedin.com/legal/privacy-policy) on the “in” button. If you are a LinkedIn member and do not want LinkedIn to collect data about you and link it to your membership data stored on LinkedIn via our website when the “in” button is activated, you must log out of LinkedIn before visiting our website.
3.5 XING
You can recognise access to XING, XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany, by the “x” or “xing” symbol on a green background. If you activate our “XING” button by double clicking it, a connection is established with the XING server and the XING share button functions (in particular the calculation/display of the counter value) are reloaded on the respective webpage, XING does not store any personal data about you in relation to the accessing of this website. In particular, XING does not store any IP addresses. There is also no evaluation of your usage behaviour via the use of cookies in connection with the “XING Share Button”. Current data protection information for the “XING Share Button” and supplementary information can be found on this website: https://www.xing.com/app/share?op=data_protection.
3.6 X
You can recognise access to X, Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland, by the “X” symbol. If you activate our “X” button by double clicking it, a connection is established with the X server and the X plugin is reloaded on the respective webpage. The content of the “X” button is transmitted directly to your browser and integrated into the website by X. This way your IP address may be transmitted to X in the USA (X Corp.,1355 Market Street, Suite 900, San Francisco, CA 94103)). The website operator has no influence on the nature and scope of the data collected and transmitted to X. For more information on the purpose and scope of data collection and the further processing and use of the data by X, as well as your rights in this regard and the optional settings for protecting your privacy, please refer to X’s Data Privacy Policy (X Privacy Policy) on the “X” button. If you are a X member and do not want X to collect data about you and link it to your membership data stored on X via our website when the “X” button is activated, you must log out of X before visiting our website.
4. Information on further data processing procedures
4.1 Hosting
This website is hosted by us (hoster). The personal data recorded on this website is stored on servers operated by us. This mainly includes IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated by a website.
We use them for the purpose of initiating and performing contracts with our potential and existing customers or applicants (Art. 6 (1)(b) GDPR) and in the interest of providing our online services securely, quickly and efficiently.
4.2 Specific information on the application process
Data on data subjects: Application details
Purpose of processing: Carrying out the application process
Categories of recipients: Public bodies in the event of overriding legal requirements
External service providers or other contractors, e.g. for data processing:
The product “HRworks” from HRworks GmbH, Waldkircher Str. 28 in 79106 Freiburg is used as an HR management tool
Other external bodies insofar as the data subject has given his/her consent or a transmission is permissible for overriding interest, e.g. customers and interested parties in the context of order acquisition
Third country transfers: In the context of the performance of the contract, processors outside the European Union may also be used, e.g. email providers
Duration of data storage: Application data is usually erased within four months after applicants have been informed of the decision, unless consent has been given for longer data storage in the context of inclusion in the talent pool
Conclusion of a contract for order processing:
In order to ensure data protection-compliant processing, we have concluded contracts for order processing with our service provider HRworks GmbH and our email provider.
4.3 Specific information on the processing of customer data (B2B)
Data on data subjects: Data provided for the purpose of initiating and performing the contract; if applicable, any additional data supplied for processing with your express consent. This is actively requested from you, for example, as soon as you wish to contact us via our contact form on our website please link to https://dcso.de/
Purpose of processing: Contract initiation, contract performance, including offers, orders, sales and invoicing, quality assurance
Categories of recipients: Public bodies in the event of overriding legal requirements
External service providers or other contractors, e.g. for data processing, if necessary for dispatch, transport and logistics, service providers for printing and dispatch of information
Other external bodies insofar as the data subject has given his/her consent or a transmission is permissible for overriding interests, e.g. for the electronic dispatch of information, for quality assurance purposes
Third country transfers: In the context of the initiation and performance of the contract, processors outside the European Union may also be used, e.g. email providers
Duration of data storage: The duration of data storage depends on the statutory retention obligations and is usually 10 years
5. Additional information and contacts
In addition, you may assert your rights to information, rectification or erasure or to the restriction of processing or the exercise of your right to object to processing as well as the right to data portability at any time. You can contact us by email or letter here. You also have the right to contact the data protection supervisory authority to lodge a complaint.