Privacy Policy
Table of Contents
1. Name and Address of the Controller
2. Contact Details of the Data Protection Officer
3. General Information on Data Processing
4. Your Rights
5. Automated individual decision-making including profiling
6. Provision of the Website and Creation of Log Files
7. Use of Cookies
8. Email Contact
9. Contact Form
10. Application by Email and Application Form
11. Corporate Presences
12. Hosting
13. Used Plugins
1. Name and Address of the Controller
The controller as defined in the General Data Protection Regulation (GDPR) and other data protection laws is:
Giant Leap GmbH u. Co. KG
Herzog-Wilhelm-Str. 26
80331 München
Deutschland
info@littlegiants.de
www.littlegiants.de
2. Contact Details of the Data Protection Officer
The data protection officer of the controller is:
Felix Leicht | Rechtsanwalt | Datenschutz- und IT-Sicherheitsbeauftragter (TÜV)
Rettenbergerstraße 28
87561 Oberstdorf
datenschutz@littlegiants.de
3. General Information on Data Processing
- Scope of Personal Data Processing We generally process personal data of our users only to the extent necessary for the provision of a functional website as well as our content and services. The processing of personal data of our users regularly takes place only with the user's consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of the data is required by law.
- Legal Basis for the Processing of Personal Data If we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 sentence 1 lit. a GDPR serves as the legal basis. For the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 para. 1 sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. If the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 sentence 1 lit. c GDPR serves as the legal basis. If the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, Art. 6 para. 1 sentence 1 lit. d GDPR serves as the legal basis. If processing is necessary to safeguard the legitimate interests of our company or a third party, and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for the processing.
- Data Deletion and Storage Period The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for further storage of the data for the conclusion or fulfillment of a contract.
4. Your Rights
Below you will find information about your rights as a data subject under the applicable data protection law with regard to the processing of your personal data by the data controller:
- The right, pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. In particular, you can request information about the purposes of the processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data, if not collected by us, and the existence of automated decision-making, including profiling, and, where appropriate, meaningful information about its details.
- The right, pursuant to Art. 16 GDPR, to demand the correction or completion of your personal data stored by us without delay.
- The right, pursuant to Art. 17 GDPR, to demand the deletion of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.
- The right, pursuant to Art. 18 GDPR, to demand the restriction of processing of your personal data, where the accuracy of the data is contested by you, the processing is unlawful, but you oppose its erasure and we no longer need the data, but you require it for the establishment, exercise or defense of legal claims, or you have objected to processing pursuant to Art. 21 GDPR.
- The right, pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transmission to another controller.
- Right to lodge a complaint with a supervisory authority Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.
- The right to revoke any consent given pursuant to Art. 7 para. 3 GDPR at any time, with effect for the future. In the event of revocation, we will immediately delete the data concerned, unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.
- Right to object
If your personal data is processed by us based on legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data on grounds relating to your particular situation or to the processing of personal data for direct marketing purposes without giving reasons.
If you wish to exercise your right of revocation or objection, it is sufficient to send an e-mail to the e-mail address given above.
5. Automated individual decision-making including profiling
You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
- is necessary for entering into or performance of a contract between you and the controller,
- is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
- is based on your explicit consent.
However, such decisions may not be based on special categories of personal data referred to in Article 9(1) of the GDPR, unless Article 9(2)(a) or (b) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in points (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.
6. Provision of the Website and Creation of Log Files
- Description and Scope of Data Processing Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing device. The following data is collected:
• Information about the browser type and version used
• The user's operating system
• The user's IP address
• Date and time of access
• Websites from which the user's system accessed our website
• Websites accessed by the user's system through our website
This data is stored in our system's log files. Storage of this data with other personal data of the user does not occur.
- Purpose of Data Processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's device. For this purpose, the user's IP address must be stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and ensure the security of our IT systems. No analysis of the data for marketing purposes occurs in this context. Our legitimate interest in data processing pursuant to Art. 6 (1) sentence 1 lit. f GDPR also lies in these purposes.
- Legal Basis for Data Processing
The legal basis for the temporary storage of data and log files is Art. 6 (1) sentence 1 lit. f GDPR.
- Duration of Storage
The data is deleted as soon as it is no longer necessary for the purpose of its collection. In the case of data collection for the provision of the website, this occurs when the respective session is ended. In the case of storage of the data in log files, this occurs no later than after seven days. Further storage is possible. In this case, the IP addresses of the users are deleted or anonymized, so that an assignment of the accessing client is no longer possible.
- Objection and Removal Options
The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Therefore, there is no option for objection by the user.
7. Use of Cookies
- Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the internet browser or on the user's computer system by the internet browser. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again. We use cookies to make our website more user-friendly. Some elements of our website require the calling browser to be identified even after a page change.
- Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. It is necessary for these that the calling browser is also recognized after a page change. The user data collected by technically necessary cookies is not used to create user profiles.
- Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 sentence 1 lit. f GDPR.
- Storage period, objection and removal options
Cookies are stored on the user's computer and transmitted to our site from there. As a user, you therefore have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent. If you are using a Safari browser version 12.1 or later, cookies will be automatically deleted after seven days. This also applies to opt-out cookies that are set to prevent tracking measures.
8. Email-Contact
- Description and scope of data processing
It is possible to contact us via the email address provided on our website. In this case, the personal data of the user transmitted with the email will be stored. The data will be used exclusively for the processing of the conversation.
- Purpose of data processing
In the case of contact by email, there is also a necessary legitimate interest in processing the data.
- Legal basis for data processing
The legal basis for processing data with the user's consent is Art. 6 para. 1 lit. a GDPR. The legal basis for processing data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the email contact aims to conclude a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.
- Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is considered to have ended when it can be inferred from the circumstances that the matter in question has been finally clarified.
- Right to object and removal options
The user has the right to revoke their consent to the processing of personal data at any time. If the user contacts us via email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of the contact will be deleted in this case.
9. Contact form
- Description and scope of data processing
Our website has a contact form that can be used for electronic communication. If a user uses this option, the data entered in the input mask will be transmitted to us and stored. The following data will be stored at the time the message is sent:
• Email address
• Name
• First name
• IP address of the requesting computer
In order to process the data, your consent will be obtained as part of the sending process, and reference will be made to this data protection declaration. Alternatively, contact can be made using the provided email address. In this case, the user's personal data transmitted with the email will be stored. The data will only be used for processing the conversation.
- Purpose of data processing
The processing of personal data from the input mask is solely for the purpose of processing the contact. In the case of contact by email, there is also a legitimate interest in processing the data. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
- Legal basis for data processing
The legal basis for processing the data, if the user has given their consent, is Article 6(1)(a) of the GDPR. The legal basis for processing data transmitted by email is Article 6(1)(f) of the GDPR. If the email contact aims to conclude a contract, an additional legal basis for processing is Article 6(1)(b) of the GDPR.
- Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For personal data from the contact form input mask and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is considered ended when it can be inferred from the circumstances that the matter in question has been finally clarified.
- Right to object and remedy
The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In this case, the conversation cannot be continued. All personal data that was stored during the contact will be deleted in this case.
10. Application by email and application form
- Scope of processing of personal data
Our website has an application form that can be used for electronic applications. If an applicant makes use of this option, the data entered in the input mask will be transmitted to us and stored. This data includes:
• First name
• Last name
• Telephone / mobile phone number
• Email address
• Information about education and schooling
• CV
• Certificates
When you submit your data, we will obtain your consent for the processing of your data and refer you to this data protection declaration. Alternatively, you can also send us your application by email. In this case, we will record your email address and the data you provide in the email. After sending your application, you will receive a confirmation of receipt of your application documents from us by email.
- Purpose of data processing
The processing of personal data from the application form is solely for the purpose of processing your application. In the case of contact by email, the processing of the data is also necessary for the legitimate interest in processing the data. The other personal data processed during the submission process serves to prevent misuse of the application form and to ensure the security of our information technology systems. - Legal basis for data processing
The legal basis for the processing of your data is the initiation of a contract at the request of the data subject, Art. 6 para. 1 sentence 1 lit. b Alt. 1 DSGVO and § 26 para. 1 sentence 1 BDSG.
- Duration of storage
After the application process has been completed, the data will be stored for up to two months. Your data will be deleted no later than two months after the end of the application process. In the case of a legal obligation, the data will be stored in accordance with the applicable provisions.
- Right to object and to have data erased
The applicant has the right to object to the processing of personal data at any time. If the applicant contacts us by email, they can object to the storage of their personal data at any time. In such a case, the application can no longer be considered. All personal data stored as part of electronic applications will be deleted in this case.
11. Company presence on social media
As part of our company's online presence, we also operate accounts on social networks for Giant Leap, particularly on the following social networks:
- Facebook: On our company page, we provide information and offer Facebook users the opportunity to communicate. If you perform an action on our Facebook company page (such as comments, posts, likes, etc.), you may make personal data publicly available (such as your name or photo from your user profile). However, as we usually have little or no control over the processing of your personal data by the companies co-responsible for the Giant Leap GmbH & Co. KG online presence, we cannot provide any binding information on the purpose and scope of the processing of your data. Our online presence on social networks is used for communication and exchange of information with (potential) customers. In particular, we use the company page to communicate information and announce news. It is up to each user to voluntarily disclose personal data through their activities. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. a GDPR. The data generated through our company page on social media is not stored in our own systems. You can object to the processing of your personal data that we collect in the context of your use of our Facebook company page at any time and exercise your rights as a data subject mentioned in section IV of this privacy policy. To do so, please send us an informal email to info@littlegiants.de. For information on the processing of your personal data by Facebook and your corresponding rights to object, please refer to the following link: Facebook: https://www.facebook.com/help/568137493302217
12. Hosting
The website is hosted on servers provided by a service provider commissioned by us. Our service provider is Homepage Helden GmbH, Poststraße 20, 20354 Hamburg, www.homepage-helden.de. The servers automatically collect and store information in so-called server log files that your browser transmits to the website. The information stored includes:
• Browser type and version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Date and time of server request
• IP address
This data is not merged with other data sources. The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website - for this purpose, the server log files must be recorded. The location of the website's server is geographically in Germany.
13. Used plugins:
We use various plugins for different purposes.
The plugins used are listed below:
1. Google Maps
Our website uses the online map service provider Google Maps via an interface.
a. Purpose of Use
Data processing is carried out for the purpose of using the functionalities of the map service on the website.
b. Type of Processing
If you consent to the display of Google Maps on our website, data (in particular, your IP address) will be transmitted to Google and at least one cookie (NID) will be set. Google thereby receives the information that the contact page of our website has been accessed from the IP address of your device.
c. Legal Basis
The storage of and access to information on the end device of the end user is carried out in accordance with § 25 para. 1 TTDSG. The legal basis for further data processing is your consent pursuant to Art. 6 para. 1 lit. a and Art. 49a GDPR.
You can revoke your consent at any time with effect for the future by reloading the website. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.
d. Recipients
Recipients of the data may be:
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as a processor pursuant to Art. 28 GDPR)
- Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
- Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
It cannot be excluded that US authorities will access the data stored by Google.
e. Storage Period
According to Google, the storage period of the NID cookie set by Google Maps in your browser is 6 months.
f. Third Country Transfer
This personal data, including the IP address of the internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may disclose these personal data collected through the technical process to third parties. If data is processed outside the EU/EEA and there is no data protection level that corresponds to European standards, we have concluded EU standard contractual clauses with the service provider to establish an appropriate data protection level. The parent company of Google Ireland, Google LLC, is based in California, USA. The transmission of data to the USA and access by US authorities to the data stored by Google cannot be excluded. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as you do within the EU/EEA. You may not have any legal remedies against access by authorities.
g. Further Information:
For more information on data usage by Google, as well as settings and objection options and data protection, please refer to the following Google websites:
- Privacy Policy: https://policies.google.com/privacy?hl=en&gl=en
- Google Website Statistics: https://services.google.com/sitestats/en.html
- Use of Data by Google: https://support.google.com/google-ads/answer/6334160
- Terms of Use for Google Maps: https://www.google.com/intl/en/help/terms_maps/
You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. Please note that in this case you may not be able to use all functions of our website to their full extent. You can also prevent the storage of cookies by setting your web browser to block cookies from the domain "www.googleadservices.com" (https://www.google.com/settings/ads). Please note that this setting will be deleted when you delete your cookies. You can also deactivate interest-based advertising via the optout.aboutads.info link. Please note that this setting will also be deleted when you delete your cookies.