Privacy Policy

The controller according to the EU General Data Protection Regulation (GDPR) and other German data protection laws and regulations is:
ITSCare – IT-Services für den Gesundheitsmarkt GbR
Saonestraße 3a
60528 Frankfurt am Main
Phone: +49 69 66813-1234
E-Mail: info@itscare.de

You can reach our data protection officer at datenschutz@itscare.de

If you use our offers, for example our websites, we process your personal data.

We will process your data in strict confidence and only for the purpose that we announced when collecting the data. Our standards for processing your data are the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other applicable data protection regulations.

1. Provision of the websites

Whenever you visit our websites, a number of general data and information, including personal data, are recorded by our systems. The following data is stored in the log files of our server:

• user's IP address (if necessary anonymous and shortened)
• Date and time of the request (timestamp)
• Details of the request and target address (version of the protocol, HTTP-method, referrer, UserAgent-String)
• Name of the retrieved file and transferred data volume (requested URL incl. query string, size in bytes)
• Message whether the retrieval was successful (HTTP Status Code)
• Website from which the request comes
• Browser type or app used
• Operating system and its interface
• Language and version of the browser software

When processing this data, we do not draw any conclusions about your person. Neither a person-related evaluation nor an evaluation of the data for marketing purposes or a profile formation takes place.

The legal basis for the processing of the data is Article 6 para1 lit.f GDPR. The processing of the data is technically necessary in order to provide our websites and to guarantee the stability and security of our systems. There is no possibility to use our websites without such processing of data, i.e. you have no possibility to object.

Your data will be deleted as soon as you leave our website and the respective session is ended. If your personal data is stored in log files, it will be deleted after 180 days at the latest.

2. Use of Cookies

We only use necessary cookies on our websites. We have not integrated cookies for usage analysis and/or range measurement. Cookies are stored on your computer and transmitted from there to our websites. A cookie contains a characteristic string of characters that allows your web browser to be uniquely identified when you return to our websites.

You can configure the handling of cookies in your browser yourself. By changing the settings in your browser, you can deactivate or restrict the transmission of cookies. You can delete already stored cookies at any time. This can also be done automatically. If cookies are deactivated for our websites, it may not be possible to use all functions to their full extent. You can find more information on the websites of your browser provider:

Google Chrome	https://support.google.com/accounts/answer/61416?hl=de
Mozilla Firefox	https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen?redirectlocale=de&redirectslug=cookies-loeschen-daten-von-websites-entfernen
Safari	https://support.apple.com/de-de/guide/safari/sfri11471/mac
Internet Explorer	https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Opera	https://help.opera.com/de/latest/web-preferences/

Necessary cookies

The cookies we use are technically necessary for the proper operation of our websites. Some necessary cookies ensure the technical stability of our websites and enable security-relevant functionalities. There is no possibility to use our websites without such processing of data, i.e. you have no possibility to object.

We use these types of cookies to enhance the security and functionality of our websites and web applications. Necessary cookies do not contain any personal data, i.e. no IP address or other information is collected that would enable us to trace your person. We use the necessary cookies listed below:

Cookie	Purpose	Storage time	Type
PHP_Sessionid	Retains the status of the user for all page views	Session	HTTP

The processing of personal data using necessary cookies is based on Art. 6 para. 1 lit. f) GDPR.

The purpose of using technically necessary cookies is to simplify the use of our websites for you. Some functions of our websites cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change. These purposes are also in our legitimate interest.

We do not use your user data collected through technically necessary cookies to create user profiles.

3. Integration of external services

3.1 Google Web Fonts

Our websites use Google Web Fonts for a visual attractive and homogeneous display of the contents which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google“). When entering our websites, the user’s browser loads the relevant fonts into its cache to display text, copy and typo correctly. For this reason, the browser connects with the servers of Google. Google thus becomes aware that our websites were accessed via the user’s IP address. It cannot be excluded that Google may also transfer the information to a US-American server.

The processing of data in this context is governed by Article 6 para 1 lit. f) GDPR.

For setting options to protect your privacy, please refer to Google's data protection information at https://policies.google.com/privacy?hl=de. You can find information on your privacy settings at https://safety.google/privacy/privacy-controls/.

4. Font Awesome

Our websites use Font Awesome for a visual attractive and homogeneous display of the contents which is provided by Fonticons, Inc., When entering our websites, the browser loads the relevant fonts into its cache to display text, copy and typo correctly. For this reason, the user’s browser connects with the servers of Fonticons. Fonticons thus becomes aware that our websites were accessed via the user’s IP address.

The processing of data in this context is governed by Article 6 para 1 lit. f) GDPR.

For more information about how to handle user data, please refer to the Fonticons’ Privacy Policy at https://fontawesome.com/privacy.

4. Contact

There are several opportunities to get in touch with us.

4.1 Scope of data processing

4.1.1 Contact forms

Our websites include several contact forms so that users can get in touch with us by contact form. If users choose to use this form of communication, the data entered in the form are transmitted to ITSCare, where they are saved. Which data are processed can be seen from the respective input forms. In the forms, only those fields are indicated as mandatory fields that are necessary for the use of the respective offer.

4.1.2 Additional contact opportunitiesy

You have several possibilities to contact us. We have provided on our web pages various ways for you to contact us (e-mail, mail, telephone). In these, we store your personal data transmitted to us in connection with contacting us (e.g. e-mail address, address data, telephone number, or other data resulting from the content).

4.2 Legal basis

If the personal data are transmitted in the context of sending a general enquiry or an e-mail, Art. 6 para 1 lit f) GDPR is the legal basis. If your contact refers to a contract or is a pre-contractual contact, Art. 6 para 1 lit. b) GDPR is the legal basis. In all other cases, the legal basis for the processing of your data is Article 6 para 1 lit f) GDPR. It is our legitimate interest to process your contact requests.

4.3 Purpose of the data processing

The purpose of data processing is to process your contact request. The data are processed exclusively for this purpose. Your data will not be passed on to third parties in this context.

4.4 Duration of the storage of your personal data

After complete processing of the contact request, we limit your data for further processing. Your data will be deleted after expiry of the tax and commercial law retention periods, unless you have expressly consented to further use of your data.

5. Application

5.1 Scope of data processing

Job applicants can enter their personal data on our websites to apply for the posted vacancies. The data are entered in a form and transmitted to ITSCare, where they are saved. Which data are processed can be seen from the respective input forms. In the forms, only those fields are indicated as mandatory fields that are necessary for the use of the respective offer.

To the extent permitted by law, we pass on your personal data to our partner company, Contebis Management & Technology GmbH, Fasanenweg 14, 61462 Königstein im Taunus (https://www.candibase.de), which supports us in selecting applicants. For its part, this company is obliged to comply with the applicable data protection regulations. In particular, the company may process the data exclusively for the fulfilment of its tasks on our behalf and only in accordance with our instructions.

If you do not want to send your application immediately, you can save your application. For this purpose, an individual access is created based on the e-mail address you enter, and a token generated by the system. The data you enter in the application form at this point in time is stored temporarily and can be accessed at any time via the individually generated access by logging in via the link sent to your specified e-mail address. We reserve the right to temporarily block access to an applicant profile. You can only change your details as long as your application has not yet been sent.

After sending your application, you can no longer make any changes to your applicant data via your individual access. If you do not send your application within 14 days, your individual access will be deactivated, and your deposited applicant data will be completely deleted after 30 days.

5.2 Purpose of data processing

The personal data provided in the context of your application will be processed by us exclusively for the purpose of selecting applicants. For the processing of applications, we limit ourselves to the information you provide directly. This may also include information you have stored in professional online networks or job boards. If we ask for your gender in the application procedure in the form of the desired form of address, this is solely because we would like to address you in the correct manner.

5.3 Legal basis

Personal data are processed on the basis of Article 88 para 1 GDPR in conjunction with § 26 BDSG.

5.4 Duration of the storage of your personal data

If an application is rejected, the data will be deleted by us six months after the rejection of an application, unless you have consented to the inclusion of your personal data in our applicant pool. In this case, the legal basis of the processing is Article 6 para 1 lit a) GDPR. You can revoke the consent given to us at any time.

6. Rights of the data subject

When we process your personal data, you are a data subject pursuant to Art. 4 No. 1 GDPR with the following rights towards us:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to notification (Art. 19 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
• Right to withdraw your declaration of consent under data protection law (Art. 7 para. 3 GDPR)

You have the right to withdraw your consent to us at any time, e.g. by e-mail to datenschutz@itscare.de. The withdrawal of consent shall not affect the lawfulness of the data processing based on consent before its withdrawal.

If you wish to exercise a right, please contact our data protection officer at datenschutz@itscare.de.

We would like to point out that in certain cases we may request additional information from you to establish your identity. For example, when exercising the right of access, we can ensure that information is not disclosed to unauthorized persons.

Automated individual decision-making does not take place on our websites.

7. Security

We use technical and organizational security measures to protect your personal data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. We continuously improve our security measures in accordance with technological developments.

8. Responsibility for external content

Our websites contain links to websites of external providers. We have no influence on and do not control that other providers comply with the applicable data protection regulations. If you are of the opinion that linked external sites violate applicable law or have other inappropriate content, please let us know. We will check your reference and remove the external link if necessary. We are not responsible for the content and availability of the linked external websites.

9. Validity of the privacy policy

Further development of our website or the implementation of new technologies may render amendments to this data privacy statement necessary. We therefore reserve the right to change this data privacy statement at any time with effect for the future. The relevant version of this statement is always the version that is available at the time you visit our website.

last update: June 2020