Provider and responsible authority in the sense of the Data Protection Act
SEC Consult Unternehmensberatung GmbH
Leopold-Ungar-Platz 2/3/3. floor
Data Protection Officer:
David Rieger, BSc
+43 1 890 30 43
This privacy statement provides users with information on the nature, extent and purpose of the collection and use of their data by the responsible provider.
Insofar as the masculine form is used in the contents of this report, it is assumed that this refers to both genders on equal terms.
Collection of general information
Every time information about the services offered by SEC Consult is accessed, company information and current contributions to the subject of information security, information (also referred to as server log files) is automatically collected by us or the webspace provider.
Among other information this includes: website name, file, date, data volume, web browser and web browser version, operating system, the domain name of your Internet provider, the referrer URL (the page from which you accessed our offer) and the IP address.
Without this information, it would not be technically possible to deliver and display the website content. In this respect, collecting data is absolutely necessary. Furthermore, we use this information for statistical purposes. They help us to optimise our services and technology. We also reserve the right to check the log files in case of suspected illegal use of our services.
SEC Consult does not track its customers over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals.
If you sign up for our newsletter, we use the data you enter exclusively for this purpose or to inform you about the circumstances relevant to this service or the registration. We do not pass on this data to third parties.
A valid (working) email address is required to receive the newsletter. The IP address which you use to register for the newsletter and the date on which you order the newsletter will be saved. This data serves as evidence of misuse, if a third-party email address is used to register for the newsletter. In a further step to ensure that bogus email addresses are not added to our mailing list by third parties, we work with the “double-opt-in” process in accordance with the law. As part of this process, the signing up to the newsletter, the sending of the confirmation mail and the receipt of the registration confirmation are all recorded.
You have the right to revoke your consent to the storage of this data, your email address and its use for the sending of the newsletter at any time. We provide a cancellation link in each newsletter and here on our website. You also have the opportunity to inform us of your request to cancel using the contact methods mentioned in this document.
The newsletter is sent via “MailChimp”, a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The e-mail addresses of our newsletter recipients, as well as their further data described in the context of these notes, are stored on the servers of MailChimp in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, MailChimp can use this data according to its own information to optimize or improve its own services, e.g. to technically optimize the sending and presentation of the newsletter or for economic purposes, in order to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write them down or pass them on to third parties.
We trust in the reliability and IT and data security of MailChimp. MailChimp is certified under the US-EU data protection agreement “Privacy Shield” and thus commits itself to comply with EU data protection regulations. Furthermore, we have concluded a data processing agreement with MailChimp. This is a contract in which MailChimp undertakes to protect the data of our users, to process them on our behalf in accordance with their data protection regulations and in particular not to pass them on to third parties. The data protection regulations of MailChimp can be viewed here.
Integrating third-party services and content
Our range includes content, services and services from other suppliers. For example, this might be videos, graphics or images from other websites. In order for this data to be retrieved and displayed in the user’s browser, transmitting the IP address is absolutely necessary. The providers (hereinafter referred to as “third-party providers”) detect the IP address of the respective user.
Even if we try to use only third-party vendors who only need the IP address to deliver content, we have no influence on whether the IP address or other information about you is stored by them. If we know that the IP address is going to be stored, we inform our users of this.
Cookies have two main purposes. They help us make it easier for you to navigate through our services and they also enable the website to be displayed correctly. They are not used to spread viruses or to open programs.
Users have the option to browse our site without cookies. To do so, the corresponding browser settings must be updated. Use your browser’s Help menu to find out how to deactivate cookies. However, may we point out that some features of this website may be impaired and the use of services may be restricted. The pages http://www.youronlinechoices.com/uk/your-ad-choices/ (Europa) and http://www.aboutads.info/choices/ (USA) allow you to manage online advertising cookies.
For event announcements we use the services of instapage.com. Instapage, Inc (https://instapage.com/). is a platform for the creation of micro-sites and online forms.
If you contact us via one of those online forms or by email, we will save the information you provide, your IP address, the time it was sent and whether you opened the form on a computer or mobile device. This allows us to answer your request and ask possible follow-up questions and, if necessary, improve the form or information provided by us on Instapage. Since the SEC Consult website is constructed from static HTML pages, i.e. no interaction with our server is possible on these pages, we use a website created on Instapage for our contact form. Instapage is a platform for creating micro-sites and online forms.
Newsletter subscriptions are regulated by the form created by us on mailchimp.com. Details on this service can be found under point 4 of this document.
This website uses the online advertising program “Google AdWords” and its conversion tracking feature. Google AdWords will place a cookie on your computer, provided you came to our website via an Google ad. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits specific pages on our website and the cookie has not yet expired, we and Google are able to recognise that the user clicked on the ad and was forwarded to this page. Every Google AdWords customer receives a different cookie. Therefore cookies cannot be tracked through the websites of AdWords customers.
The information collected using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. Customers will see the total number of users who have clicked on their ad and have been redirected to a site with a conversion tracking tag. However, they do not receive any information that allows users to be personally identified.
If you do not want to participate in the tracking process, you can simply disable the Google Conversion tracking cookie using your Internet browser in the user settings section. You will then not be included in the conversion tracking statistics. Find out more about Google’s data protection policy here https://www.google.com/policies/privacy/
The data collected by Google Analytics is evaluated to generate reports on user activity and to optimize your user experience. In order to contradict the storage of the cookies, please make the appropriate setting in your browser. Please note that you can only use other areas of this website to a limited extent.
You can prevent the collection of user-related data and the processing of this data by Google by installing a corresponding browser plug-in. Alternatively, you can prevent the collection by Google Analytics by clicking on this link: Disable data capture. An opt-out cookie will be set which prevents the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for this website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
We also use Google Analytics to analyze data from AdWords for statistical purposes. If you do not want this, you can disable it through the Ads Preferences Manager.
We save personal data according to the principles of data avoidance and data economy only as long as it is required or prescribed by law (statutory storage period). If the purpose of the information collected ceases to be relevant or the storage period expires, the data is blocked or deleted.
In principle, you have the rights to information, correction, deletion, restriction, data portability, revocation and objection (see European General Data Protection Regulation article 12-23). Exceptions: if the issue relates to the prescribed data storage for business processing or if the data is subject to statutory retention requirements.
For these purposes please contact firstname.lastname@example.org
In order to allow for a data lock at any time, it is necessary to keep the data in a lock file for checking purposes. If there is no legally required archiving obligation, you can also request the deletion of the data. Otherwise, we will lock the data if you so desire.
If you apply to a company in the SEC Consult group, that company processes your personal data as a controller. Providing your personal data is necessary for an application to proceed. You are entitled to the data subject rights of EU-GDPR, Chapter 3, as described later in this document.
We process your personal data to take steps prior to an employment at your request (Art. 6 (1) (b) EU-GDPR, possibly in connection with Art. 9 (2) (b) EU-GDPR; In Germany: §26 (1) BDSG). Any additional processing beyond this application process is based on another, separately declared legal basis.
Our application process is mostly conducted by email. Your application usually encompasses
- Letter of motivation
- Curriculum vitae
- Description of your qualification and education
- Attestation of your qualification and education
The extent of your application documents is determined by you. We will only collect data necessary to proceed with the application process.
If we invite you to an interview, we collect further personal data encompassing your personal interests and particulars of your professional aspirations and qualification.
Transfer of application data
We share your application data within our organisation with persons involved in the application process: human resources managers, subject matter experts and potential superiors.
SEC Consult may invoke external processors to assess your expert knowledge. We will let you know about this before we transmit your personal data to these processors so that you may check their detailed data protection policies.
If you enter into an employment contract with us, we keep your application data until the conclusion of that contract’s retention periods.
If we do not close an employment contract, we keep your application data for six months (§15 GlBG (AT), §15 II AGG (DE), i.a.). If you want to receive updates on open positions, you may grant us your separate, written consent to do so.
If you want to visit our office locations, we require you to sign our terms of access. This form queries the name of yourself, your organisation and the person you visit as well as the security zone and the time of your visit.
The SEC Consult company you visit controls the processing of this data based on our legitimate interest in a secure office operation, which requires protecting our information and infrastructure. Providing you with the most important security rules in a provable way is an important organisational privacy measure (Art. 32 EU-GDPR) for us. We keep the signed forms for two years. Signing the terms of access is necessary to enter our offices. We do not use automated decision-making w.r.t this processing.
We do not transmit your data to third parties. If we share it among SEC Consult companies outside of the European Economic Area, the safety of your data is ensured this transfer is ensured through standard contractual clauses (Art. 47 EU-GDPR).
Changes to our data protection policy
In order to ensure that our data protection policy always complies with the current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the data protection policy has to be adapted due to new or revised activities, for example new services. The new data protection policy takes effect on your next visit.