Data protection

The following information provides you with details about how we process your personal data and your rights under data protection law.

Responsibility for data processing and company data protection officer

In line with Article 4, Paragraph 7 of the EU General Data Protection Regulation (GDPR) responsibility lies with:

dots Gesellschaft für Softwareentwicklung mbH
Schlesische Str.  27, 10997 Berlin, Germany
Telephone: +49 (0) 30 695 799
E-mail: info@dots.de
(See our Legal Note)

If you have any questions about data protection, you are welcome to contact our company data protection officer at any time:

Dr. Frederike Rehker
Konica Minolta Business Solutions Europe GmbH
Europaallee 17, 30855 Langenhagen, Germany
Telephone: +49 (0)511 7404-0
E-mail: dataprotection(at)dots.de

As a data subject, you have the following rights: 

Right of access (Art. 15 GDPR): You have the right to be informed at any time of the categories of personal data processed, the purposes of processing, any recipients or categories of recipients of your personal data and the planned storage period. 

Right of rectification (Art. 16 GDPR): You have the right to request the rectification or completion of personal data concerning you that is incorrect or incomplete. 

Right to erasure („right to be forgotten“) (Art. 17 GDPR): You have the right to request the immediate erasure of your personal data. In particular, we are obliged as the controller to delete your data in the following cases:

• Your personal data is no longer needed for the purposes for which it was collected.
• A processing of your personal data took place solely on the basis of your consent, which you have now withdrawn, and there is no other legal basis that legitimises a processing of your personal data.
• You have objected to a processing which is based on the legitimate or public interest and we cannot prove that there are legitimate grounds for processing.
• Your personal data has been processed unlawfully.
• The erasure of your personal data is necessary in order to comply with a legal obligation to which we are subject.
• Your personal data has been collected in connection with information society services offered in accordance with Art. 8 I GDPR.

Please be aware that the right to erasure is subject to a limitation in the following cases, so that a deletion is excluded:

• Your personal data is used to exercise the right to freedom of expression and information.
• Your personal data serves to fulfil a legal obligation to which we are subject.
• Your personal data is used to carry out a task that is in the public interest or in the exercise of official authority that has been assigned to us.
• Your personal data serves the public interest in the field of public health.
• Your personal data are necessary for archiving purposes in the public interest, for scientific or historical research or for statistical purposes.
• Your personal data serve for us to establish, exercise or defend legal claims. 

Right of restriction of processing (Art. 18 GDPR): You also have the right to request that the processing of your personal data be restricted; in such a case, your personal data will be excluded from any processing. This right applies if:

• You contest the accuracy of your personal data and we have to verify the accuracy of your personal data.
• The processing of your personal data is unlawful and instead of erasing your personal data, you request a restriction of processing.
• We no longer need your personal data for the fulfilment of the specific purposes, but you still need this personal data to establish, exercise or defend legal claims.
• You object to the processing of your personal data and it has not yet been determined whether your or our legitimate reasons override this.

Right of data portability (Art. 20 GDPR): You have the right to receive the personal data concerning you that you have provided to us as a controller in a structured, common and machine-readable format and to transfer it to another controller. Furthermore, you also have the right to request that your personal data be transferred from us to another controller, insofar as this is technically feasible. 
The requirements for the applicability of data portability are:

• Your personal data is automatically processed based on your consent or a contract.
• Your personal data does not serve to fulfil a legal obligation to which we are subject.
• Your personal data will not be used to perform a task that is in the public interest.
• Your personal data do not serve for the performance of a task which is performed in the exercise of a official authority delegated to us.
• The exercise of your right shall not interfere with the rights and freedoms of others.

Right to object (Art. 21 GDPR): You have the right at any time to object to the processing of your personal data on grounds arising from your particular situation. This also applies to profiling. The requirement for this is that the processing is based on a legitimate interest on our part (Art. 6 I 1 lit. f GDPR) or the public interest (Art. 6 I 1 lit. e GDPR). 
Furthermore, you may also at any time object to the processing of your personal data for the purposes of direct marketing or profiling linked to such direct marketing. 
Should you object to the processing of your personal data based on a legitimate interest, we will check in each individual case whether we can show grounds worthy of protection that override your interests and rights and freedoms. In the event that there are no reasons worthy of protection on our part or your interests as well as rights and freedoms override our own, your personal data will no longer be processed. An exception is made if your personal data is still used for the establishment, exercise or defence of legal claims. 
If you object to the processing of your personal data for the purposes of direct marketing or profiling, insofar as this is linked to such direct marketing, your personal data will no longer be processed for these purposes.

Right to lodge a complaint with the supervisory authority (Art. 77 GDPR): You also have the right to lodge a complaint with a supervisory authority at any time, in particular with a supervisory authority in the Member State of your residence, place of work or place of suspected infringement, if you consider that the processing of personal data concerning you is in breach of the data protection regulations. 
The address of the supervisory authority responsible for our company is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
Besuchereingang: Puttkamerstr. 16 – 18 (5. Etage)
10969 Berlin
Telefon: 030 13889-0
Telefax: 030 2155050
E-Mail: mailbox@datenschutz-berlin.de

Right of withdrawal (Art. 7 GDPR): If you have given us consent to process your personal data, you can withdraw this consent at any time without giving reasons and in an informal manner. Withdrawal of consent does not affect the lawfulness of the processing that has taken place on the basis of the consent up to the point of withdrawal.

General information regarding the topic „purposes“

As a matter of principle, the processing of your personal data by us is always linked to a specified, explicit and legitimate purpose, which has already been defined before the processing activity is commenced, in accordance with the principle of purpose limitation under Art. 5 I lit. b GDPR. In the further course of this privacy policy, when a processing activity is cited, a description of the specific purpose is also included.

General information regarding the topic „legal bases“

We process your personal data in accordance with the GDPR. Accordingly, the processing of your personal data is always founded on a legal basis. Article 6 of the GDPR defines legal bases for the processing of personal data.

Legal bases for the processing of personal data

 Consent 
If we obtain your consent for the processing of your personal data, the processing will be carried out on the legal basis of Art. 6 I 1 lit. a GDPR. The following example serves to clarify this legal basis: You receive advertising from us by electronic mail and/or telephone and have given your prior consent. 
Contract or pre-contractual measure 
If the processing of your personal data is necessary for the fulfilment of a contract with you or for the implementation of pre-contractual measures taken in response to your request, the legal basis on which the processing of your personal data is based is Art. 6 I 1 lit. b GDPR. 
Legal obligation 
In cases where the processing of your personal data is necessary to comply with a legal obligation to which we are subject, this processing is based on Art. 6 I 1 lit. c GDPR. 
Vital interest 
Should the processing of your personal data be necessary to protect your vital interests or those of another person, this processing is carried out in accordance with Art. 6 I 1 lit. d GDPR. 
Public interest 
In cases where we process your personal data in order to perform a task which is in the public interest or in the exercise of official authority delegated to us, Art. 6 I 1 lit. e GDPR constitutes the legal basis. 
Legitimate interest 
If the processing of personal data is necessary to safeguard a legitimate interest of our company or a third party and at the same time the interests, basic rights and fundamental freedoms of the data subject, which require the protection of personal data, do not override our legitimate interest, Art. 6 I 1 lit. f GDPR serves as the legal basis for the processing.

Legal bases for the processing of special categories of personal data

If, in extraordinary cases, we need to process special categories of personal data, such as

• data on racial or ethnic origin (e.g. skin color or special languages),
• data on political opinions (e.g. party memberships),
• data on religious or philosophical beliefs (e.g. membership of a sect),
• data on trade union membership,
• genetic data,
• biometric data (e.g. fingerprints or photographs),
• health data (e.g. identification numbers for disabilities),
• or data concerning the sex life or sexual orientation

by you, this processing is based on one of the following legal bases, which are de-fined in Article 9 GDPR: 
Explicit consent 
If you have given us your explicit consent for the processing of the above categories of personal data, this constitutes the legal basis for the processing in accordance with Art. 9 II lit. a GDPR. 
Performing duties under social security/protection and employment law 
If the processing of special categories of personal data relating to you is necessary in order to comply with a legal obligation arising from social security/protection or employment law, the legal basis for this processing is Art. 9 II lit. b GDPR. 
Protection of vital interests 
If the processing of special categories of personal data relating to you should be necessary to protect your vital interests or those of another person, such processing is carried out pursuant to Art. 9 II lit. c GDPR. 
Manifestly public data 
Insofar as special categories of personal data of yours are processed, which have previously been made public by yourself, the processing of these data is based on Art. 9 II lit. e GDPR. 
Establishment / Exercise / Defence of legal claims 
Insofar as the processing of the special categories of personal data relating to you serves us to establish, exercise or defend legal claims, Art. 9 II lit. f GDPR constitutes the legal basis for the processing. 
Substantial public interest 
In the case of the processing of special categories of personal data concerning you in order to safeguard a substantial public interest arising from EU or national law, the processing is based on Art. 9 II lit. g GDPR. 
Assessment of the person's work capacity or other medical purposes such as health care 
If the processing of special categories of personal data relating to you arises from a law of the EU or a Member State or a contract concluded with a member of a health profession and is carried out for the purposes of preventive health care, occupational medicine, assessment of an employee's work capacity, medical diagnosis, care or treatment in the health or social field or the management of systems and services in the health or social field, this processing is based on Art. 9 II lit. h GDPR. 
Public interest in the area of public health 
If the processing of special categories of personal data of yours should be necessary for public health reasons, including protection against cross-border health threats such as pandemics, this processing is carried out on the legal basis of Art. 9 II lit. i GDPR. 
Archival purposes, scientific / historical research purposes, statistical purposes 
Should the processing of special categories of personal data relating to you arise from a right of the EU or a member state, which stipulates processing for archiving, scientific or historical research or statistical purposes in the public interest, this processing is based on Art. 9 II lit. j

General information regarding the topic „obligation to preserve records and time limits of erasure“

Unless otherwise stated, we delete personal data in accordance with Art. 17 GDPR or restrict its processing in accordance with Art. 18 GDPR. Apart from the retention periods stated in this privacy policy, we process and store your personal data only as long as the data are necessary for the fulfilment of our contractual and legal obligations. Personal data that are no longer required after the purpose has been fulfilled will be regularly deleted, unless further processing is required for a limited period of time, which may result from other legally permissible purposes. In order to fulfil documentation obligations as well as to comply with statutory obligations to preserve records in Germany, the necessary documents are kept for six years in accordance with § 257 I Commercial Code (HGB) and for ten years in accordance with § 147 I of the Fiscal Code of Germany (AO).

Recipient of your data

We do not sell or rent user data in principle. A transfer to third parties beyond the scope described in this privacy policy will only take place if this is necessary for the processing of the respective requested service. For this purpose, we work together with service providers in the areas of marketing, sales, IT, logistics and human resources, among others. We select these service providers extremely carefully. In other cases we transfer data to requesting governmental authorities. However, this only takes place if there is a legal obligation to do so, for example if a court order exists.

Locations of the processing of your personal data

In principle, we process your data in Germany and in other European countries (EU/EEA). If your data is processed in countries outside the European Union or the European Economic Area (i.e. in so-called third countries), this will only take place if you have expressly consented to it, if it is stipulated by law or if it is necessary for our service provision to you. If, in these exceptional cases, we process data in third countries, this will be done by ensuring that certain measures are taken (i.e. on the basis of an adequacy decision by the EU Commission or by presenting suitable guarantees in accordance with Art. 44ff. GDPR).

Processing activity – visiting of our website

Insofar as you use our website solely for informational purposes, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your personal browser transmits to our server. This data is technically necessary so that the website can be displayed to you. Furthermore, this data is technically necessary to ensure the stability and security of our website. The legal basis for the processing of your personal data in this case is Art. 6 I lit. f GDPR; the legitimate interest in this case is the provision and optimal presentation of this website as well as the protection of this against external attacks and their traceability. We delete this personal data after the end of the usage process, unless we need it for purposes of abuse detection and abuse traceability; in such a case, we retain this data for up to a maximum of 30 days. 

When visiting our website, the following personal data may thus be processed, which is automatically transmitted by your browser to our servers and stored there in the form of so-called "log files":

•  IP address of the terminal device used to access the website
• Date, time and duration of the request
• Country of origin of the request
• Content of the request (specific page / file)
• Access status/http status code (e.g. "200 OK")
• Internet address of the website from which the request to access our website was made
• Browser and installed add-ons (e.g. Flash Player)
• Operating system and interface
• Language and version of the browser software
• Amount of data transferred in each case
• Time zone difference to Greenwich Mean Time (GMT)

We can only provide some of the services offered on our website if we are able to contact you. In this respect, the possibility of using these services depends on you providing us with certain personal (contact) data. We collect, use and process this personal data only to the extent necessary to provide you with the respective service. If you contact us by e-mail or via a contact form, the personal data you provide in each case (your e-mail address and other information you provide voluntarily, such as your name/telephone number) will be stored by us in order to process your request and, if necessary, answer your questions. 
Here, the legal basis for the processing of your personal data is Art. 6 I 1 lit. f GDPR; the legitimate interest is to answer your request. After a final response to your request, we delete your request and the information on the processing with a period of three years after the end of the respective calendar year.

Our internet pages do not usually use so-called cookies. Only exception is an occasional cookie to prevent spam on pages containing a form or the Matomo Opt-Out cookie (see below).

This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called cookies or text files stored on your computer which enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, in the case of IP anonymisation being activated on this website, Google will first truncate your IP address within the member states of the European Union and in other countries party to the Agreement on the European Economic Area. The full IP address will only be transmitted to a Google server in the USA and truncated there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website to compile reports about website activities and to perform other services related to website and Internet usage services for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be consolidated with other data from Google. You can prevent the storage of cookies by setting your preferences in your browser software; however please note that in this case you may not be able to make full use of all the functions of this website. You can also prevent transmission of the data generated by the cookie related to your use of the website (including your IP address) to Google and its processing of this data by downloading and installing the browser plugin available under the following link (<link tools.google.com/dlpage/gaoptout;https://tools.google.com/dlpage/gaoptout?hl=en</link>).
Opt-out cookies prevent the future collection of your data when you visit this website. To prevent Universal Analytics from collecting data across several devices, you must opt-out on all systems used. If you click here, the opt-out cookie will be set: <a href="javascript:gaOptout()">Disable Google Analytics!</a>
We do respect your browser settings. If you have activated <em>Do not track (DNT:1)</em> our web sites do not load Google Analytics. If you have not activated <em>Do not track (DNT:0)</em> our websites use Google Analytics with the “AnonymizeIP()” function. IP addresses are truncated for further processing, thus precluding any linking to a particular individual. If a personal reference is included in the data collected about you, it will therefore be excluded directly and the personal data thus deleted immediately.
We use Google Analytics to analyse the use of our website and improve it on a regular basis. The statistics it yields lets us improve our product and make it more attractive to you as a user. In the exceptional cases in which personal data are transmitted to the USA, Google has submitted itself to the EU-US Privacy Shield (see <link www.privacyshield.gov/EU-US-Framework&gt;https://www.privacyshield.gov/EU-US-Framework</link>).
Third-party provider information: Google Dublin, Google Ireland ltd., Gordon House, Barrow Street, Dublin 4, Ireland
For more information on terms and conditions of use and privacy go to <link www.google.com/analytics/terms/us.html&gt;https://www.google.com/analytics/terms/us.html</link> and <link support.google.com/analytics/answer/6004245;https://support.google.com/analytics/answer/6004245?hl=en</link>
The legal basis for the use of Google Analytics is Article 6, Paragraph 1, Sentence 1, Letter f of the GDPR.

We use Matomo for reach analysis. The legal basis is our legitimate interest in the statistical analysis of user behavior for optimization purposes and error correction (Article 6.1,f GDPR).

In consideration of your interests, we have configured Matomo as follows.

• We do not set cookies (see above).
• The server is located in Germany, there is no data transfer to third countries
• The Config_id, your user ID, is valid for a maximum of 24 hours and is then replaced.
• Additionally we pseudonymize your Config_id
• Your IP address will be shortened (e.g. 192.168.xxx.xxx.) before Matomo stores it.
• All strings in your referral URL are removed. This means that all characters in an URL after the /? are not evaluated. For example, if you use our search, URLs are generated in this form: www.dots.de/de/suche/?tx_indexedsearch%5Bsword%5D=Jane+Doe&etc. The string ?tx_indexedsearch%5Bsword%5D=Jane+Doe&etc will not be evaluated by Matomo.
• We respect your Do-Not-Track (DNT) settings. If you have activated DNT in your browser, the Matomo script will not be loaded (and the objection option below will consequently not appear either).

We automatically delete your data after 180 days.
If you do not agree with the recording of your data, please use the following objection solution. If you uncheck the box, Matomo will set a cookie and stop recording your data:

Deactivate Matomo

We use Adobe Typekit Webfonts at dots.de. Typekit is a service offered by the company Adobe. This service offers fonts which are rendered in the user's browsers after contacting Adobes server in the USA.

At least the IP address of the user's browser is saved by Adobe. More information can be found in the privacy policy of Typekit.

Auf unserer Webseite sind so genannte Social Bookmarks (bspw. von Facebook, Twitter) integriert. Social Bookmarks sind Internet-Lesezeichen, mit denen die Nutzer eines solchen Dienstes Links und Nachrichtenmeldungen sammeln können. Diese sind auf unserer Webseite lediglich als Link zu den entsprechenden Diensten eingebunden.

Nach dem Anklicken der eingebundenen Grafik werden Sie auf die Seite des jeweiligen Anbieters weitergeleitet, d.h. erst dann werden Nutzerinformationen an den jeweiligen Anbieter übertragen. Informationen zum Umgang mit Ihren personenbezogenen Daten bei Nutzung dieser Webseiten entnehmen Sie bitte den jeweiligen Datenschutzbestimmungen der Anbieter.

Since we must process your data in the recruitment process please note the following:

Sole controller and processor of your personal data is:
dots Gesellschaft für Softwareentwicklung mbH
Schlesische Str. 27
10997 Berlin

If you have questions about this or if you wish to contact our Data Protection Coordination Manager (DPCM) Mr. Sambale please send an email to: dataprotection@dots.de

Our purpose to process your your data is to select a candidate for establishing an employment relationsship. We will not process your data for any other reason. The legal foundations for this processing are § 26 BDSG (German data protection law) in conjunction with Art. 6 para 1 lit. b) (Employment contract) und Art. 88 GDPR (data processing for an employment context). Providing personal data is essential to assess the application and, if applicable, to close an employment contract. An application without personal data cannot be considered. Automated decision-making does not happen.

Your data is exclusively distributed internally to the responsible and decision-making persons.
Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. This database is operated by PersonioGmbH, which offers a human resource and applicant management software solution (https://www.personio.com/legal-notice/). In this context, Personio is our processor under article 28 of the GDPR. In this case, the processing is based on an agreement for the processing of orders between us as the controller and Personio.
It is not transfered to third countries.

We delete your data six month after the end of the recruitment process. The legal foundation is § 61b Abs. 1 ArbGG (The law governing labour courts) in conjunction with § 15 AGG (Anti discrimination law). If you would like to be considered for future job offers we will only save your data for up to 12 month after you gave us written consent to do so.

According to Art. 15 GDPR you have the right to receive information about the processing of your personal data. In addition you are at liberty to exercise your rights of the correction, deletion or, if deletion is not possible, of the restriction of processing and of the portability of your data according to Art. 16-18, 20 GDPR. If you want to make use of these rights, please contact our DPCM.

You further have the right to complain to the supervisory authority (This is: Berliner Beauftragte für Datenschutz und Informationsfreiheit) at any time.

If you consider our processing of your personal data not lawful, we kindly ask you to contact our DCPM.

In addition Art. 13 para. 2, lit b) GDPR gives you the right to veto the processing of your personal data at any time.

Konica Minolta has set out the following policy as the global benchmark for its own conduct:

As a growing global company, being engaged in various business areas, We, Konica Minolta Group recognize that the confidence of our customers, business partners, officers and employees is our most valuable asset. Konica Minolta Group also recognizes that we are, not only to provide the best products and services, but also to meet the highest standards regarding compliance and social responsibility.

Konica Minolta Group is committed to respect the privacy of our customers, business partners, officers and employees and to protect the personal data of our customers, business partners, officers and employees.

Scope and applicability of this Policy

This policy applies to us, Konica Minolta, Inc. (“Konica Minolta”) and all of its affiliated companies (“Group Companies”) and our officers and employees. “Affiliated” in this instance means, that Konica Minolta may enforce the adoption of this Policy directly or indirectly, on the basis of voting majority, majority management representation or by agreement. Konica Minolta and Group Companies (“Konica Minolta Group”) establish and enforce internal rules such as regulations and procedures in accordance with this Policy.

This Policy sets forth the basic principles of Konica Minolta Group’s data protection and data security standards and ensures compliance with national and international data protection laws in force all over the world. Therefore it comprises the internationally accepted data protection principles, intending not to replace, but to supplement the respective national data protection and privacy laws (“National Legislation”). This means, that the content of this Policy has to be observed in the absence of a corresponding National Legislation or if a National Legislation provides lower requirements than this Policy. On the other hand, a National Legislation always takes precedence in case of a conflict with this Policy or if the National Legislation provides stricter requirements than this Policy.

This Policy extends to all processing of personal data. In countries where the data of legal entities are protected to the same extent as personal data, this Policy applies equally to data of legal entities. Anonymized data, e.g. for statistical evaluations or studies, is not subject to this Policy.

Konica Minolta Group’s principles for processing of personal data

Lawfulness, fairness and transparency

Personal data will be collected and processed in a lawful, fair and transparent manner to protect the individual rights of the data subjects.

Restriction to a specific purpose

Personal data will only be collected for specified explicit and legitimate purposes and will not be processed in a manner incompatible with those purposes.

Data accuracy / Data actuality

Personal data will be accurate and where necessary kept up to date. Konica Minolta Group will take every reasonable step to erase or rectify inaccuracies without delay.

Data economy / Data minimization

Personal data will be adequate, relevant and limited to what is necessary. Personal data will not be stored longer than necessary.

Rights of data subjects

Konica Minolta Group respects the rights of all data subjects including rights of access to their data, the right of restriction of processing or erasure, and the right of accuracy. Konica Minolta Group will provide clear and unambiguous information about how and why subjects' data are collected and processed.

Erasure

Time limits for storage of personal data will be defined. Konica Minolta Group erases personal data that are no longer necessary in relation to the purposes for which they have been collected or in a case a given consent is withdrawn and no other legitimate purpose for processing applies.

Security of processing / Data security

Personal data will be processed securely.　Appropriate to the risk, technical and organisational measures will be taken against unauthorised processing or alteration, and against loss or destruction or unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed. Konica Minolta Group will ensure ongoing integrity, availability, confidentiality and authenticity. Konica Minolta Group will ensure resilience of our systems and services processing personal data. In the event of an incident Konica Minolta Group will have the ability to restore the availability and access to data in a timely manner.

Data protection by design and by default

Konica Minolta Group will implement appropriate technical and organisational measures for ensuring that, by default, only personal data that is necessary for each specific purpose of the processing is processed. The principle of Data Protection by design and by default will be followed during the development of new products.

Accountability

There shall be accountability in all processing activities. Konica Minolta Group is responsible for and able to demonstrate compliance.

Konica Minolta Group’s data protection organisation

Each Konica Minolta Group company shall appoint a qualified person, who is responsible for the implementation and observance of the aforementioned principles.

If you have any questions on the subject of data protection, you are welcome to contact our company's Data Protection Coordination Manager (DPCM) at any time by e-mail:

DCPM of dots Software

Schlesische Str. 27

10997 Berlin

+49 (0) 30 695 799 47

E-mail the DCPM