EUREF AG Privacy Policy

EUREF company group data protection information

NOTE: This data privacy statement applies to all the websites, namely: EUREF-CONSULTING,  EUREF-Campus-Düsseldorf, EUREF-Talent-Campus.

This version covers the processing activities on the respective sites and in other places that are subject to an obligation to provide information. In the event of a change of the processing on a site, this version will be adjusted accordingly.

  1. DATA PROTECTION AT A GLANCE

GENERAL INFORMATION

The following information provides a general overview of what happens with your personal data when you visit the operator’s website. Personal data are all data by which you can be personally identified. Detailed information on data protection can be found below.

DATA AQUISITION ON THIS WEBSITE
Who is responsible for data collection on this website?

Data on this website is processed by the operator of this website. You can find the operator’s contact data in the website’s legal notice.

How are your data collected?

Firstly, your data are collected by your providing them to the operator. This involves data which you enter in a contact form, for example.

Other data are collected automatically by the operator’s IT systems when you visit the website. These are primarily technical data (e.g., internet browser, operating system or time of the page view). These data are collected automatically, as soon as you visit this website.

What are your data used for?

Some of the data are collected to ensure error-free provision of the website. Other data can be used to analyse your use behaviour.

What rights do you have concerning your data?

You have the right at any time to obtain information about the origin, recipient and purpose of your stored personal data free of charge. You also have the right to request the correction, blocking or deletion of these data. If you have any questions about this or data protection in general, you can contact datenschutz@euref.de at any time. In addition, you have the right to lodge a complaint with the competent supervisory authority.

ANALYSIS TOOLS AND TOOLS FROM THIRD-PARTY PROVIDERS.

Your use behaviour can be statistically analysed when you visit this website. This is done primarily with the aid of cookies and analytics programs. As a rule, your use behaviour is analysed anonymously; the use behaviour cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. You can find detailed information in the following data protection policy.

  1. general Information and mandatory information

The operator of these sites takes the protection of your personal data very seriously. It treats your personal data confidentially and in compliance with the statutory data protection regulations and this data protection policy.

When you use this website, various personal data will be collected. Personal data are data by which you can be personally identified. This data protection policy explains which data are collected by the operator and what they are used for.

The operator points out that data transmission on the internet (for example, when communicating via email) may have security gaps. Complete protection of your data against third party access is not possible.

information about the controller

The controller for the processing of data on this website is:

EUREF AG
EUREF Campus 3
10829 Berlin
Email: info@euref.de

Data Protection Officer

mip Consult GmbH
Jan Käding
Wilhelm-Kabus-Str. 9
10829 Berlin
E-Mail: datenschutz@euref.de

revocation of your consent to data processing

Many data processing activities require your express consent to be permitted. You can revoke any consent you have granted at any time with effect for the future. This only requires an informal notification by email to datenschutz@euref.de. The legality of the data processing carried out up to the revocation remains unaffected by the revocation.

information about your right to object in accordance with to Art. 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1) Sentence 1 (e) GDPR (processing of data in the public interest) and Art. 6 (1) Sentence 1 (f) GDPR (processing of data based on a weighing of interests). This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

The objection can be made informally and no costs other than the transmission costs according to the basic rates will be incurred.

If you wish to exercise your right to object, it is sufficient to send an informal notice, e.g. using the abovementioned contact details.

right of complaint to the competent supervisory authority

In the event of data protection violations, you as the data subject have the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority in data protection issues is the state data protection officer in Berlin.

  1. data collection on this website

COOKIES AND SIMILAR TECHNOLOGIES

On our website, we use cookies and similar technologies (e.g. web storage; hereinafter referred to as “cookies”). Cookies contain information that usually consists of letters and numbers and is stored on the user’s computer when a specific website is visited.

Some of these cookies are necessary for the functioning of our website, while other cookies help us improve our website by allowing us to analyse the use of our website by you.

By default, we only use cookies that are necessary for technical reasons. Technically necessary cookies enable the core functionalities of our website. Without these cookies, the website cannot be displayed correctly or individual areas may not function properly. You can prevent the storage of necessary cookies only by making appropriate settings in your browser.

We will use cookies that are not necessary for the functioning of the website (“non-essential cookies”) after we have obtained your consent. You can at any time withdraw your consent.

We use cookies and similar technologies to store information on your terminal device on the basis of Section 25 (2) No. 2 TDDDG [German Act on Data Protection and the Protection of Privacy in Telecommunications and Digital Services]. Data are processed to safeguard our legitimate interest in accordance with Art. 6 (1) Sentence 1 (f) DSGVO to ensure the best possible functionality of the website.

On our website, we use the following cookies that are necessary for technical reasons:

Name Expiry Purpose Type
__cf_bm Session To recognise bot requests. HTTP cookie
_cfuvid Session Used for load distribution, provision of website content and provision of a DNS connection. HTTP cookie
aviaPrivacyMustOptInSetting 1 year Cookie for the administrative area. HTTP cookie
aviaCookieConsent 1 year Use and storage of cookies have been consented to. HTTP cookie
aviaPrivacyEssentialCookiesEnabled 1 year Enables the storage of essential cookies, other cookies and the use of extensions. HTTP cookie
aviaPrivacyRefuseCookiesHideBar 1 year Refuses cookies that have not been permitted when other pages are viewed. HTTP cookie
aviaPrivacyVideoEmbedsDisabled 1 year Used to unblock content from video platforms and social media platforms. HTTP cookie
BpSessionID Session Saves the session for the login area. HTTP cookie
pll_language 1 year Saves the language settings. HTTP cookie
cmplz_banner-status 1 year Administration of cookie consent to save whether the cookie banner has been rejected. HTTP cookie
cmplz_functional 1 year To save the cookie settings. HTTP cookie
cmplz_preferences 1 year Saves the cookie consent preferences. HTTP cookie
cmplz_statistics 1 year Remembers whether anonymised statistics may be used.
cmplz_marketing 1 year Saves the cookie consent preferences. HTTP cookie
cmplz_policy_id 1 year Captures the ID for the accepted cookie policy. HTTP cookie
cmplz_consented_services 1 year Saves the cookie consent preferences. HTTP cookie
yt-remote-device-id Session Saves the user settings when a YouTube video is retrieved. HTML Session Storage
ytidb::LAST_RESULT_ENTRY_KEY Session Used by Google DoubleClick for the purpose of measuring the effectiveness of an advertisement and to show the user targeted advertisements. HTML Session Storage
yt-player-headers-readable Session Saves the user settings when a YouTube video is retrieved. HTML Session Storage
yt.innertube::nextId Session Saves the user settings when a YouTube video is retrieved. HTML Session Storage
yt-remote-connected-devices Session Saves the user settings when a YouTube video is retrieved. HTML Session Storage
yt.innertube::requests Session Saves the user settings when a YouTube video is retrieved. HTML Session Storage
yt-player-bandwidth Session Saves the user settings when a YouTube video is retrieved. HTML Session Storage
yt-remote-session-app Permanent Saves the user settings when a YouTube video is retrieved. HTML Local Storage
yt-remote-cast-installed Permanent Saves the user settings when a YouTube video integrated on other websites is retrieved. HTML Local Storage
yt-remote-session-name Permanent Saves the user settings when a YouTube video is retrieved. HTML Local Storage
yt-remote-cast-available Permanent Saves the user settings when a YouTube video integrated on other websites is retrieved. HTML Local Storage
yt-remote-fast-check-period Permanent Saves the user settings when a YouTube video is retrieved. HTML Local Storage
sync_active Permanent Contains data regarding the visitors’ video preferences. HTML Local Storage

SERVER LOG FILES

The provider of the pages automatically collects and stores information in server log files, which your browser automatically transmits to the operator. This information includes:

  • Requested URL
  • Time of the server request
  • Anonymised IP address

We process your access data (see data listed above at point 2) to safeguard our legitimate interests or those of third parties. In particular, we pursue the following legitimate interests:

  • Guaranteeing IT security, in particular the security of the website;
  • Advertising or market and opinion research, unless you have objected to the use of your data
  • Assertion of legal claims and defence in legal disputes

These data are not merged with other data sources.

The basis for the data processing is Art. 6 (1) (f) GDPR which allows the processing of data for the performance of a contract or pre-contractual measures.

The data are automatically deleted after 6 months.

CONTACT FORMS

If you send the operator inquiries via a contact form (including event location queries), your details from the inquiry form including the contact data you provide in it are stored by the operator for processing the inquiry and for the event of follow-up questions. The operator will not pass these data on without your consent.

The data entered in the contact form are processed in accordance with Art. 6 (1) (b) GDPR.

The data you entered in the contact form are retained by the operator, until you request their deletion, revoke your consent for storage or the purpose for storing the data no longer applies (e.g., after your inquiry has been dealt with). This shall be without prejudice to mandatory statutory provisions – especially retention periods.

Videos

We have integrated YouTube and Vimeo videos on our website which are stored on the platforms and can be played directly from our website.

The videos are integrated in such a way that your personal data will be transmitted when the videos are played. We have no influence on the transmission of data that occurs after that. In connection with this, the providers place cookies that are stored on your terminal device and store information in the web storage.

YouTube

We as the operator of the YouTube channel and Google as the YouTube platform operator are jointly responsible for the processing of the personal data of subscribers, visitors and users that takes place on or via the channel.

For information about how Google handles personal data for the YouTube service please see Google’s data privacy statement.

We operate this YouTube channel to present ourselves and to communicate. Personal data of users are processed on the basis of our legitimate interests (Art. 6 (1) Sentence 1 (f) GDPR). When you click on an embedded video on our website, your personal data will be processed on the basis of your consent (Art. 6 (1) Sentence 1 (a) GDPR).

Vimeo

We as the operator of the Vimeo channel and Vimeo as the platform operator are jointly responsible for the processing of the personal data of subscribers, visitors and users that takes place on or via the channel.

For more information about how Vimeo handles personal data please see Vimeo’s data privacy statement.

We operate this Vimeo channel to present ourselves and to communicate. Personal data of users are processed on the basis of our legitimate interests (Art. 6 (1) Sentence 1 (f) GDPR). When you click on an embedded video on our website, your personal data will be processed on the basis of your consent (Art. 6 (1) Sentence 1 (a) GDPR).

4. WEBSITE ANALYSIS AND TRACKING

We use the Matomo web analysis service to analyse and continuously improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. We use Matomo without cookies or similar technologies and also do not access the terminal device in any other way. It is therefore not necessary to obtain your consent.

The data are processed on the basis of Art. 6 (1) Sentence 1 (f) GDPR.

The resulting information about the use of the website is transmitted exclusively to the operator’s servers and summarized in pseudonymous user profiles. The IP addresses are anonymized (IP masking), so that an assignment to individual users is not possible.

Matomo is hosted as a web analysis tool on the operator’s own servers. The collected data do not belong to any third-party providers and they will not be passed on to or viewed by any third parties. The data will be passed on only after your express consent, unless this is contrary to other legal requirements imposed by the authorities which oblige the operator to pass the said data on.

  1. NEWSLETTER

If you wish to receive the newsletter offered on the website, the operator needs an email address and information from you that allows the verification that you are the owner of the specified email address and agree to receive the newsletter. Further data will not be collected or only on a voluntary basis. The operator uses these data solely for sending the requested information and will not pass them on to third parties.

For subscriptions to our newsletter, we use the so-called double opt-in procedure. This means that when you register for the newsletter, we will send you an email asking you to confirm your registration. This confirmation serves to ensure that only persons who have access to the email address provided will subscribe to our newsletter. We log the registrations for the newsletter to be able to prove the registration process in compliance with the legal requirements. This includes the storing of the time of registration and the time of confirmation and of the IP address.

The data entered in the newsletter registration form are processed exclusively on the basis of your consent in accordance with Art. 6 (1) Sentence 1 (a), Art. 7 GDPR in conjunction with Section 7 (2) No. 3 UWG [German Act Against Unfair Competition] or on the basis of the legal permission in accordance with Section 7 (3) UWG. You can revoke the consent you gave for storing the data, the email address and their use for sending the newsletter at any time with effect for the future – via the “unsubscribe” link in the newsletter. The revocation will not affect the legality of the already effected data processing operations.
The operator will retain the data you provide for receiving the newsletter until you are unsubscribed from the newsletter and they will be deleted after the cancellation of the newsletter. This shall be without prejudice to data stored for other purposes by the operator (e.g. email addresses for the members’ area).

  1.  Virtual tour

When you click on the link for the virtual 360° tour of some of our properties, you will be redirected to the website of the provider Nexpics. A new browser window will open. We will not process any further personal data and will not receive such data from the provider. The provider’s data privacy statement applies: https://www.nexpics.com/datenschutz.html

  1.  VIDEO SURVEILLANCE ON THE EUREF CAMPUS

The roads and paths on the EUREF Campus are monitored by video for property protection. The property protection service has contractually agreed to abide by the applicable data protection regulations. The purpose of video surveillance is to protect you and your investments on the EUREF Campus and to prevent vandalism, burglary and theft.

All cameras are mounted so that they do not cover the windows of your leased areas or offices. The cameras on the property boundary cover only the immediate vicinity of the perimeter fences and walls and not public urban space or neighbouring buildings.

The legal basis for the video surveillance is our legitimate interest in accordance with Art. 6 (1) (f) GDPR.

The recordings are erased automatically after 48 hours. Image material is only passed on when an offence has been recorded. Recipients are solely the investigating law enforcement authorities.

8.          ONLINE SHOP

If you initiate an order in the operator’s online shop, your details from the inquiry form including the contact data you provide in it are stored by the operator for processing the inquiry, shipping the order and for the event of follow-up questions. These data will not be passed on without your consent.

The data entered in the online shop are processed on the basis of Art. 6 (1) (a) and (b) GDPR. You can revoke your consent at any time with effect for the future. This only requires an informal notification by email to datenschutz@euref.de. The legality of the data processing operations carried out up to the revocation remains unaffected by the revocation.

The data you entered in the online shop are retained by the operator, until you request their deletion, revoke your consent for storage or the purpose for storing the data no longer applies (e.g. after your order has been dealt with). This shall be without prejudice to mandatory statutory provisions – especially retention periods.

9.          SOCIAL MEDIA PRESENCE

We are active in social networks and on platforms, so that we can communicate with you and provide information about our services in social media as well.

We point out that this may entail processing of your data outside of the European Union and that usually the data will be processed for market research and advertising purposes. The behaviour and resulting interests of the users can be used to create user profiles. These user profiles may in turn be used, e.g., to place advertisements inside and outside of the platforms which presumably meet the user’s interests. To this end, cookies may be stored on the user’s computers which serve to store the usage behaviour and the interests of the users. Other data may also be stored in these user profiles, in particular if a user is a member of the platform and is logged in there.

On our website, we only link to our company profiles at the relevant social networks. Please note, however, that when you click on a link to a social network, data will be transmitted to that network’s servers. If you are logged in to that social network with your user name and password at the time, the information that you have visited our company profile on the social network from our website will be transmitted to it and the provider can save that information in your user account.

As a rule, we do not have any significant influence on the data processing of these social networks. However, we receive statistics from the providers about the use of and visits to our company profiles in the social networks (e.g. number of views, interactions such as likes and comments, summary demographic and other information or statistics). For more information about the data used by the providers please see the providers’ data protection statements linked below.

If we receive your personal data in the context of our social media presences (e.g. in the form of a message), you have the rights mentioned above in this data privacy statement. You can use the contact details above to send us your inquiries regarding data processing in the context of our company profiles.

If you wish to assert any further rights against the provider of the social network, the easiest way to do this is to contact the provider directly. The provider knows both the details of the technical operation of the platform and the associated data processing as well as the specific purposes of the data processing. The contact details are provided in the data privacy statements linked below. We will also be happy to assist you in asserting your rights, to the extent we can do this.

Personal data of users are as a rule processed on the basis of your consent (Art. 6 (1) Sentence 1 (a) GDPR). Moreover, the legal basis is Art. 6 (1) (b) GDPR if we receive and process your data through our social media presence on the occasion of a contract-related request. The legal basis for the linking and operation of our company profiles in social networks, including the receipt of statistics on the use of our company profiles, is Art. 6 (1) (f) GDPR, based on our legitimate interest in our corporate communication in the respective social networks.

For information about the relevant processing activities and the opt-out options please see the data privacy statements of the providers linked below:

  • Facebook (Meta Platforms Limited Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland); we operate our Facebook page based on an agreement with Facebook regarding the joint processing of personal data – data privacy statement: https://www.facebook.com/about/privacy/, opt-out: https://www.facebook.com/settings?tab=ads und http://www.youronlinechoices.com.
  • Instagram (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland), online service for sharing photos and videos, data privacy statementhttps://help.instagram.com/519522125107875/?helpref=hc_fnav
  • LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland), social network for maintaining existing and making new business contacts – data privacy statement https://www.linkedin.com/legal/privacy-policy, opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
  • Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland), microblogging service – data privacy statement: https://twitter.com/de/privacy, opt-out: https://twitter.com/personalization

10.           DATA PROTECTION INFORMATION FOR JOB APPLICANTS

The operator hereby provides you as job applicant and thus as the party affected by the data processing with information about the processing of your personal data by the companies in the EUREF company group and the rights you have under data protection law. Furthermore, the operator’s general data protection policy also applies.

During the course of the application process, we process the following personal data:

– your master data (such as first name, surname, name affixes, date of birth) – work permit / residence permit

– contact data (such as private address, (mobile) telephone number, email address),

– “skills” data (e.g. special knowledge and skills)

– if relevant for the advertised position: health suitability

Your personal data will be collected from you during the course of the recruitment process, especially from the application documents, the job interview, where appropriate, from the agreement of a trial period and the personnel questionnaire.

The operator will also receive data from third parties (e.g. the Employment Agency during the course of a job placement).

The operator processes your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (FDPA).

Primarily, the data processing serves the establishment of the employment relationship. The primary legal basis for this is Art. 6 (2) (a) GDPR.

Your data will be processed solely to fill the specific vacancy for which you have applied.

If your application is to be considered for other vacancies in the company, the operator will require your express consent thereto.

If you want to be included in an applicant pool should your application not be successful, the operator will require your express consent thereto.

If your application is not successful, your application documents will be deleted six months after the end of the application process at the latest, unless you have given us separate consent for longer retention (applicant pool).

If you are recruited, we will transfer your data from the application process and the application documents to your personnel file. Once the employment relationship ends, those personal data which we have to retain by law will continue to be stored. This arises as a rule from legal requirements for proof and retention, which are regulated, inter alia, in the Commercial Code and the Tax Code. The retention periods therein are up to ten years. In addition, personal data may be stored for the period during which claims can be asserted against us (statutory limitation period of three or up to thirty years).

Within the operator’s company, only those persons and departments involved in the decision to hire you will receive your personal data (HR department, specific department in question, company management).

11.           DATA TRANSMISSION TO THIRD COUNTRIES

Data will not be transferred to third countries (states outside of the European Union – EU).

12.           DATA TRANSMISSION TO THIRD COUNTRIES

Automated processing operations to bring about a decision are not used by the operator.

13.           WHISTLEBLOWER SYSTEM

Compliance with laws and internal regulations is a top priority for our company. Accordingly, we have supplemented our compliance system with a whistleblower system. Employees and business partners, but also third parties, may at any time report suspected cases of behaviour contrary to the rules.

Appropriate information can be provided in the context of our reporting procedure. The following personal data may be processed to gather hints and to clarify suspected cases of breaches of the rules: Details of the suspected person (e.g. surname, first name, function and employment details), details of the suspected breaches of conduct and details of the informant (e.g. surname, contact details). We ask the informant to refrain from providing sensitive information about the suspected persons, unless this is necessary to describe the matter.

The recipients of your data and your report are the internal compliance officers and, if required, other organisational units (e.g. the data protection officer) who need to be entrusted with clarifying the facts. Your personal data will as a rule not be transferred to any recipient outside of the EUREF Group. In certain cases, we may be obliged under Art. 14 (3) (a) GDPR to inform suspected persons within one month about the allegations made against them and the investigations carried out against them, which usually includes the following information: The fact that data have been stored, the categories of the data, the purpose of the processing and the identity of the controller and, if applicable, the whistleblower.

The establishment of our whistleblower system and the associated processing of personal data serves to fulfil legal obligations under Art. 6 (1) (c) GDPR in conj. w. Directive (EU) 2019/1937. Apart from this, we base the processing of personal data on a legitimate interest in the appropriate prevention and fighting of corruption in accordance with Art. 6 (1) (f) GDPR.

The personal data mentioned will be stored for as long as they are required for the clarification of the particular facts or for as long as they must be stored due to legal obligations.

As a rule, you as the informant can object to the processing of your personal data after you have submitted your report. However, we point out that we may be under a legal obligation in accordance with Art. 14 (3) (a) GDPR to disclose your personal data from the report. In that case, it may no longer be possible to stop the processing of your personal data despite your objection. Moreover, at the time of the objection, the processing of the data may have advanced so far already that deletion is no longer possible (if we, as the controller, have to clarify of the suspected case). Your objection to the processing of your personal data may also be ineffective if the nature of the hint requires the direct involvement of a public authority or a court. Once personal data have been disclosed to a public authority or a court, the data are located both in our documentation and in the case files of the public authority or court.

14.           EVENTS

If you register for one of our events, we will process your personal data for the purpose of the registration and for other purposes such as accreditation and follow-up. We may process categories of data such as contact data (name, address, email, telephone number, company) and, if applicable, also special categories of data such as health data (e.g. food allergies for catering). We also process these categories of personal data for accompanying persons if you register them.

If you have given your consent to the processing of data (this applies in particular to voluntary information), we will process your personal data on the basis of Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, insofar as special categories of data are processed in accordance with Art. 9 (1) GDPR. You can withdraw your consent at any time with future effect. If your data is required to fulfil a contract or to carry out pre-contractual measures (in particular mandatory information), we will process your data on the basis of Art. 6 (1) (b) GDPR.

Furthermore, we process your data if this is necessary to fulfil a legal obligation on the basis of Art. 6 (1) (c) GDPR (e.g. personal check in the case of high-profile events). Also, data may be processed on the basis of our legitimate interest in accordance with Art. 6 (1) (f) GDPR.

We will store the personal data we collect for the events for a period of six months after the end of the event, unless any other legal basis entitles or obliges us to store them for a longer period of time.

If you have registered for an event, it may be necessary to transfer your personal data to third parties (e.g. service providers) to fulfil the contract, in particular for the administration of participants. The data will be transmitted on the basis of a data processing agreement concluded with the third parties in accordance with Art. 28 GDPR.

15.           VIDEO RECORDING AND PHOTOS

In the context of events, we may make audio, photo and video recordings for the purpose of internal and external documentation. You may contact the photographer or cameraman at any time and state that you object to photos/videos of you being taken/made. You may also inform us after the event that you object to the processing of the recordings of your person (informal email is sufficient).

The legal basis for the data processing in the context of the production of the recordings is Art. 6 (1) (f) GDPR, based on our interest in documenting the event and our public image.

We may use the recordings made for documentation and external presentation purposes on our website and, possibly, in our social media profiles (Facebook, X, Instagram, LinkedIn) and in offline publications. When we do this, we will first edit the recordings (e.g. by selecting an image section) and then put the edited recordings online without naming you. As far as possible, we will try to use images in which you merely are an accessory.

The providers of the social media platforms may process and use for their own purposes the data that are posted on the platforms. This data processing is beyond our direct control.

16.           CAMPUS CATERING

Companies can use our campus catering services offered at our online store. To place orders, you need to register a user account. Using the login data provided, you can place your orders in the personal area.

For this registration, we may process personal data such as email address and other contact details. This will be done on the basis of (pre-)contractual measures in accordance with Art. 6 (1) (b) GDPR. On request, the user account will be deleted and the personal data linked to the account will be erased immediately. Contract data will be stored for up to three years after conclusion of a contract. Invoices will be stored for up to ten years.

Changes to this data protection information

The operator revises this data protection information when there are changes to this website or for other reasons that render this necessary. You can always find the latest version on this website. If you have any questions about data protection, please do not hesitate to contact the operator.

As of 30 August 2024

  1. VIDEO surveillance on the EUREF CAMPUS

The roads and paths on the EUREF Campus are monitored by video for property protection. The property protection service has contractually agreed to abide by the applicable data protection regulations.

All cameras are mounted so that they do not cover the windows of your leased areas or offices. The cameras on the property boundary cover only the immediate vicinity of the perimeter fences and walls and not public urban space or neighbouring buildings.

The purpose of this surveillance is the protection of property rights Art. 6 (1) lit. f) GDPR and Section 4 FDPA.

This serves to protect you and your investments in the EUREF Campus and to prevent vandalism, burglary and theft.

The recordings are erased automatically after 48 hours. Image material is only passed on when an offence has been recorded. Recipients are solely the investigating law enforcement authorities.

  1. ONLINE SHOP

If you initiate an order in the operator’s online shop, your details from the inquiry form including the contact data you provide in it are stored by the operator for processing the inquiry, shipping the order and for the event of follow-up questions. These data will not be passed on without your consent.

The data entered in the online shop are processed on the basis of Art. 6 (1) lit. a) + b) GDPR. You can revoke your consent at any time with effect for the future. This only requires an informal notification by email to datenschutz@euref.de. The legality of the data processing operations carried out up to the revocation remains unaffected by the revocation.

The data you entered in the online shop are retained by the operator, until you request their deletion, revoke your consent for storage or the purpose for storing the data no longer applies (e.g. after your order has been dealt with). This shall be without prejudice to mandatory statutory provisions – especially retention periods.

Links to other sites

The operator’s pages contains links to external third-party websites, over whose content the operator has no influence. Thus no guarantee can be provided for such third-party content. The pertinent provider or operator of those sites is responsible for the content of the linked pages. The linked pages were examined for potential illegal activity when the link was created. No illegal content was apparent at the time the link was made. Permanent inspection of the linked pages’ content is not reasonable, however, without concrete evidence of a corresponding illegal activity. Such links shall be removed without undue delay once such violations become known.

data protection information for job applicants

Information about the processing of job applicant data

The operator hereby provides you as job applicant and thus as the party affected by the data processing with information about the processing of your personal data by the companies in the EUREF company group and the rights you have under data protection law. Furthermore, the operator’s general data protection policy also applies.

controller for data processing and data protection officer

The data processing controller is:

EUREF AG
EUREF Campus 3
10829 Berlin
Email: datenschutz@euref.de

EUREF AG acts as a central HR department for the companies in the EUREF company group.

The data protection officer IS:

mip Consult GmbH
Jan Käding
Wilhelm-Kabus-Str. 9
10829 Berlin
E-Mail:  j.kaeding@mip-consult.de

SCOPE OF DATA COLLECTION AND ORIGIN

During the course of the application process, we process the following personal data:

– your master data (such as first name, surname, name affixes, date of birth) – work permit / residence permit

– contact data (such as private address, (mobile) telephone number, email address),

– “skills” data (e.g. special knowledge and skills)

– if relevant for the advertised position: health suitability

Your personal data will be collected from you during the course of the recruitment process, especially from the application documents, the job interview, where appropriate, from the agreement of a trial period and the personnel questionnaire.

The operator will also receive data from third parties (e.g. the Employment Agency during the course of a job placement).

PURPOSE AND LEGAL BASIS OF DATA PROCESSING

The operator processes your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (FDPA).

Primarily, the data processing serves the establishment of the employment relationship. The principle legal base herefor is Art. 88 (1) GDPR in combination with Section 26 (1) FDPA.

Your data will be processed solely to fill the specific vacancy for which you have applied.

If your application is to be considered for other vacancies in the company, the operator will require your express consent thereto.

If you want to be included in an applicant pool should your application not be successful, the operator will require your express consent thereto.

Duration of data storage

If your application is not successful, your application documents will be deleted six months after the end of the application process at the latest, unless you have given us separate consent for longer retention (applicant pool).

If you are recruited, we will transfer your data from the application process and the application documents to your personnel file. Once the employment relationship ends, those personal data which we have to retain by law will continue to be stored. This arises as a rule from legal requirements for proof and retention, which are regulated, inter alia, in the Commercial Code and the Tax Code. The retention periods therein are up to ten years. In addition, personal data may be stored for the period during which claims can be asserted against us (statutory limitation period of three or up to thirty years).

recipients of your personal data

Within the operator’s company, only those persons and departments involved in the decision to hire you will receive your personal data (HR department, specific department in question, company management).

Your rights as data subject:

You have the rights under Articles 15-22 GDPR:

– right to information (Art. 15 GDPR)

– right to correction (Art. 16 GDPR)

– right to deletion (Art. 17 GDPR)

– right to restriction of the processing (Art. 18 GDPR)

– right to object to processing (Art. 21 GDPR)

– right to data portability (Art. 20 GDPR)

To that end, please contact:

EUREF AG

EUREF Campus 3

10829 Berlin

Email: datenschutz@euref.de

your right to complain

You can submit your complaint to the aforementioned data protection officer or a data protection supervisory authority. The data protection supervisory authority responsible for the operator is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit [Berlin Commissioner for Data Protection and Freedom of Information]

Friedrichstraße 219

10969 Berlin

Email: mailbox@datenschutz-berlin.de

data transmission to third countries

Applicant data are not transmitted to third countries.

AUTOMATED INDIVIDUAL DECISIONS OR MEASURES FOR PROFILING

Automated processing operations to bring about a decision are not used by the operator.

Changes to these data protection information

The operator revises this data protection information when there are changes to this website or for other reasons that render this necessary. You can always find the latest version on this website.

If you have any questions about data protection, please do not hesitate to contact the operator.

Last amended: 4 April 2023