BOOST GROUP PRIVACY POLICY

The Boost Group is committed to protecting your Personal Data, taking its commitment in this regard very seriously. For this reason, we would like to take this opportunity to inform you about the Processing of your data, specifically the type, scope and purpose of its collection and use. 

Our company always strives to ensure the comprehensive protection of your data, while fully complying with applicable legal regulations, in particular the European General Data Protection Regulation (GDPR), the Swiss revised Data Protection Law (revDSG) and the German Federal Data Protection Act (BDSG), as well as any other country-specific data protection regulations applicable to us. 

As the Controller, the company has implemented numerous technical and organizational measures to ensure the most complete protection of Personal Data processed on its website.  

This Privacy Policy is intended to inform Data Subjects about the nature, scope and purpose of the Personal Data that we collect, use and process, especially in connection with our website. It will, in addition, inform you, the Data Subject, of your rights. 

The information will always be kept available for download on our website. 

 

1.Definitions

Our Privacy Policy is based on the terms used by European lawmakers in the GDPR. The aim is to ensure that the general public can easily read and understand the Policy’s provisions, including our customers and business partners. For this purpose, we would like to explain some of the terms used in advance. 

  1. Processor: a Processor is a natural or legal person, public authority, agency or other body that processes Personal Data for the Controller. 
  2. Data Subject: Data Subject refers to any identified or identifiable natural person whose Personal Data is processed by the Controller. 
  3. Cookies: Cookies are text files that are placed and stored on a computer system by means of an internet browser. 
  4. Third Party: a Third Party is a natural or legal person, public authority, agency or other body other than the Data Subject, the Controller, the Processor and the persons authorized to process the Personal Data under the direct responsibility of the Controller or the Processor. 
  5. Recipient: a Recipient is a natural or legal person, public authority, agency or other body to which Personal Data is disclosed, whether or not it is a Third Party. However, public authorities that may receive Personal Data in the context of a specific investigative task under EU or Member State law are not considered Recipients. 
  6. Consent: Consent means any freely given specific and informed indication of the Data Subject’s wishes, in the form of a statement or other unambiguous affirmative act by which the Data Subject signifies his or her agreement to the Processing of his or her Personal Data. 
  7. Personal Data: Personal Data means any information relating to an identified or identifiable natural person (Data Subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 
  8. Pseudonymization: Pseudonymization is the Processing of Personal Data in such a way that the Personal Data can no longer be attributed to a specific Data Subject without the use of additional information, providing such additional information is kept separate and is subject to technical and organizational measures to ensure that the Personal Data are not attributed to an identified or identifiable natural person. 
  9. Profiling: Profiling is any type of automated Processing of Personal Data that consists of using such Personal Data to evaluate certain personal factors relating to a natural person, in particular to analyse or predict factors relating to the natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location. 
  10. Processing: Processing means any operation or set of operations which is performed on Personal Data, whether or not by automatic means, such as collection, logging, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. 
  11. Controller: the Controller is the natural or legal person, public authority, agency or other body that, solely or jointly with others, determines the purposes and means of the Processing of Personal Data. Where the purposes and means of such Processing are determined by EU or Member State law, the controller may be legally appointed or subject to specific criteria defined by law. 

 

2. Name and address of Controller.

This Privacy Policy applies to all data that we process in our capacity as Controller within the meaning of the GDPR, other data protection laws applicable in EU Member States and other provisions of a data protection nature:  See imprint

You can reach our Data Protection Officer at the address of Boost Services AG (see imprint), or by sending an email to dataprivacy@boostgroup.eu.

Data Subjects may always address any questions or suggestions regarding data protection directly to our Data Protection Officer. 

3. Cookies 

Our webpages make use of cookies. These small text files are automatically created by an internet browser and stored on a computer system or end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device, nor do they contain any viruses, Trojans or other malware. The information stored in the cookie (i.e. the cookie ID) is related to the specific end device used. A cookie ID is a unique identifier of the cookie, consisting of a string of characters by which webpages and servers can be assigned to the specific internet browser by means of which the cookie was saved. It enables the visited webpages and servers to distinguish the Data Subject’s browser from other internet browsers that contain other cookies. Although a specific internet browser can be recognized and identified by the unique cookie ID, it is not the case that we thereby gain immediate knowledge of your identity.

Cookies allow us to provide you, the user, with more user-friendly services that would not be possible without the cookie setting. Using a cookie makes it possible to personalize the information and offers on our website in order to meet user interests. As previously mentioned, cookies enable us to recognize the users of our website and, thereby, make it easier for them to use the site.

For example, “session cookies” may be used to identify your previous visits to individual pages of our website. These cookies are automatically deleted after you leave our site.

The data processed by technically necessary cookies is required for the above-mentioned purposes of protecting our legitimate interests pursuant to Art. 6(1)(1)(f) GDPR.

Other temporary cookies used to enhance user-friendliness may also be stored on your terminal device for a defined period of time. Should you return to our site in order to make use of our services, they allow us to automatically recognize you as a repeat visitor and identify the entries and settings that you previously used, so that you do not have to enter them again. For example, the user of a website that uses cookies does not have to re-enter his or her access data each time he or she visits the site, as this procedure is handled by the website after being triggered by the cookie stored on the user’s computer system. Another example is the cookie for a shopping cart in an online store. The online store uses cookies to remember the items that a customer has placed in the virtual shopping cart.

Still other types of cookies are used to statistically record use of our website and to evaluate it in order to improve our services for you. These cookies enable us to automatically recognize that you have previously visited our site, should you happen to return. They are automatically deleted after a defined period of time.

The legal basis for setting these cookies, which are not technically necessary for the operation of the homepage, is your consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time by deleting the cookies in your browser. Please note that the withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent prior to withdrawal.

4.Scope, legal basis and purpose of the collection of general data and information and their processing

Our website collects a variety of general data and information each time a Data Subject accesses the site, storing it in log files on the server. The following general data and information may be logged

  • browser types and versions used,
  • operating system used by the accessing system,
  • website from which an accessing system arrives at our website (“http referrer”),
  • sub-websites that are accessed via an accessing system on our website,
  • date and time of an access to the internet site,
  • internet protocol address (IP address),
  • internet service provider of the accessing system,
  • other similar data and information that serve to avert danger in the event of attacks on our information technology systems, and
  • user name and password in the customer login area.
 
No conclusions are drawn about the Data Subject when using this general data and information. It is rather required in order to
  • deliver the contents of our website correctly,
  • optimize the content of our website and the advertising for it,
  • ensure the long-term functionality of our information technology systems and the technology of our website, and
  • provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack. Therefore, the data and information collected is statistically analysed by us and/or evaluated with the aim of increasing the data protection and data security of our enterprise in order to ultimately ensure the best possible level of protection for the Personal Data we process. The data in the server log files is stored separately from any Personal Data provided by a Data Subject.

The legal basis for the collection and storage of the above-mentioned data is our legitimate interests pursuant to Art. 6(1)(1)(f) GDPR involving the maintenance and operation of a homepage.

5.Sharing data; Recipients

To provide you with the best possible service and to promote our business, we may transfer certain data internally or to selected Third Parties. There may also be a specific legal or statutory obligation that requires us to disclose your Personal Data to Third parties.

The parties to which we may disclose your information include:

  • other affiliates or subsidiaries of companies in the Boost group of companies, e.g., to provide basic technology to support the services we provide;
  • our service providers, e.g., for managing or hosting services and/or enabling technology for the services we provide;
  • our business partners, to the extent you have purchased or expressed interest in a product or service from such business partner, interacted with such business partner, or otherwise consented to the disclosure of your personal information to such business partner;
  • cooperating partners or organizations, for example, to provide usage information to companies that provide you access to our services, if you access our products through such companies;
  • a buyer or successor in interest in a sale or other corporate transaction involving part or all of our business;
  • other parties, e.g., as needed for external audits, compliance, risk management, corporate development and/or corporate governance matters; or government entities and government agencies, as required by applicable law.
  • Google (see Section 19b, below).

Whenever we share Personal Data internally or with Third Parties in other countries, we will implement appropriate safeguards in accordance with applicable data protection laws, including, where applicable, the EU Standard Contractual Clauses when transferring data to countries outside the European Union or the European Economic Area. As required by applicable law, Third Parties must use appropriate safeguards to protect Personal Data and may only access Personal Data as needed to perform their respective tasks.

Your Personal Data will not, however, be transferred to Third Parties for any purposes other than those set out in this Privacy Policy. In this respect (and in accordance with Art. (6)(1)(1) GDPR), we only share your Personal Data with Third Parties if:

  1. you have given your express consent to this;
  2. the disclosure is necessary to safeguard our legitimate interests (e.g. data transfer within the group of companies) or to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data;
  3. in the event that there is a legal obligation to pass it on, and;
  4. this is legally permissible and necessary for the processing of contractual relationships with you.
 

6.Registration on our website 

As a Data Subject, you may choose to provide Personal Data in order to register on our website. This data will be transmitted to us in our capacity as Controller on the basis of the input screen used for the registration process. The Personal Data you enter will be collected and stored exclusively for our internal use and/or own purposes. We or the Controller, as the case may be, may arrange for the transfer to one or more Processors, for example a payment service or logistics company. They will also use the Personal Data exclusively for an internal purpose attributable to us.

Registering on our website also means that the IP address assigned by the internet service provider (ISP) of the person concerned, the date and the time of registration are also recorded. This data is stored because such a practice is the only way to prevent misuse of our services and, if necessary, to enable us to investigate crimes that have been committed. In this respect, the storage of this data is necessary for our protection. As a matter of principle, this data is not disclosed to Third Parties, unless there is a legal obligation to disclose it or the disclosure serves the purpose of criminal prosecution.

Your registration with voluntary provision of Personal Data enables us to offer you content or services that, due to the nature of the matter, can only be offered to registered users. Registered persons are free to amend the Personal Data provided during registration at any time or to have it completely deleted from our database.

You may request information about the Personal Data retained about you, the Data Subject, at any time. Furthermore, we will correct or delete Personal Data at your explicit request or notice, providing this action does not conflict with any statutory retention obligations. Our aforementioned Data Protection Officer (see Section 2) and all of our employees are available to you as contact persons in this connection.

7.Subscription to our newsletter 

On our website, users are offered the opportunity of subscribing to our company’s newsletter. The Personal Data transmitted to us in our capacity as Controller when subscribing to the newsletter is specified in the corresponding input screen. 

This newsletter is used to inform our customers and business partners at regular intervals about current offers from our company. The newsletter can generally only be received by you, the Data Subject, if  

  • you have a valid email address and
  • you subscribe to the newsletter.
 

A confirmation email is sent to the email address initially entered by a Data Subject for newsletter subscription using the double opt-in procedure. This confirmation email serves to verify whether the owner of the email address is the Data Subject and has authorized the receipt of the newsletter. Only after confirmation is the subscription to the newsletter completed.

We also store the IP address that the internet service provider (ISP) assigns to the computer system used by the Data Subject when subscribing to the newsletter, as well as the date and time of the subscription. The collection of this data is necessary in order to track the (possible) misuse of a Data Subject’s email address at a later date and therefore provides us with legal protection.

Personal Data collected in connection with newsletter subscription will be used exclusively for the purpose of distributing our newsletter. Furthermore, newsletter subscribers may be informed by email of any changes to the newsletter offer or technical circumstances, should it be necessary for either the subscription to or provision of the newsletter service. No Personal Data collected as part of the newsletter service will be shared with Third Parties.

Your Consent in accordance with Art. 6(1)(a) GDPR provides the legal basis for the collection and Processing of your data in connection with newsletter subscription.

The subscription to our newsletter can be cancelled by you at any time. Your consent to the retention of Personal Data, which you have provided so we can send you the newsletter, can be withdrawn at any time with future effect. The lawfulness of the data processing up to the time of withdrawal remains unaffected. A corresponding link can be found in each newsletter for the purpose of withdrawing Consent. Furthermore, it is also possible to unsubscribe from the newsletter at any time directly on our website or to notify us of the cancellation in another way.

8.Newsletter tracking 

Our newsletter contains tracking pixels, which are miniature graphics embedded in emails sent in HTML format to enable log file tracking and log file analysis. This process allows us to statistically evaluate the success or failure of online marketing campaigns. Based on the embedded tracking pixels, we can determine if and when an email was opened by a Data Subject, and the links contained in the email that the Data Subject clicked.

Personal Data collected by the tracking pixels contained in the newsletters is retained and evaluated in order to improve newsletter distribution and to better adapt the content of future newsletters to the interests of the Data Subject. This Personal Data will not be disclosed to any other Third Parties. The separate declaration of Consent made by means of the double opt-in procedure in this regard may be withdrawn at any time with future effect. After withdrawal, we or the Controller will delete your Personal Data. Cancellation of a newsletter subscription will be automatically interpreted as a withdrawal of Consent.

The legal basis for the collection and processing of your data in the context of newsletter tracking is your consent pursuant to Art. 6(1)(a) GDPR, which can be withdrawn at any time with future effect but without affecting the lawfulness of the Processing up to the time of the withdrawal.

9.Contact option via the website 

Due to legal regulations and other reasons, our website contains information that enables quick electronic contact with our company as well as direct communication with our representative. If you contact us by email or by using our contact form, the Personal Data you provide will be automatically saved. Any Personal Data that you voluntarily submit to us will be retained for the purpose of processing your request or contacting you, and will not be shared with Third Parties. Personal Data sent by e-mail or the contact form will be deleted when the respective conversation with the user has ended and no relevant retention periods prevent the deletion. The conversation is ended when circumstances indicate that the matter in question has been conclusively settled.

The legal basis for this Processing is usually our legitimate interest pursuant to Art. 6(1)(f) or Art. 6(1)(b) GDPR, if the purpose is to fulfil or initiate a contract with you.

 

10.Data Collected through mobile apps 

As part of the services that Boost provides, Boost sometimes creates app for smartphones and/or tablets on the basis of iOS and/or for Android. Such apps will be published on the respective app stores. The personal data that is collected and processed when you download the app in your app store, is under the responsibility of the app store owner. 

Depending on the purpose and functionality of the app, the app may collect your personal data. In compliance with the relevant national data privacy regulations, the app will present the user with such information and functionality, as getting consent, explaining the purpose of personal data processing, the legal basis and the duration of personal data retention.


11.Routine deletion and blocking of Personal Data 

We process and retain your Personal Data only for the period of time necessary to achieve the purpose for which it is collected or insofar as this retention is required EU or relevant national lawmakers, whose laws or regulations apply to us, e.g. due to retention periods.

If the reason for retention no longer applies or if a retention period prescribed by the EU or national lawmakers applicable to us expires, the Personal Data will be routinely deleted, blocked or restricted for Processing in accordance with the statutory provisions.

 

12.Rights of the Data Subject 

As a Data Subject, you are afforded the rights listed below, which you may assert against us at any time:

  1. Right of appeal Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the supervisory authority of your usual place of residence or place of work or our registered office in accordance with Art. 77 GDPR, should you be of the opinion that the Processing of Personal Data concerning you violates the GDPR.  The supervisory authority to which the complaint is lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.
  2. Right to confirmation Under Art. 15 GDPR, you have the right to request confirmation from us at any time concerning our Processing of your Personal Data. 
  1. Right to information Pursuant to Art. 15 GDPR, you also have the right to obtain information from us at any time and free of charge about the Personal Data that we retain about you. Furthermore, you are also entitled to request other information, including the following: 
 
 
  • Processing purposes;
  • categories of Personal Data that are being processed;
  • Recipients or categories of Recipients to which the Personal Data had been or will be disclosed, in particular in the case of Recipients in third countries or international organizations;
  • if possible, planned duration for which the Personal Data will be retained or, if this is not possible, the criteria for determining this duration;
  • existence of a right to obtain the rectification or erasure of your Personal Data or to restrict Processing by the Controller, or a right to object to such Processing;
  • existence of a right of appeal to a supervisory authority;
  • any available information on the origin of the data, if the Personal Data has not been collected from and by the Data Subject himself/herself;
  • existence of automated decision-making, including Profiling, pursuant to Article 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such Processing for you, the Data Subject.
  •  
  • Furthermore, you have the right to be informed whether Personal Data has been transferred to a third country or to an international organization. If so, you also have the right to obtain information about the appropriate safeguards in connection with the transfer.
  •  
  •  
  1. Right to rectification In addition, Art. 16 GDPR entitles you to demand the immediate correction of any inaccuracies in your Personal Data. Furthermore, you have the right to request the completion of incomplete Personal Data – including by means of a supplementary declaration – taking the purposes of the Processing into account. 
  2. Right to erasure (right to be forgotten). Under Art. 17 GDPR, you may also request that your Personal Data be erased without undue delay, providing one of the following reasons specifically applies and providing the Processing is not necessary: 
 
 
  • Personal Data was collected or otherwise processed for such purposes for which it is no longer necessary;
  • Data Subject withdraws the Consent on which the Processing was based pursuant to Art. 6(1)(a) GDPR and there is no other legal basis for the Processing;
  • Data Subject objects to the Processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the Processing, or the Data Subject objects to the Processing pursuant to Art. 21(2) GDPR;
  • Personal Data has been processed unlawfully;
  • erasure of Personal Data is necessary for compliance with a legal obligation under EU or Member State law to which the Controller is subject.
  •  
  • If the Personal Data has been made public by us, and our company, as the Controller, is required to erase the Personal Data pursuant to Article 17(1) GDPR, we shall implement reasonable measures, including technical measures, taking into account the available technology and the cost of implementation, in order to inform other data controllers processing the published Personal Data that you, as the Data Subject, have requested these other data controllers to erase all links to such Personal Data or copies or replications of such Personal Data.
  •  
  •  
  1. Right to restrict Processing Article 18 GDPR entitles you to request restriction of Processing if one of the following conditions is met:
 
 
  • accuracy of the Personal Data is contested by the Data Subject for a period enabling the Controller to verify the accuracy of the Personal Data;
  • Processing is unlawful, the Data Subject objects to the erasure of the Personal Data and requests instead restriction of the use of the Personal Data;
  • Controller no longer needs the Personal Data for the purposes of the Processing, but the Data Subject needs it for the establishment, exercise or defence of legal claims;
  • Data Subject has objected to the Processing pursuant to Article 21(1) GDPR, and it is not yet clear whether the legitimate grounds of the Controller override those of the Data Subject.
 
 
  1. Right to data portability Pursuant to Art. 20 GDPR, you have the right to receive any Personal Data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, providing the Processing is based on Consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, providing the Processing has been carried out with the aid of automated procedures and providing the Processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller. When, furthermore, exercising your right to data portability pursuant to Article 20(1) GDPR, you have the further right to have the Personal Data transferred directly from us to another controller, insofar as this is technically feasible and insofar as this does not adversely affect the rights and freedoms of other persons.
  2. Right of objection Furthermore, Art. 21 GDPR grants you the right, at any time and for reasons arising from your particular situation, to object to the Processing of Personal Data relating to you that is being carried out on the basis of Art. 6(1)(f) GDPR. This also applies to Profiling based on these provisions. In the event of such objection, we shall no longer process the Personal Data unless we can demonstrate compelling legitimate grounds for the Processing which override your interests, rights and freedoms as a Data Subject or unless the Processing serves the purpose of asserting, exercising or defending legal claims. If we process Personal Data for the purpose of direct marketing, you have the right to object at any time to the processing of Personal Data for such purpose. This also applies to Profiling, insofar as it is associated with such direct marketing. If you object to our Processing for direct marketing purposes, we will, of course, no longer process this Personal Data for such purposes.
  3. Automated decisions in individual cases including Profiling Under Art. 22 GDPR and subject to the restrictions of Section 37 BDSG, you also have the right not to be subject to a decision based solely on automated processing – including Profiling – that produces legal effects concerning you or significantly impacts you in a similar manner, providing the decision is
 
 
  1. not necessary for the conclusion or performance of a contract between you and us; or
  2. permitted by legislation of the EU or the Member States to which we are subject and that legislation contains appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the Data Subject; or
  3.  made with your explicit Consent.
 
  •  
  • If the decision is necessary for the conclusion or performance of a contract between you and us or if it is made with your explicit consent, we will take reasonable steps to safeguard your rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a responsible person, to express your point of view and to contest the decision
  •  
 
  1. Right to withdraw Consent under data protection law. To clarify, we explicitly reiterate that you have the right under Art. 7(3) GDPR to withdraw your Consent to the Processing of Personal Data at any time. If you would like to exercise one of the rights to which you are entitled in accordance with subsections b) to j) of this section and make use of your rights, please contact our Data Protection Officer referred to in Section 2 above or another member of our staff at any time. In the event that the right to erasure (subsection e) and restriction of processing (subsection f) is asserted, we will comply with the respective request without undue delay and, in individual cases, take the necessary steps.
 
 
 
13.Data protection during applications and the application process 
 

Our company collects and processes your Personal Data as a job applicant for the purpose of completing the application process. The legal basis for this activity is Art. 6(1)(b) GDPR, in conjunction in Germany with Section 26(1)(1) BDSG. The processing may also take place electronically, as is particularly the case if you send us corresponding application documents electronically, for example by email or via a web form located on the website. We have set up our own homepage for our job advertisements at www.boostjobs.eu or www.boost-jobs.ch.

If the application process is successful and we conclude an employment contract with you, the transmitted data will be stored for the purpose of Processing the employment relationship in compliance with the statutory provisions pursuant to Section 26 BDSG.

If the application process does not end successfully and we do not conclude an employment contract with you, the application documents will be deleted six weeks after the end of the application process, unless we agree otherwise with you or there are other legitimate interests that prevent deletion. Other legitimate interests in this sense include, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG) in Germany.

14.General information on the legal basis for Processing 
 
Art. 6(1)(a) GDPR serves as the legal basis for our company with regard to processing operations in which we obtain Consent for a specific processing purpose. If the Processing of Personal Data is necessary for the performance of a contract concluded between you and us, as is the case, for example, with processing operations that are necessary for a delivery of goods or the provision of another service or consideration, the Processing is based on Art. 6(1)(b) GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation by which the processing of Personal Data becomes necessary, such as for the fulfilment of tax obligations, the processing is based on Art. 6(1)(c) GDPR. In rare cases, the Processing of Personal Data might become necessary to protect vital interests of you or another natural person. Such would be the case, for example, if a visitor were to be injured on our premises and, as a result, his or her name, age, health insurance data or other vital information had to be transferred to a doctor, hospital or other Third Party. The Processing would then be based on Art. 6(1)(d) GDPR. Finally, processing operations could be based on Art. 6(1)(f) GDPR if the Processing is necessary to protect a legitimate interest of our company or a Third Party, providing the interests, fundamental rights and freedoms of the Data Subject are not overridden.
 
 
15.Legitimate interests in the Processing pursued by the Controller or a Third Party. 
 
If the Processing of Personal Data is based on Article 6(1)(f) GDPR, our legitimate interest may, in addition to the cases already mentioned in this policy statement, include the conduct of our business to benefit the well-being of all our employees and shareholders.
 
 
16.Period for which Personal Data is retained. 

The criterion determining the period for the retention of Personal Data is the respective statutory retention period. The relevant data is routinely deleted on expiry of this period. Finally, the retention period is also based on statutory limitation periods.
 
 
 
17.Legal or contractual requirements to provide Personal Data; necessity for the conclusion of a contract; obligation of the Data Subject to provide Personal Data; possible consequences of not providing the data. 

We would also like to inform you that the provision of Personal Data may be necessary for the conclusion of a contract if, for example, you contact us via our homepage in the course of initiating a contract. Failure to provide Personal Data would mean that the contract with you cannot be concluded.

Otherwise, you are not required to provide your data when visiting our website, although failure to do so will make it technically impossible for you to visit our homepages.

A Data Subject may contact our Data Protection Officer prior to providing personal data. Our Data Protection Officer will inform the Data Subject on a case-by-case basis whether the provision of the Personal Data is required by law or by contract, whether it is necessary for the conclusion of a contract, whether there is an obligation to provide the Personal Data and what the consequences of not providing the Personal Data would be.

 

18.Existence of automated decision-making 

As a responsible company, we do not use automatic decision-making or Profiling.

 
19. Data security 

When you visit our website, we use the widespread SSL (Secure Socket Layer) procedure in conjunction with the highest encryption level supported by your browser. As a rule, this is 256-bit encryption. Should your browser not support 256-bit encryption, we will use 128-bit v3 technology instead. You can tell whether an individual sub-page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the status bar of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by Third Parties. Our security measures are continuously improving to keep pace with technological developments.

 
 
20.Data protection information on direct marketing and Google Analytics 
 
The following special topics relevant to data protection are important in the context of our internet presence:

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by Third Parties. Our security measures are continuously improving to keep pace with technological developments.

  1. Privacy policy on the use and application of direct marketing We are entitled to use the e-mail address that you provided when registering for services requiring registration for purposes of direct marketing of our own or similar services, as well as for general information about our services. The legal basis for this usage is our legitimate interest in direct marketing pursuant to Art. 6(1)(f) GDPR. If, however, you do not wish to receive direct marketing messages (any longer), you may refuse this use of your e-mail address at any time without incurring any costs other than the transmission costs according to the prime rates. To do so, simply write to us at the address given in the respective e-mail, use our aforementioned e-mail address at dataprivacy@boostgroup.eu or contact us by using our general contact form at https://www.boostgroup.eu/de/kontakt. 
  2. Google Analytics The Controller has integrated the Google Analytics component (with anonymization function) into this website. Google Analytics is a web analysis service for the collection, compilation and analysis of data about the behaviour of visitors to websites. A web analysis service collects information such as data about the website from which you came to our site (“referrer”), which subpages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is mainly used for website optimization and for the cost-benefit analysis of internet marketing.
 
  • The operating company of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”).
  • The Controller uses the addition “gat._anonymizeIp” for web analysis using Google Analytics. By means of this extension, the IP address of your internet connection will be shortened and anonymized by Google if access to our webpages is from a member state of the European Union or from another state party to the Agreement on the European Economic Area.
  • The purpose of the Google Analytics component is to analyse the flow of visitors to our website.
  • The Processing is essentially carried out by Google.
  • Google uses the data and information obtained to evaluate the use of our website, to compile online reports for us showing the activities on our website, to provide other services related to the use of our website, etc.
  • Google may also use the data for any of its own purposes, such as Profiling, and link it to other data about you, such as search history, any personal Google accounts, usage data from other devices and any other data that Google may possess about you.
  • Your data will therefore also be transferred to the USA and stored there. Under certain circumstances, US authorities may also gain disproportionate access to your data in contravention of European data protection law.
  • The legal basis for the use of Google Analytics is your Consent pursuant to Art. 6(1)(a) As is always the case with Consent, you can withdraw it at any time with future effect. The lawfulness of the processing activity carried out until the withdrawal is thereby unaffected.
  • Google Analytics sets a cookie on your information technology system. Cookies have been generally explained above but, in this case, the cookie that Google Analytics sets enables Google to analyse your use of our website. Each time you access one of the individual pages of the site operated by the Controller into which a Google Analytics component has been integrated, the internet browser on your information technology system is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of Personal Data, such as your IP address, which Google uses in multiple ways, including its use to track the origin of visitors, to monitor clicks and subsequently to enable commission calculations.
  • The cookie is used to store personal information, such as the time of access, the location from which access originated and the frequency of your visits to our website. Each time you visit our website, this personal information, including the IP address of the internet connection you are using, is transmitted to Google in the United States of America. This Personal Data is stored by Google in the United States of America. Google may disclose this Personal Data collected in this technical process to Third Parties.
  • As described above, you can prevent our website from setting cookies at any time by adjusting the settings of the utilized internet browser and thus permanently block the setting of cookies. Such a setting of the internet browser would also prevent Google from setting a cookie on your information technology system. In addition, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.
  • Furthermore, you may object to the collection of data generated by Google Analytics and related to the use of this website, as well as to the Processing of this data by Google, and prevent such Processing. To do so, you must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on uses JavaScript to tell Google Analytics that no data and information about website visits may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google as a withdrawal. Should your information technology system be deleted, formatted or reinstalled at a later point in time, you will have to reinstall the browser add-on.
  • Further information and the applicable Privacy Policy of the Third-Party provider Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001 can be found at:
  •  
  • User Terms: http://google.com/analytics/terms/de.html
  • and
  • Privacy Policy: http://www.google.de/intl/de/policies/privacy
 
 
21. Links to our social media pages on the networks of Facebook, Twitter, Instagram, LinkedIn, Xing and Vimeo. 
 

We do not use plug-ins from social networks on our websites. The visible icons are merely links to our social media profiles on the networks of Facebook, Twitter, Instagram, LinkedIn, Xing and Vimeo.

When you click these links, the respective site operator processes your Personal Data. If you maintain a profile there and are logged in, the visit to our pages may be linked to your profile.


22.Updating and amending this Privacy Policy 

This Privacy Policy is currently valid and was last updated in April 2022.

Further development of our internet and service offerings or changes in legal or regulatory requirements may make it necessary to amend this Policy.  

You can access and print out the current Privacy Policy at any time on the website at https://www.boostgroup.eu/de/datenschutz-und-cookie-richtlinie