privacy policy

The protection of your personal data during your visit to our website is very important to us. Your data is protected in accordance with legal regulations. We would like to inform you below about the nature and extent of the processing of personal data on this website in accordance with Article 13 of the General Data Protection Regulation (GDPR).

Responsible party

gratus GmbH
Nymphenburgerstraße 4
80335 Munich                                                                                                                                                                                          Germany
+49 (0)89 24880580
infogratus-solutionscom

Data protection officer

The external Data Protection Officer pursuant to Article 37(7) is:

Arndt Halbach
GINDAT GmbH
Wetterauer Str. 6
42897 Remscheid                                                                                                                                                                  Germany                                                                                                                                                                                              +49 (0)2191 909430
arndt.halbach@gindat.de

The responsible entity is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Data processing via the website

Your visit to our website is recorded only in an anonymised form. This data is collected solely for the purpose of improving our web services and for error analysis, based on Article 6(1)(f) of the GDPR. You can visit our website without providing any personal information.

Please note that data transmission over the internet (e.g., communication by email) may have security vulnerabilities. Complete protection of data from access by third parties is not possible. Therefore, you should send us confidential information by other means, such as by post.

Applications

The controller processes the personal data of applicants for the purpose of handling the application procedure. The legal basis for this is Section 26 (1) Sentence 1 of the German Federal Data Protection Act (BDSG). Processing may also take place electronically, particularly when an applicant submits application documents by electronic means—for example, via email or through a web form provided on the website.

If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of managing the employment relationship in compliance with legal requirements. If no employment contract is concluded, the application documents will be deleted after the position has been filled, provided there are no other legitimate interests of the controller that prevent deletion. A legitimate interest in this context could be, for example, the burden of proof in a proceeding under the General Equal Treatment Act (AGG). For this purpose, the data is stored for six months after the application process has ended and then deleted.

Applications can only be processed if they are sent to the email address info@gratus-solutionscom. If you use any other email address of our company, your application will unfortunately not be recognized by our systems and therefore will not be considered. Please note that email is not a secure medium. If your application reaches our email server at the address mentioned above, we will protect your data with strict technical and organizational security measures. However, during transmission over the public internet, we have no control over your application and cannot guarantee its level of protection.

 

Contact

Personal data (e.g., your name, address, or contact details) that you voluntarily provide to us—for example, as part of an inquiry or in another context—will be stored by us and used solely for the purpose of corresponding with you and only for the purpose for which you provided the data. The processing of this data is based on our legitimate interest in responding promptly to inquiries, in accordance with Article 6(1)(f) of the GDPR.

Secure data transmission

To protect the security of your data during transmission, we use encryption technology (SSL) via HTTPS that complies with the current state of the art.

Cookies

Our website currently does not use any cookies. Therefore, there is no cookie notice. Please note, however, that linked sites—such as Google Maps—may use cookies on your end, for which we assume no responsibility. If you generally do not wish to accept cookies, you can configure your browser to refuse the storage of cookies. Please be aware that, in this case, you may not be able to use all website functions.

Your rights

Under Articles 15–21 of the GDPR, you may assert the following rights regarding the personal data we process about you, provided the conditions described therein are met. You have the right to request access to your personal data processed by us in accordance with Article 15 GDPR.

If inaccurate personal data is processed, you have the right to correction pursuant to Article 16 GDPR. If the legal requirements are met, you may request the deletion or restriction of processing (Articles 17 and 18 GDPR). You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of processing carried out based on the consent until its withdrawal.

Right to Object under Article 21 GDPR
The data subject has the right to object at any time, for reasons arising from their particular situation, to the processing of personal data concerning them that is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.

Standard retention periods for data removal

Unless there is a legal retention requirement, data will be deleted or destroyed when it is no longer necessary to achieve the purpose of data processing. Different retention periods apply to personal data: for example, data relevant for tax purposes is generally retained for 10 years, while other data is typically kept for 6 years according to commercial law regulations. Finally, the storage duration may also be based on statutory limitation periods, which under Sections 195 et seq. of the German Civil Code (BGB) usually amount to three years, but in certain cases can be up to thirty years.

Right to lodge a complaint with a supervisory authority

Every data subject has the right to lodge a complaint with a supervisory authority under Article 77 of the GDPR if they believe that the processing of their personal data violates data protection laws. In Germany, the responsible supervisory authority is the Data Protection Commissioner of the federal state in which our company is located. If you are based outside of Germany, you may also contact the supervisory authority in your country of residence or workplace.

The Bavarian Data Protection and Freedom of Information Commissioner:
Wagmüllerstraße 18, 80538 Munich
E-Mail: poststelledatenschutzbayernde
Phone: +49 (0)89 212672-0