Versality Inneneinrichtungen und Dekor

Data protection

Any collection, use, storage, deletion or other use (hereinafter referred to as “processing”) of data serves exclusively the purpose of providing our services. Our services have been designed with the aim of using as little personal data as possible. In this context, “personal data” (hereinafter also referred to as “data”) is understood to mean all individual information about the personal or factual circumstances of an identified or identifiable natural person (so-called “data subject”).

The following information on data protection describes the types of personal data that are processed when you visit our website, what happens to this personal data and how you can object to data processing if necessary.

1 General information on data processing on this website

1.1 Controller

The controller within the meaning of the EU General Data Protection Regulation (GDPR) is:

S&A Handels- und Vertriebs UG

Address: Hindenburgdamm 87 – 12203 Berlin

Phone: +49 172 4136877

E-mail: info@versality.eu

Homepage: versality.eu

1.2 Data Protection Officer

The Data Protection Officer is:

Vasily Sokolovsky

If you have any questions about data protection, you can contact us at the following e-mail address:

info@versality.eu

1.3 Protection of your data

We have taken technical and organizational measures to ensure that the provisions of the GDPR are complied with by both us and external service providers who work for us.

When we work with other companies, such as email and server providers, to provide our services, we only do so after an extensive selection process. In this selection process, each individual service provider is carefully selected for its suitability in connection with technical and organizational skills in data protection. This selection process is documented in writing and a contract pursuant to Art. 28 para. 3 GDPR on the processing of personal data on behalf of the GDPR (DPA contract) is only concluded if it meets the requirements of Art. 28 GDPR.

Your data will be stored on specially protected servers. Access to it is only possible for a few specially authorized persons.

Our website is SSL/TLS encrypted, which you will see in the “error! Link reference invalid.” at the beginning of the URL.

1.4 Deletion of personal data

We process the personal data only for as long as it is necessary. As soon as the purpose of the data processing has been fulfilled, it will be blocked and deleted according to the standards of the local deletion concept, unless legal regulations preclude deletion.

2 Data processing on this website and creation of log files

2.1 Description and scope of data processing

When you visit our website, our web servers temporarily store each access in a log file. The following personal data is collected and stored until it is automatically deleted:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Amount of data transferred
  • Message as to whether the retrieval was successful
  • Identification data of the browser and operating system used
  • Website from which the access is made
  • Name of your Internet access provider

In addition to this personal data, other personal data may be collected by us and our partners, more on this below.

2.2 Legal basis for data processing

The processing of this data is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest is based on making our website accessible to you.

2.3 Purpose of data processing

The data processing is carried out for the purpose of enabling the use of the website (establishing a connection). It is used for system security, the technical administration of the network infrastructure and the optimisation of the Internet offering. The IP address is only evaluated in the event of attacks on our network infrastructure or the network infrastructure of our Internet provider.

2.4 Duration of data storage

The personal data will be deleted as soon as it is no longer required for the purposes mentioned above. This is the case when you close the website. Our hosting provider may use the data for statistical surveys. For this purpose, however, the data is anonymized. The data is only stored by our hosting provider for the purpose of establishing a connection.

2.5 Possibility of removal by the data subject

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

3 Use of cookies

3.1 Description and scope of data processing

Our website uses cookies. These are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive, associated with the browser you are using, and through which certain information flows to us or to the entity that sets the cookie. Cookies cannot run programs or transmit viruses to your computer. They are used by us to enable you to log in and to analyse the use of our website in anonymised or pseudonymised form and to present you with interesting offers on this website. In this way, various data can be transmitted:

  • Frequency of website visits
  • Which functions of the website are used by you
  • Search terms used
  • Your Cookie Settings

When accessing the website, a cookie banner informs you about the use of cookies and refers to the privacy policy.

By clicking on “Accept all”, you consent to your data being processed in the USA in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. According to the ECJ, the standard of data protection in the USA is insufficient and there is a risk that your data will be processed by the US authorities for control and surveillance purposes, possibly even without legal remedies. If you only agree to the setting of essential cookies, the transmission will not take place. Consent given can be revoked at any time.

3.2 Legal basis for data processing

The legal basis for data processing for cookies that only serve the functionality of this website is Art. 6 para. 1 sentence 1 lit. f) GDPR.

The legal basis for the processing of data by cookies that do not only serve the functionality of our website is Art. 6 para. 1 sentence 1 lit. a) GDPR.

3.3 Purpose of data processing

Our legitimate interest arises from ensuring a smooth connection and a comfortable use of our website as well as for reasons of evaluation of system security and stability. The data is also processed in order to enable a statistical evaluation of the use of the website.

3.4 Duration of data storage

There are two types of cookies. Both are used on this website:

  • Transient cookies (see a)
  • Persistent cookies (see b)
  • a) Transient cookies, they are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, which can be used to assign various requests from your browser to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
  • b) Persistent cookies, they are automatically deleted after a predetermined period of time, which may vary depending on the cookie.

 

3.5 Possibility of removal by the data subject

At any time, you have the option of revoking your consent to data processing by means of cookies that do not only serve the functionality of the website. In addition, we only set cookies after you have agreed to the setting of cookies when you visit the site. In this way, you can prevent data processing via cookies on our website. You can also delete cookies at any time in the security settings of your browser. Please note that you may not be able to use all the functions of this website. The setting of cookies can also be prevented at any time by making the appropriate settings in your internet browser.

4 Contact

4.1 Description and scope of data processing

It is possible to contact us via e-mail or a contact form via our website. For this purpose, various data are required to answer the request, which are automatically stored for processing. The following data is collected at least (marked as mandatory) as part of the contact form:

  • E-mail address
  • Forename
  • Surname

The data will not be passed on to third parties.

4.2 Legal basis for data processing

The legal basis used here is Art. 6 para. 1 sentence 1 lit. b) GDPR.

4.3 Purpose of data processing

We process your data exclusively to process your contact request.

4.4 Duration of data storage

Your data will be deleted by us as soon as the purpose of the data processing has been fulfilled, usually immediately after the request has been answered. However, in rare cases, we may retain your data for a longer period of time. This may result from legal, regulatory or contractual obligations.

4.5 Possibility of removal by the data subject

You can contact us at any time and object to further processing of your data. In this case, we will unfortunately not be able to continue communication with you. In this case, all personal data processed by us in the course of contacting us will be deleted, unless the deletion is precluded by legal obligations to store your data.

5 Data processing in the context of job applications

5.1 Description and scope of data processing

It is possible to apply to us via our website by sending an e-mail to info@versality.eu. For this purpose, personal data will be processed and stored for further processing for the respective application process. If an application form is used, we process the following data:

  • Forename
  • Surname
  • E-mail address
  • Indication of the position for which the application is made
  • Letter of application
  • Data
  • Confirmation of acknowledgment of the privacy policy

Optionally, you can also enter the following data:

  • Telephone number

5.2 Legal basis for data processing

The legal basis for data processing is Art. 88 GDPR and § 26 BDSG.

5.3 Purpose of data processing

We process your data exclusively for the purpose of carrying out the application process.

5.4 Duration of data storage

If the application should lead to the commencement of an employment relationship, the personal data will be stored accordingly in compliance with the statutory provisions. If the application is not taken into account in the selection of a potential candidate, it will be deleted in accordance with the rules of the local deletion concept, whereby the provisions of the AGG, in particular the existing burden of proof according to § 22 AGG, are taken into account.

This does not apply if legal provisions preclude the deletion or if you have given your consent to a longer storage. In this case, the further storage of your personal data will take place on the basis of Art. 6 para. 1 sentence 1 lit. c) or lit. a) GDPR.

5.5 Possibility of removal by the data subject

You can contact us at any time and object to further processing of your data. In this case, all personal data processed by us in the course of the application process will be deleted, unless deletion is contrary to mandatory statutory provisions.

5.6 Personio

5.6.1 Description and scope of data processing

Our careers site is powered by the personnel management and applicant management software Personio. The data processing is carried out by: Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany.

The data submitted as part of your application will be transmitted via TLS encryption and stored in a database. We are solely responsible for this data as the controller who carry out this online application process. Personio is merely the operator of the software and this recruiting site and, in this context, a processor in accordance with Art. 28 GDPR. A data processing agreement has been concluded with Personio. In addition, Personio GmbH processes further data, some of which may also be personal data, in order to provide its services, in particular for the operation of this recruiting site. The following data is processed by Personio:

  • Access logs (server logs)
  • Error logs
  • Cookies

You can find more information about data protection at Personio here: https://www.personio.de/datenschutzerklaerung/

5.6.2 Legal basis for data processing

The legal basis for the use of Personio is our legitimate interest in providing an online application process in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR.

5.6.3 Purpose of data processing

The purpose of data processing is to provide an online application process and to optimize the application processes.

5.6.4 Duration of data storage

The data will be deleted as soon as the purpose of the data processing has been achieved and there are no legal, contractual or official retention periods that prevent deletion.

5.6.5 Possibility of removal by the data subject

You have the option of objecting to data processing at any time by notifying our data protection officer. If you have any questions about data protection at Personio, you can contact Personio at any time at the following e-mail address:datenschutz@personio.de.

With regard to the use of cookies by Personio, you can use your browser settings to decide for yourself whether you want to allow cookies or object to the use of cookies. Please note that disabling cookies may result in limited or completely disabled functionality of this career site.

If you do not wish to be processed by Personio and do not wish to use our application portal, you also have the option of sending your application directly to us by e-mail to info@versality.eu.

6 Social media on our website

We have integrated the social media platforms LinkedIn, Xing, Instagram and Facebook on our website via a link, which means that LinkedIn may receive data from you when you click on this link. If you click on the social media link, our profile on the LinkedIn website will be accessed. By accessing the LinkedIn websites via our website, the respective reference data is transmitted by us to the respective social media provider. As a result, the social media provider receives the information that you have visited us.

Note on data processing in the USA:

If you click on LinkedIn’s social media link, data about you may be processed by LinkedIn in the United States. According to the ECJ, the standard of data protection in the USA is insufficient and there is a risk that your data will be processed by the US authorities for control and surveillance purposes, possibly even without legal remedies. If you do not click on the LinkedIn link, data will not be transferred.

Further information on data processing by the respective social media provider can be found here:

LinkedIn: LinkedIn Privacy Policy

Xing: https://www.xing.com/privacy

Facebook: https://de-de.facebook.com/help/pages/insights,

https://de-de.facebook.com/about/privacy,

https://de-de.facebook.com/full_data_use_policy

Instagram: https://help.instagram.com/155833707900388 https://www.instagram.com/about/legal/privacy/

7 Trackers and analytics tools

In order to continuously improve our website, we use the following analysis tools. In the following, you can find out which data is processed in each case and how you can contact the respective service providers:

7.1 Google Analytics

7.1.1 Description and scope of data processing

Our website uses Google Analytics. This is a service for analysing access to websites of Google LLC. (“Google”) and enables us to improve our website. Data processing for the European Economic Area and Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Cookies enable us to analyse your use of our website. The information collected by means of a cookie is:

  • IP address
  • time of access,
  • Access time

and are transmitted to a Google server in the USA and stored there. The evaluation of your activities on our website is sent to us in the form of reports. Google may share the information collected with third parties if required to do so by law or if third parties process this data on Google’s behalf. The Google tracking codes of our website use the function “_anonymizeIp()”, so IP addresses are only processed in abbreviated form in order to exclude any possible direct personal reference to you.        See https://www.google.de/intl/de/policies/ and  http://www.google.com/analytics/terms/de.html for more information on the terms of use and privacy policy of Google Analytics.

7.1.2 Legal basis for data processing

The legal basis for the processing of personal data is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.

7.1.3 Purpose of data processing

The processing of your personal data enables us to analyse your surfing behaviour. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness.

7.1.4 Duration of data storage

The data will be deleted 14 months after your last visit to our website.

7.1.5 Possibility of removal by the data subject

You have the option of revoking your consent to data processing at any time with effect for the future. Please contact our data protection officer. You can also prevent the installation of Google Analytics cookies yourself by selecting the appropriate settings in your browser software. In this case, however, you may not be able to use all the functions of our website to their full extent. Also through browser extensions, e.g. http://tools.google.com/dlpage/gaoptout?hl=de, Google Analytics can be disabled and controlled.

8 More Third-Party Tools

Furthermore, we use third-party providers who help us with the presentation of the page and the functionality of the website. These are listed below:

8.1 Google Maps

8.1.1 Description and scope of data processing

This website uses the product Google Maps from Google LLC. Data processing for the European Economic Area and Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When you open a page, your browser loads the necessary geo-information into your browser cache in order to display the map correctly. To do this, the browser you are using must connect to Google’s servers. In this way, Google learns that our website has been accessed via your IP address and which map has been displayed. The terms of use of Google Maps can be found at https://www.google.com/intl/de_de/help/terms_maps.html

8.1.2 Legal basis for data processing

The data processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.

8.1.3 Purpose of data processing

The use of Google Maps makes it easier for you to find our location and interact with it in different ways, e.g. by planning routes.

8.1.4 Duration of data storage

The data will be deleted as soon as it is no longer required for the purpose of data processing, unless legal, official or contractual regulations preclude deletion.

8.1.5 Possibility of removal by the data subject

You have the option of revoking your consent to data processing at any time. To do so, please contact our data protection officer.

8.2 Google Web Fonts

8.2.1 Description and scope of data processing

We use so-called web fonts on the website for the uniform display of fonts. Data processing for the European Economic Area and Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When you open a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. To do this, the browser you are using must connect to Google’s servers. As a result, Google becomes aware that our website has been accessed via your IP address. If your browser does not support web fonts, your computer will use a standard font.

For more information about Google Web Fonts, see https://developers.google.com/fonts/faq and Google’s privacy policy: https://www.google.com/policies/privacy/.

8.2.2 Legal basis for data processing

The legal basis is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.

8.2.3 Purpose of data processing

The purpose of the data processing is the uniform display of fonts on this website. Otherwise, we would not be able to effectively present our online offer to you.

8.2.4 Duration of data storage

The data will be deleted as soon as it is no longer required for the purpose of data processing, unless legal, official or contractual regulations preclude deletion.

8.2.5 Possibility of removal by the data subject

You can set your browser so that the fonts are not loaded from Google’s servers. If your browser does not support Google Fonts or if you prevent access to Google’s servers, the text will be displayed in the system’s default font.

9 Data transfer to a third country

In order to be able to provide our services, we use the support of service providers from Europe as well as from third countries. In order to ensure the protection of your personal data even in the event of data transfer to a third country, we conclude special order processing agreements with each of the carefully selected service providers. All service providers we use have sufficient evidence that you ensure data security by means of appropriate technical and organizational measures. Our service providers from third countries are either located in countries that have an adequate level of data protection recognized by the EU Commission (Art. 45 GDPR) or have provided appropriate safeguards (Art. 46 GDPR).

Adequate level of protection:  The provider comes from a country whose adequate level of data protection has been recognized by the EU Commission.  For more information, please visit: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en

EU Standard Contractual Clauses: Our provider has submitted to the EU Standard Contractual Clauses to ensure secure data transfer. For more information, please visit: https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:DE:PDF

Binding Corporate Rules: Article 47 of the GDPR provides for the possibility of ensuring data protection when data is transferred to a third country by means of binding internal data protection rules. These are checked and approved by the competent supervisory authorities as part of the consistency procedure pursuant to Art. 63 GDPR.

Consent: In addition, a data transfer to a third country without an adequate level of protection will only take place if you have given us your consent in accordance with Art. 49 (1) (a) GDPR.

10 Your rights

You have the following rights vis-à-vis us with regard to your personal data:

10.1 Right to withdraw consent (cf. Art. 7 GDPR)

If you have given your consent to the processing of your data, you can withdraw it at any time. Such a revocation will affect the lawfulness of the processing of your personal data for the future after you have given it to us. It can be sent to us (by telephone) orally or in writing by post or e-mail.

10.2 Right of access (cf. Art. 15 GDPR)

In the event of a request for information, you must provide sufficient information about your identity and provide proof that it is your information. The information concerns the following information:

  • the purposes for which the personal data are processed;
  • the categories of personal data that are processed;
  • the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
  • the envisaged period for which the personal data concerning you will be stored or, if it is not possible to provide specific information on this, criteria for determining the storage period;
  • the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
  • the existence of a right to lodge a complaint with a supervisory authority;
  • all available information on the origin of the data, if the personal data is not collected from the data subject;
  • the existence of automated decision-making, including profiling, pursuant to Art. 22(1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, as well as the scope and intended effects of such processing for the data subject.

10.3 Right to rectification or erasure (cf. Art. 16, 17 GDPR)

You have the right to rectification and/or completion vis-à-vis us as the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.

You may also request the deletion of your personal data if one of the following grounds applies to you:

  • The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You revoke your consent, on which the processing was based pursuant to Art. 6 para. 1 sentence 1 lit. a) or Art. 9 para. 2 lit. a) GDPR, and there is no other legal basis for the processing.
  • You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
  • Your personal data has been unlawfully processed.
  • The erasure of your personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
  • Your personal data has been collected in relation to information society services offered in accordance with Article 8(1) of the GDPR.

If we have made the personal data concerning you public and we are obliged to delete it in accordance with Art. 17 (1) GDPR, we will take all reasonable measures to inform other data controllers that you have requested the deletion of all links to this personal data or of copies or replications of this personal data.

The right to erasure does not apply if the processing is necessary:

  • to exercise the right to freedom of expression and information;
  • for compliance with a legal obligation requiring processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the field of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the above-mentioned right is likely to render impossible or seriously impair the achievement of the objectives of such processing, or
  • to establish, exercise or defend legal claims.

10.4 Right to restriction of processing (cf. Art. 18 GDPR)

You may request us to restrict the processing of your personal data under the following conditions:

  • if you contest the accuracy of the personal data concerning you for a period enabling us to verify the accuracy of your personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data instead;
  • we no longer need the personal data for the purposes of the processing, but you need it for the establishment, exercise or defence of legal claims, or
  • if you have objected to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether our legitimate grounds outweigh your reasons.

If the processing of your personal data has been restricted, these data may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State, with the exception of their storage.

If the restriction of processing has been restricted in accordance with the above-mentioned conditions, you will be informed by us before the restriction is lifted.

10.5 Right to information (cf. Art. 19 GDPR)

If you have asserted your right to rectification, deletion or restriction of data processing against us, we are obliged to notify all recipients of your personal data of the correction, deletion or restriction of data processing. This only applies to the extent that this communication does not prove impossible or would involve a disproportionate effort.

You have the right to know which recipients have received your data.

10.6 Right to data portability (cf. Art. 20 GDPR)

You have the right to receive your personal data from us in a commonly used, machine-readable format in order to have it forwarded to another controller, if necessary, provided that:

  • the processing is based on consent pursuant to Art. 6 (1) sentence 1 (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) sentence 1 (b) GDPR and
  • the processing is carried out by automated means.

When exercising your right to data portability, you have the right to have the personal data transferred directly by us to another controller, to the extent that this is technically feasible.

The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

10.7 Right to object to processing (cf. Art. 21 GDPR)

Insofar as we base the processing of your personal data on a legitimate interest on our part (pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR), you can object to the processing. The same applies if we base the data processing on Art. 6 para. 1 sentence 1 lit. e) GDPR.

If you wish to object, we will ask you to explain the reasons why we should not process your personal data as we do. In the event of your justified objection, we will review the situation and will either discontinue or adapt the data processing or show you our compelling legitimate grounds on the basis of which we continue the processing.

10.8 Right to lodge a complaint with the competent supervisory authority (cf. Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of your personal data infringes the GDPR.

The supervisory authority to which the complaint was lodged will inform you of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

11 How to exercise these rights

To exercise these rights, please contact our data protection officer:

Vasily Sokolowskijinfo@versality.eu

or by post:

S&A Handels- und Vertriebs UGHindenburgdamm 8712203 Berlin

12 Subject to change

We reserve the right to amend this privacy policy in compliance with the statutory provisions.

As of December 2023