Deutsche Cyber-Sicherheitsorganisation GmbH

Privacy Policy

Data Privacy Policy for the website and information provided to data subjects pursuant to Articles 13 and 14 of the EU General Data Protection Regulation

DCSO Deutsche Cyber-Sicherheitsorganisation GmbH (“DCSO”) as the operator of these pages takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection rules and this Data Privacy Policy.

When you use this website, various personal data are collected. Personal data is data by which you can be personally identified. This Data Privacy Policy explains what information we collect and how we use it. It also explains how and for what purpose this is done.

We would like to point out that data transmission on the internet (e.g. when communicating by email) can have security gaps. Complete protection of data against access by third parties is not possible.

1. General information

1.1 Information about the controller of the data

Company: DCSO Deutsche Cyber-Sicherheitsorganisation GmbH
Legal representative: Managing Director Andreas Kiefer
Address: EUREF-Campus 22, 10829 Berlin, Germany
Contact information for data protection officer: Datenschutz@dcso.de

1.2 How do we record your data?

On the one hand, your data are collected when you provide us with them. This can be, for example, data that you send us by email.

Other data are recorded automatically or with your consent by our IT systems when you visit the website. These are mainly technical data (e.g. internet browser, operating system or time of page view). These data are recorded automatically as soon as you enter this website.

1.3 What do we use your data for?

Some of the data are collected in order to ensure error-free provision of the website. Other data may be used to analyse your user behaviour.

1.4 What rights do you have regarding your data?

You have the right at any time to receive information free of charge about the origin, recipients and purpose of your stored personal data. You also have the right to request the rectification or erasure of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the responsible supervisory authority.

For this purpose, as well as for further questions on the subject of data protection, you can contact us at any time at the address given in the legal notice or the email address of our data protection officer.

2. General data processing information

2.1 Data on data subjects

Personal data are only collected if you provide us with them of your own accord. No other personal data are collected. Any processing of your personal data that goes beyond the scope of what is legally permissible will only be carried out on the basis of your express consent.

Purpose of processing:
Contract initiation, contract performance

Categories of recipients:

  • Public bodies in the event of overriding legal requirements
  • External service providers or other contractors
  • Other external bodies insofar as the data subject has given his/her consent or a transmission is permissible for overriding interest

Third country transfers: In the context of the performance of the contract, processors outside the European Union may also be used

Duration of data storage: The duration of data storage depends on the statutory retention obligations and is usually 10 years

2.2 Request by email or telephone

If you contact us by email or telephone, your request including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent.

The processing of these data is based on Art. 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the request addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this has been requested.

The data you send us via contact requests will remain with us until you request us to erase them, revoke your consent to store them or the purpose for storing the data no longer applies (e.g. after your request has been processed). Compelling statutory provisions – in particular statutory retention periods – remain unaffected.

3. Specific information about the website

When visiting this website, your surfing behaviour may be statistically analysed. This is mainly done with so-called analysis programs. Detailed information on these analysis programmes can be found in the following Data Privacy Policy.

3.1 Usage data

When you visit our website, you transmit data to our web server (for technical reasons) via your internet browser. The following data are recorded during an ongoing communication connection between your internet browser and our web server:

    • Date and time of the request
    • Name of the requested file
    • Page from which the file was requested
    • Access status (file transferred, file not found, etc.)
    • Web browser and operating system used
    • Complete IP address of the requesting computer
    • Amount of data transferred

For technical security reasons, in particular to defend against attempted attacks on our web server, we store these data for a short period of time. It is not possible for us to draw conclusions about individual persons on the basis of these data. After seven days at the latest, the data are anonymised by shortening the IP address at domain level, so that it is no longer possible to establish a link to the individual user. The data are also processed in anonymised form for statistical purposes; they are not aligned with other data or passed on to third parties, even in part.

3.2 Use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses so-called “cookies”, which are text files stored on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymisation is activated on this website, your IP address will, however, be shortened by Google beforehand within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You may refuse the storage of cookies by selecting the appropriate settings in your browser. However, please note that if you do this you will not be able to use the full functionality of this website. You can also prevent the recording and processing by Google of the data generated by the cookie that are related to your use of the website (including your IP address) by downloading and installing the browser plugin here with https://tools.google.com/dlpage/gaoptout?hl=en . In view of the discussion about the use of analysis tools with complete IP addresses, we would like to point out that this website uses Google Analytics with the extension “_anonymizeIp()” and therefore IP addresses are only processed in abbreviated form in order to exclude direct personal references. For browsers on mobile devices, use this link: please link with link for a so-called “opt-out cookie” to prevent anonymised recording by Google Analytics for your browser on this website in the future.

3.3 Use of own “cookies”

This website uses its own “cookies” to increase user-friendliness (“cookies” are data records that are sent from the web server to the user’s browser and stored there for later retrieval). No personal data is stored in our own “cookies”. You can generally prevent the use of “cookies” by prohibiting the storage of cookies in your browser.

In some cases, cookies from third-party companies may also be stored on your terminal when you enter our site (third-party cookies). These enable us or you to use certain services provided by the third-party company.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them. Other cookies are used to evaluate user behaviour or to display advertising. Cookies that are necessary to optimise the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal reason is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies has been requested, the relevant cookies will be stored exclusively on the basis of this consent (Art. 6 (1)(a) GDPR); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic erasure of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be restricted.

3.4 LINKEDIN

You can recognise access to LinkedIn, LinkedIn, 1000 W Maude Sunnyvale, CA 94085USA, by the “in” symbol on a blue background. If you activate our “in” button by double clicking it, a connection is established with the LinkedIn server and the LinkedIn plugin is reloaded on the respective webpage. The content of the “in” button is transmitted directly to your browser and integrated into the website by LinkedIn. This way your IP address may be transmitted to LinkedIn in the USA. For more information on the purpose and scope of data collection and the further processing and use of the data by LinkedIn, as well as your rights in this regard and the optional settings for protecting your privacy, please refer to LinkedIn’s Data Privacy Policy (http://www.linkedin.com/legal/privacy-policy) on the “in” button. If you are a LinkedIn member and do not want LinkedIn to collect data about you and link it to your membership data stored on LinkedIn via our website when the “in” button is activated, you must log out of LinkedIn before visiting our website.

3.5 XING

You can recognise access to XING, XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany, by the “x” or “xing” symbol on a green background. If you activate our “XING” button by double clicking it, a connection is established with the XING server and the XING share button functions (in particular the calculation/display of the counter value) are reloaded on the respective webpage, XING does not store any personal data about you in relation to the accessing of this website. In particular, XING does not store any IP addresses. There is also no evaluation of your usage behaviour via the use of cookies in connection with the “XING Share Button”. Current data protection information for the “XING Share Button” and supplementary information can be found on this website: https://www.xing.com/app/share?op=data_protection.

3.6 TWITTER

You can recognise access to Twitter, Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland, by the “blue bird” symbol. If you activate our “Twitter” button by double clicking it, a connection is established with the Twitter server and the Twitter plugin is reloaded on the respective webpage. The content of the “blue bird” button is transmitted directly to your browser and integrated into the website by Twitter. This way your IP address may be transmitted to Twitter in the USA. The website operator has no influence on the nature and scope of the data collected and transmitted to Twitter. For more information on the purpose and scope of data collection and the further processing and use of the data by Twitter, as well as your rights in this regard and the optional settings for protecting your privacy, please refer to Twitter’s Data Privacy Policy (https://twitter.com/en/privacy#update) on the “blue bird” button. If you are a Twitter member and do not want Twitter to collect data about you and link it to your membership data stored on Twitter via our website when the “blue bird” button is activated, you must log out of Twitter before visiting our website.

4. Information on further data processing procedures

4.1 Hosting

This website is hosted by us (hoster). The personal data recorded on this website is stored on servers operated by us. This mainly includes IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated by a website.

We use them for the purpose of initiating and performing contracts with our potential and existing customers or applicants (Art. 6 (1)(b) GDPR) and in the interest of providing our online services securely, quickly and efficiently.

4.2 Specific information on the application process

Data on data subjects: Application details

Purpose of processing: Carrying out the application process

Categories of recipients: Public bodies in the event of overriding legal requirements

External service providers or other contractors, e.g. for data processing:

The product “HRworks” from HRworks GmbH, Waldkircher Str. 28 in 79106 Freiburg is used as an HR management tool

Other external bodies insofar as the data subject has given his/her consent or a transmission is permissible for overriding interest, e.g. customers and interested parties in the context of order acquisition

Third country transfers: In the context of the performance of the contract, processors outside the European Union may also be used, e.g. email providers

Duration of data storage: Application data is usually erased within four months after applicants have been informed of the decision, unless consent has been given for longer data storage in the context of inclusion in the talent pool

Conclusion of a contract for order processing:

In order to ensure data protection-compliant processing, we have concluded contracts for order processing with our service provider HRworks GmbH and our email provider.

4.3 Specific information on the processing of customer data (B2B)

Data on data subjects: Data provided for the purpose of initiating and performing the contract; if applicable, any additional data supplied for processing with your express consent. This is actively requested from you, for example, as soon as you wish to contact us via our contact form on our website please link to https://dcso.de/

Purpose of processing: Contract initiation, contract performance, including offers, orders, sales and invoicing, quality assurance

Categories of recipients: Public bodies in the event of overriding legal requirements

External service providers or other contractors, e.g. for data processing, if necessary for dispatch, transport and logistics, service providers for printing and dispatch of information

Other external bodies insofar as the data subject has given his/her consent or a transmission is permissible for overriding interests, e.g. for the electronic dispatch of information, for quality assurance purposes

Third country transfers: In the context of the initiation and performance of the contract, processors outside the European Union may also be used, e.g. email providers

Duration of data storage: The duration of data storage depends on the statutory retention obligations and is usually 10 years

5. Additional information and contacts

In addition, you may assert your rights to information, rectification or erasure or to the restriction of processing or the exercise of your right to object to processing as well as the right to data portability at any time. You can contact us by email or letter here. You also have the right to contact the data protection supervisory authority to lodge a complaint.