Data Protection Statement

1. Definitions

This data protection declaration is based on the terms used by the European legislator for the adoption of the GDPR. It should be legible and understandable for the general public, as well as our customers and business partners.

a) Personal data means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

c) Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f) Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

j) Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

k) Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Controller Information

3. Collection of General Data

The website collects general data and information when a data subject or automated system calls up the website. This data is stored in server log files. Collected may be: browser types and versions, the operating system used, the referring website, sub-pages accessed, date and time of access, IP address, and Internet service provider.

This information is needed to deliver the content of our website correctly, optimize website content, ensure the long-term viability of our information technology systems, and provide law enforcement authorities with information necessary for criminal prosecution in case of a cyber-attack. Anonymous data is stored separately from all personal data provided by a data subject.

4. Routine Erasure and Blocking

The data controller shall process and store personal data only for the period necessary to achieve the purpose of storage, or as granted by the European legislator or other legislators in applicable laws or regulations. If the storage purpose is no longer applicable, or if a prescribed storage period expires, the personal data are routinely blocked or erased in accordance with legal requirements.

5. Rights of the Data Subject

a) Right of Confirmation (Art. 15 GDPR): Each data subject shall have the right to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to avail himself of this right of confirmation, he or she may, at any time, contact any employee of the controller.

b) Right of Access (Art. 15 GDPR): Each data subject shall have the right to obtain from the controller free information about his or her personal data stored at any time and a copy of this information. Furthermore, the data subject has access to information about the purposes of the processing, the categories of personal data concerned, the recipients, the envisaged storage period, the existence of the right to request rectification or erasure, the right to lodge a complaint with a supervisory authority, the source of data where not collected from the data subject, and the existence of automated decision-making.

c) Right to Rectification (Art. 16 GDPR): Each data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

d) Right to Erasure (Art. 17 GDPR): Each data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay, where one of the following grounds applies: the personal data are no longer necessary for their original purpose; consent is withdrawn; the data subject objects to processing; the data have been unlawfully processed; erasure is required for compliance with a legal obligation; or the data have been collected in relation to the offer of information society services.

e) Right of Restriction of Processing (Art. 18 GDPR): Each data subject shall have the right to obtain from the controller restriction of processing where: the accuracy of the personal data is contested; the processing is unlawful and the data subject opposes erasure; the controller no longer needs the data but the data subject requires them for legal claims; or the data subject has objected to processing pending verification of legitimate grounds.

f) Right to Data Portability (Art. 20 GDPR): Each data subject shall have the right to receive the personal data concerning him or her in a structured, commonly used and machine-readable format, and to transmit those data to another controller without hindrance, where processing is based on consent or contract and is carried out by automated means.

g) Right to Object (Art. 21 GDPR): Each data subject shall have the right to object, on grounds relating to his or her particular situation, at any time, to processing of personal data based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions. Gamow Tech shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

h) Automated Individual Decision-Making, Including Profiling: Each data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision is not necessary for entering into or the performance of a contract, is not authorised by Union or Member State law, or is not based on the data subject's explicit consent.

i) Right to Withdraw Consent: Each data subject shall have the right to withdraw his or her consent to processing of personal data at any time. The withdrawal shall not affect the lawfulness of processing based on consent before its withdrawal.

6. Data Protection for Applications

The data controller shall collect and process personal data of applicants for the purpose of the application procedure. If no employment contract is concluded, application documents shall be automatically erased six months after notification of the refusal decision, provided no other legitimate interests oppose the erasure.

7. Legal Basis for Processing

Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent. Processing may also be based on contract performance (Art. 6(1) lit. b), legal obligations (Art. 6(1) lit. c), vital interests protection (Art. 6(1) lit. d), or legitimate interests (Art. 6(1) lit. f).

8. Legitimate Interests

Where processing is based on Article 6(1) lit. f GDPR, our legitimate interest is to carry out our business in favor of the well-being of all our employees and shareholders.

9. Storage Period

The criteria used to determine the storage period is the respective statutory retention period. After expiration, corresponding data is routinely deleted, as long as it is no longer necessary for contract fulfillment or initiation.

10. Provision of Personal Data

We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact any employee. The employee clarifies to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of data.

11. IT Security

To protect your data during transmission, we use state-of-the-art encryption methods (such as SSL) via HTTPS.

12. Automated Decision-Making

Gamow Tech does not perform automatic decision-making or profiling that would produce legal effects concerning data subjects.

13. Revision of this Statement

We reserve the right to amend this data protection statement to comply with current legal requirements or to implement changes to our services. Your next visit will be subject to the updated statement.