Privacy policy

We are pleased that you are interested in our company. Our business operations are also characterised by data processing. In accordance with our privacy policy, we take the protection of your personal data very seriously and always treat your personal data confidentially and in accordance with the applicable data protection regulations.

With the following information, we would like to give you an overview of when, why and how we collect, use and process certain data from you and what rights you have in this context. We have compiled the information below according to the different categories of data subjects (business partners, employees, applicants).

Cookie settings

Open cookie settings

Amendment of this data protection notice

We revise this data protection notice in the event of changes to data processing or other occasions that make this necessary. You will always find the current version on this website.

Status: 24.10.2023

Right of objection

Right to object on a case-by-case basis

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6(1)(f) DSGVO (data processing on the basis of a balance of interests). This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 DSGVO. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Recipient of an objection

The objection can be made informally by post or by e-mail with the subject “Objection”, stating your name and address or company affiliation, and should be addressed to:

PROLOGA GmbH
Walter-Hülse-Straße 5
06120 Halle (Saale)

Privacy Policy

1. An overview of data protection

General information

The following information will provide you with an easy to navigate overview of what will happen with your personal data when you visit this website. The term “personal data” comprises all data that can be used to personally identify you. For detailed information about the subject matter of data protection, please consult our Data Protection Declaration, which we have included beneath this copy.

Data recording on this website

Who is the responsible party for the recording of data on this website (i.e., the “controller”)?

The data on this website is processed by the operator of the website, whose contact information is available under section “Information about the responsible party (referred to as the “controller” in the GDPR)” in this Privacy Policy.

How do we record your data?

We collect your data as a result of your sharing of your data with us. This may, for instance be information you enter into our contact form.

Other data shall be recorded by our IT systems automatically or after you consent to its recording during your website visit. This data comprises primarily technical information (e.g., web browser, operating system, or time the site was accessed). This information is recorded automatically when you access this website.

What are the purposes we use your data for?

A portion of the information is generated to guarantee the error free provision of the website. Other data may be used to analyze your user patterns. If contracts can be concluded or initiated via the website, the transmitted data will also be processed for contract offers, orders or other order enquiries.

What rights do you have as far as your information is concerned?

You have the right to receive information about the source, recipients, and purposes of your archived personal data at any time without having to pay a fee for such disclosures. You also have the right to demand that your data are rectified or eradicated. If you have consented to data processing, you have the option to revoke this consent at any time, which shall affect all future data processing. Moreover, you have the right to demand that the processing of your data be restricted under certain circumstances. Furthermore, you have the right to log a complaint with the competent supervising agency.

Please do not hesitate to contact us at any time if you have questions about this or any other data protection related issues.

Analysis tools and tools provided by third parties

There is a possibility that your browsing patterns will be statistically analyzed when your visit this website. Such analyses are performed primarily with what we refer to as analysis programs.

For detailed information about these analysis programs please consult our Data Protection Declaration below.

2. Hosting

We are hosting the content of our website at the following provider:

External Hosting

This website is hosted externally. Personal data collected on this website are stored on the servers of the host. These may include, but are not limited to, IP addresses, contact requests, metadata and communications, contract information, contact information, names, web page access, and other data generated through a web site.

The external hosting serves the purpose of fulfilling the contract with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of secure, fast, and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR). If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6 (1)(a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.

Our host(s) will only process your data to the extent necessary to fulfil its performance obligations and to follow our instructions with respect to such data.

We are using the following host(s):

raidboxes.io

Anbieter ist:

Raidboxes GmbH
Hafenstraße 32
48153 Münster

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

3. General information and mandatory information

Data protection

The operators of this website and its pages take the protection of your personal data very seriously. Hence, we handle your personal data as confidential information and in compliance with the statutory data protection regulations and this Data Protection Declaration.

Whenever you use this website, a variety of personal information will be collected. Personal data comprises data that can be used to personally identify you. This Data Protection Declaration explains which data we collect as well as the purposes we use this data for. It also explains how, and for which purpose the information is collected.

We herewith advise you that the transmission of data via the Internet (i.e., through e-mail communications) may be prone to security gaps. It is not possible to completely protect data against third-party access.

Information about the responsible party (referred to as the “controller” in the GDPR)

The data processing controller on this website is:

PROLOGA GmbH
Walter-Hülse-Straße 5
06120 Halle (Saale)

Phone: +49 345 5554-0
E-mail: info@prologa.de

The controller is the natural person or legal entity that single-handedly or jointly with others makes decisions as to the purposes of and resources for the processing of personal data (e.g., names, e-mail addresses, etc.).

Storage duration

Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons cease to apply.

General information on the legal basis for the data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9 (2)(a) GDPR, if special categories of data are processed according to Art. 9 (1) DSGVO. In the case of explicit consent to the transfer of personal data to third countries, the data processing is also based on Art. 49 (1)(a) GDPR. If you have consented to the storage of cookies or to the access to information in your end device (e.g., via device fingerprinting), the data processing is additionally based on § 25 (1) TDDDG. The consent can be revoked at any time. If your data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, if your data is required for the fulfillment of a legal obligation, we process it on the basis of Art. 6(1)(c) GDPR. Furthermore, the data processing may be carried out on the basis of our legitimate interest according to Art. 6(1)(f) GDPR. Information on the relevant legal basis in each individual case is provided in the following paragraphs of this privacy policy.

Designation of a data protection officer

We have appointed a data protection officer.

Dr. Andreas Melzer
kelobit IT-Experts GmbH
Thüringer Straße 31
06112 Halle (Saale)

Phone: +49 345 132553-80
E-mail: datenschutz@kelobit.de

Recipients of personal data

In the scope of our business activities, we cooperate with various external parties. In some cases, this also requires the transfer of personal data to these external parties. We only disclose personal data to external parties if this is required as part of the fulfillment of a contract, if we are legally obligated to do so (e.g., disclosure of data to tax authorities), if we have a legitimate interest in the disclosure pursuant to Art. 6 (1)(f) GDPR, or if another legal basis permits the disclosure of this data. When using processors, we only disclose personal data of our customers on the basis of a valid contract on data processing. In the case of joint processing, a joint processing agreement is concluded.

Revocation of your consent to the processing of data

A wide range of data processing transactions are possible only subject to your express consent. You can also revoke at any time any consent you have already given us. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.

Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21 GDPR)

IN THE EVENT THAT DATA ARE PROCESSED ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO AT ANY TIME OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON GROUNDS ARISING FROM YOUR UNIQUE SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. TO DETERMINE THE LEGAL BASIS, ON WHICH ANY PROCESSING OF DATA IS BASED, PLEASE CONSULT THIS DATA PROTECTION DECLARATION. IF YOU LOG AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE ARE IN A POSITION TO PRESENT COMPELLING PROTECTION WORTHY GROUNDS FOR THE PROCESSING OF YOUR DATA, THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF THE PURPOSE OF THE PROCESSING IS THE CLAIMING, EXERCISING OR DEFENCE OF LEGAL ENTITLEMENTS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS BEING PROCESSED IN ORDER TO ENGAGE IN DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING AT ANY TIME. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS AFFILIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to log a complaint with the competent supervisory agency

In the event of violations of the GDPR, data subjects are entitled to log a complaint with a supervisory agency, in particular in the member state where they usually maintain their domicile, place of work or at the place where the alleged violation occurred. The right to log a complaint is in effect regardless of any other administrative or court proceedings available as legal recourses.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you should demand the direct transfer of the data to another controller, this will be done only if it is technically feasible.

Information about, rectification and eradication of data

Within the scope of the applicable statutory provisions, you have the right to demand information about your archived personal data, their source and recipients as well as the purpose of the processing of your data at any time. You may also have a right to have your data rectified or eradicated. If you have questions about this subject matter or any other questions about personal data, please do not hesitate to contact us at any time.

Right to demand processing restrictions

You have the right to demand the imposition of restrictions as far as the processing of your personal data is concerned. To do so, you may contact us at any time. The right to demand restriction of processing applies in the following cases:

In the event that you should dispute the correctness of your data archived by us, we will usually need some time to verify this claim. During the time that this investigation is ongoing, you have the right to demand that we restrict the processing of your personal data.
If the processing of your personal data was/is conducted in an unlawful manner, you have the option to demand the restriction of the processing of your data instead of demanding the eradication of this data.
If we do not need your personal data any longer and you need it to exercise, defend or claim legal entitlements, you have the right to demand the restriction of the processing of your personal data instead of its eradication.
If you have raised an objection pursuant to Art. 21(1) GDPR, your rights and our rights will have to be weighed against each other. As long as it has not been determined whose interests prevail, you have the right to demand a restriction of the processing of your personal data.

If you have restricted the processing of your personal data, these data – with the exception of their archiving – may be processed only subject to your consent or to claim, exercise or defend legal entitlements or to protect the rights of other natural persons or legal entities or for important public interest reasons cited by the European Union or a member state of the EU.

SSL and/or TLS encryption

For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.

If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.

Rejection of unsolicited e-mails

We herewith object to the use of contact information published in conjunction with the mandatory information to be provided in our Site Notice to send us promotional and information material that we have not expressly requested. The operators of this website and its pages reserve the express right to take legal action in the event of the unsolicited sending of promotional information, for instance via SPAM messages.

4. Recording of data on this website

Cookies

Our websites and pages use what the industry refers to as “cookies.” Cookies are small data packages that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently archived on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain archived on your device until you actively delete them, or they are automatically eradicated by your web browser.

Cookies can be issued by us (first-party cookies) or by third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services of third-party companies into websites (e.g., cookies for handling payment services).

Cookies have a variety of functions. Many cookies are technically essential since certain website functions would not work in the absence of these cookies (e.g., the shopping cart function or the display of videos). Other cookies may be used to analyze user behavior or for promotional purposes.

Cookies, which are required for the performance of electronic communication transactions, for the provision of certain functions you want to use (e.g., for the shopping cart function) or those that are necessary for the optimization (required cookies) of the website (e.g., cookies that provide measurable insights into the web audience), shall be stored on the basis of Art. 6(1)(f) GDPR, unless a different legal basis is cited. The operator of the website has a legitimate interest in the storage of required cookies to ensure the technically error-free and optimized provision of the operator’s services. If your consent to the storage of the cookies and similar recognition technologies has been requested, the processing occurs exclusively on the basis of the consent obtained (Art. 6(1)(a) GDPR and § 25 (1) TDDDG); this consent may be revoked at any time.

You have the option to set up your browser in such a manner that you will be notified any time cookies are placed and to permit the acceptance of cookies only in specific cases. You may also exclude the acceptance of cookies in certain cases or in general or activate the delete-function for the automatic eradication of cookies when the browser closes. If cookies are deactivated, the functions of this website may be limited.

Which cookies and services are used on this website can be found in this privacy policy.

Consent with Borlabs Cookie

Our website uses Borlabs Cookie consent technology to obtain your consent to the storage of certain cookies in your browser or to the use of certain technologies and to document them in accordance with data protection regulations. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter referred to as Borlabs).

When you enter our website, a Borlabs cookie is stored in your browser, in which the consent you have given or the revocation of this consent is stored. This data is not passed on to the provider of Borlabs Cookie.

The data collected will be stored until you ask us to delete it or delete the Borlabs cookie yourself or until the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Details on data processing by Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.

Borlabs cookie consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

Server log files

The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser communicates to us automatically. The information comprises:

The type and version of browser used
The used operating system
Referrer URL
The hostname of the accessing computer
The time of the server inquiry
The IP address

This data is not merged with other data sources.

This data is recorded on the basis of Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in the technically error free depiction and the optimization of the operator’s website. In order to achieve this, server log files must be recorded.

Request by e-mail, telephone, or fax

If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent.

These data are processed on the basis of Art. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data are processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us (Art. 6(1)(f) GDPR) or on the basis of your consent (Art. 6(1)(a) GDPR) if it has been obtained; the consent can be revoked at any time.

The data sent by you to us via contact requests remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

5. Analysis tools and advertising

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior patterns of website visitors. To that end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, the utilized operating system and the user’s origin. This data is summarized in a user-ID and assigned to the respective end device of the website visitor.

Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Google Analytics uses various modeling approaches to augment the collected data sets and uses machine learning technologies in data analysis.

Google Analytics uses technologies that make the recognition of the user for the purpose of analyzing the user behavior patterns (e.g., cookies or device fingerprinting). The website use information recorded by Google is, as a rule transferred to a Google server in the United States, where it is stored.

The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

IP anonymization

Google Analytics IP anonymization is active. As a result, your IP address will be abbreviated by Google within the member states of the European Union or in other states that have ratified the Convention on the European Economic Area prior to its transmission to the United States. The full IP address will be transmitted to one of Google’s servers in the United States and abbreviated there only in exceptional cases. On behalf of the operator of this website, Google shall use this information to analyze your use of this website to generate reports on website activities and to render other services to the operator of this website that are related to the use of the website and the Internet. The IP address transmitted in conjunction with Google Analytics from your browser shall not be merged with other data in Google’s possession.

Browser plug-in

You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

For more information about the handling of user data by Google Analytics, please consult Google’s Data Privacy Declaration at: https://support.google.com/analytics/answer/6004245?hl=en.

Contract data processing

We have executed a contract data processing agreement with Google and are implementing the stringent provisions of the German data protection agencies to the fullest when using Google Analytics.

6. Plug-ins and Tools

YouTube with expanded data protection integration

This website integrates videos from the YouTube website. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of these websites on which YouTube is integrated, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

We use YouTube in extended data protection mode. According to YouTube, videos that are played in extended data protection mode are not used to personalize browsing on YouTube. Ads that are played in extended data protection mode are also not personalized. No cookies are set in extended data protection mode. Instead, so-called local storage elements are stored in the user’s browser, which contain personal data similar to cookies and can be used for recognition. Details on the extended data protection mode can be found here: https://support.google.com/youtube/answer/171780.

After activating a YouTube video, further data processing operations may be triggered over which we have no influence.

The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6(1)(f) GDPR, this is a legitimate interest. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.

For more information on how YouTube handles user data, please consult the YouTube Data Privacy Policy under: https://policies.google.com/privacy?hl=en.

Google Fonts (local embedding)

This website uses so-called Google Fonts provided by Google to ensure the uniform use of fonts on this site. These Google fonts are locally installed so that a connection to Google’s servers will not be established in conjunction with this application.

For more information on Google Fonts, please follow this link: https://developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to check whether data is entered on this website (e.g. in a contact form) by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.

The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

For more information about Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Service at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Business partner

What sources and data do we use?

We process the data that is required in connection with the establishment, implementation and/or termination of our business relationships. We usually collect this data directly from you, e.g. in the context of a quotation request or order placement, as well as through your contact via our website, by e-mail, at trade fairs or comparable events.

Sometimes we may first receive your data from another person, e.g. a colleague in your company who names you as a contact person. If this happens, we will tell you our source when we first communicate with you.

The personal data we process includes:

Name, first name and gender (for the salutation)
Company affiliation and company address
Usually two contact options in your company (e.g. telephone number and e-mail address)
Records of business transactions and the respective correspondence

What do we process your data for (purpose of processing) and on what legal basis?

We use the data listed above for the preparation and fulfilment of business transactions and to establish and maintain effective business communication. The legal basis for these processing operations is usually Art. 6 (1) lit. f DSGVO if you represent another organisation as our business partner. Our legitimate interest here is to achieve the aforementioned purposes. If you as a person are directly our contractual partner, we process your data instead on the basis of Art. 6 (1) lit b DSGVO, which permits the processing of personal data for the performance of a contract or pre-contractual measures.

It may happen that we wish to collect further data from you at a later date or use it in a different way. Should this occur, we will ask you for your consent in accordance with Art. 6 Para. 1 lit. a in conjunction with Art. 7 DSGVO and inform you accordingly. If you give us this consent, it can be revoked informally at any time. The legality of the use of your data up to the time of the objection remains unaffected by the objection.

If your data is required for legal prosecution, it may be processed to protect our legitimate interests pursuant to Art. 6 (1) lit. f DSGVO. Our interest then lies in the assertion or defence of claims, for example in the context of the duty of proof in proceedings.

Who will get my data?

In our company, only those persons have access to your data who need it for the smooth implementation of our business relationship. This may also involve several specialist departments in our company, depending on which services or products you obtain from us. Furthermore, our IT department has access to your data for exclusively technical processing.

Service providers used by us may also be recipients of your personal data within the scope of commissioned processing pursuant to Art. 28 DSGVO.

Within the scope of processing your orders, it is sometimes necessary for us to transfer certain data to our corresponding suppliers or other business partners who are based in Germany, other European countries or the European Economic Area. This involves, for example, your name, your first name if applicable and your organisational affiliation as well as your contact details in your organisation.

We may be required to disclose certain data to the relevant authorised bodies as part of our legal obligations.

Is data transferred to a third country or to an international organisation?

As a rule, no data is transferred to countries outside the European Economic Area (so-called third countries). Nevertheless, data transfer to third countries may take place in individual cases, insofar as:

it is required by law,
you have given us your consent or
this is legitimised by the legitimate interest under data protection law and no higher interests of the data subject worthy of protection conflict with this.

Furthermore, we do not transfer any personal data to bodies in third countries or international organisations.

However, we use service providers for certain tasks, most of which also use service providers that may have their registered office, parent company or data centres in a third country. A transfer is permitted if the European Commission has decided that an adequate level of protection exists in a third country (Art. 45 GDPR). If the Commission has not made such a decision, we or our service providers may only transfer personal data to a third country if appropriate safeguards are in place (e.g. standard data protection clauses adopted by the EU Commission or the supervisory authority in a specific procedure) and enforceable rights and effective remedies are available.

An example of this is our use of Microsoft Office 365 as a company-wide communication system. While Microsoft also operates servers within the EU, it cannot be ruled out that your data may be transferred to a third country (e.g. the USA) in this context and processed there.

We have concluded an order processing agreement with Microsoft in accordance with Art. 28 DSGVO with EU standard contractual clauses to maintain an appropriate level of data protection. Please feel free to contact us at the above contact details for further information on this if required.

We have concluded corresponding order processing contracts with our service providers and have also contractually agreed that

How long will my data be stored?

We store your data during the entire ongoing business contact between us and your organisation, which includes in particular the existence of a contract or pre-contractual measures.

In addition, we store your data to the extent and insofar as we are obliged to do so due to mandatory legal regulations, such as retention periods under commercial or tax law. This generally applies for a period of ten years. If we no longer need your data for the purposes described above, it will be stored separately during the respective statutory retention period and not processed for other purposes. After expiry of the statutory retention periods, all data that still exists will be securely deleted or destroyed immediately.

Is there an obligation to provide data?

The provision of your personal data is initially neither legally nor contractually required, nor are you obliged to provide this data.

However, if you yourself are in a direct business relationship with us, you must provide those personal data that are necessary for the establishment and execution of a business relationship and the fulfilment of the associated contractual obligations. Without this data, we will usually have to refuse to conclude the contract or execute the order or will no longer be able to perform an existing contract and may have to terminate it.

Insofar as a business relationship with a company represented by you towards us is concerned, you must provide us with those personal data which are necessary for the commencement and execution of a representation/authorisation and the fulfilment of the associated contractual obligations. Without this data, we will usually have to reject you as an authorised representative/authorised agent or cancel an existing authorisation/authorisation.

To what extent is there automated decision-making?

We do not use automatic decision-making pursuant to Article 22 of the GDPR for the establishment, implementation and termination of the business relationship. Should we use these procedures in individual cases, we will inform you separately about this and about your rights in this regard, insofar as this is required by law.

Does profiling take place?

We do not process your data with the aim of automatically assessing certain personal aspects.

Employees

What sources and data do we use?

We process personal data that we have received from you insofar as this is necessary for the purposes of recruitment, fulfilment of the employment contract and termination of the employment relationship. In addition, we process personal data of our employees and other comparably affected persons that regularly arise in the context of the employment relationship.

This personal data includes in particular:

Personal data (e.g. name, address and contact details; date and place of birth and nationality, passport/identity card data, driving licence data).
family data (e.g. marital status and details of children)
Religious affiliation
Health data (e.g. notifications of incapacity to work and others, insofar as these are relevant to the employment relationship, e.g. in the case of a severe disability).
Tax ID number
Information on qualifications and staff development (e.g. education, work experience, language skills and further training)
Employment details (e.g. date of joining and job title)
Data relevant to payroll tax from the fulfilment of contractual obligations (e.g. salary payment)
Information on the financial situation of employees (e.g. credit liabilities and salary garnishments, if applicable)
Social security data
Data on the pension scheme or pension fund
Data on working time (e.g. recording of working time, leave and sickness; data in connection with business trips)
Access data
Authorisation data (e.g. access and access rights)
Image and sound data (e.g. ID photo and video and telephone recordings)
Employee evaluation data
as well as other data comparable to the above categories.

What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG (new)):

For the fulfilment of contractual obligations (§ 26 BDSG)
Data is processed for the purpose of establishing, implementing or terminating the employment relationship within the framework of the existing contract with you or for the purpose of carrying out pre-contractual measures upon request. If you make use of additional benefits (e.g. childcare subsidy, pension scheme), your data will be processed for the fulfilment of these additional benefits, insofar as this is necessary.

Within the framework of the balancing of interests (Art. 6 para. 1 f DSGVO)
Where necessary, we process your data beyond the actual performance of the contract to protect the legitimate interests of us or third parties. Examples of such cases are:

Measures for personnel development planning
Measures to protect employees and customers and to protect the company’s property
Evaluation of workflows for work control and improvement of processes (e.g. evaluations of the number of work statements or processing time of services for customers).
Publication of official contact details on the intranet and internal telephone directory and on the website
Records of staff appraisals (e.g. documentation of set goals and goal achievement)
Recording for security checks (e.g. checking certificates of good conduct, criminal records, etc.)

Based on your consent (Art. 6 para. 1 a DSGVO in conjunction with Art. 88 DSGVO and § 26 para. 2 BDSG (new))
If you have given us consent to process your personal data, processing will only take place in accordance with the purposes and to the extent agreed in the declaration of consent. Consent given can be revoked at any time with effect for the future. This also applies to the revocation of declarations of consent given to us prior to the application of the GDPR, i.e. prior to 25 May 2018. The revocation of consent only takes effect for the future and does not affect the lawfulness of the data processed until the revocation.

This concerns:

Use and, if necessary, publication of staff pictures

Due to legal requirements (Art. 6 para. 1 c DSGVO as well as Art. 88 DSGVO and § 26 BDSG (new))
As a company, we are subject to various legal obligations, i.e. legal requirements (e.g. social security law, occupational safety, tax laws). The purposes of the processing include, among others, identity verification, the fulfilment of social security and tax law control, reporting or documentation obligations as well as the management of risks in the company.

Insofar as special categories of personal data are processed pursuant to Art. 9 (1) DSGVO, this serves the exercise of rights or the fulfilment of legal obligations arising from labour law, social security law and social protection within the framework of the employment relationship (e.g. disclosure of health data to the health insurance fund, recording of severe disability due to additional leave and determination of the severe disability levy). This is done on the basis of Art. 9 para. 2 b DSGVO in conjunction with. § Section 26 (3) BDSG. In addition, the processing of health data for the assessment of their ability to work pursuant to Art. 9 para. 2 h in conjunction with. § Section 22 (1) b BDSG. In addition, the processing of special categories of personal data may be based on consent pursuant to Art. 9 para. 2 a DSGVO in conjunction with. § Section 26 (2) BDSG new (e.g. operational integration management).

Who gets my data?

Within the company, those departments receive access to your data that need it to fulfil contractual, legal and supervisory obligations as well as to safeguard legitimate interests, e.g. human resources department.

Service providers and vicarious agents employed by us may also receive data for these purposes, insofar as they require the data to perform their respective services. These are, for example, companies in the categories of tax consultancy for payroll accounting, training providers and IT services. All service providers are contractually obliged to treat your data confidentially.

With regard to the transfer of data to recipients outside our company, it should first be noted that as an employer we only pass on necessary personal data in compliance with the applicable data protection regulations. As a matter of principle, we may only pass on information about our employees if this is required by law, if you have consented to it or if we are otherwise authorised to pass it on.

Under these conditions, recipients of personal data may be, for example:

Social security institutions
Health insurance funds
Pension funds
Tax authorities
Professional associations
Public bodies and institutions (e.g. tax authorities and law enforcement agencies) if there is a legal or official obligation to do so.
other companies for the processing of salary payments or comparable institutions to which we transfer personal data for the purpose of implementing the contractual relationship (e.g. for salary payments)
Business and income tax auditor
Service providers within the framework of order processing relationships

Further data recipients may be those bodies for which you have given us your consent to transfer data or to which we are authorised to transfer personal data on the basis of a balancing of interests.

Is data transferred to a third country or to an international organisation?

it is required by law,
you have given us your consent or
this is legitimised by the legitimate interest under data protection law and no higher interests of the data subject worthy of protection conflict with this.

Furthermore, we do not transfer any personal data to bodies in third countries or international organisations.

An example of this is our use of Microsoft Office 365 as a company-wide communication system. Although Microsoft also operates servers within the EU, it cannot be ruled out that your data may be transferred to a third country (e.g. the USA) in this context and processed there.

We have concluded an order processing agreement with Microsoft in accordance with Art. 28 DSGVO with EU standard contractual clauses to maintain an appropriate level of data protection. If required, please feel free to contact us at the above contact details for further information on this.

We have concluded corresponding order processing agreements with our service providers and have also contractually agreed that there must always be guarantees for data protection in compliance with the European level of data protection with their contractual partners as well.

How long will my data be stored?

We process and store your personal data as long as this is necessary for the fulfilment of our contractual and legal obligations. It should be noted that the employment relationship is a continuing obligation that is intended to last for a longer period of time.

If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted, unless its – temporary – further processing is necessary for the following purposes:

Fulfilment of legal obligations to retain records, which may arise, for example, from:Social Security Code (SGB IV), Commercial Code (HGB) and Fiscal Code (AO). The periods specified there for storage or documentation are generally six to ten years.
preservation of evidence within the framework of the statutory limitation provisions.According to §§ 195 ff of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being 3 years.

If the data processing is carried out in the legitimate interest of us or a third party, the personal data will be deleted as soon as this interest no longer exists.The aforementioned exceptions apply here. The same applies to data processing based on consent given. As soon as this consent is revoked by you for the future, the personal data will be deleted, unless one of the exceptions mentioned applies.

Is there an obligation to provide data?

In the context of the employment relationship, you must provide those personal data that are necessary for the establishment, implementation and termination of an employment relationship and for the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will generally not be able to conclude the contract with you or execute it.

To what extent is there automated decision-making?

We do not use automatic decision-making pursuant to Article 22 of the GDPR for the establishment, implementation and termination of the working relationship. Should we use these procedures in individual cases, we will inform you separately about this and about your rights in this regard, insofar as this is required by law.

Does profiling take place?

We do not process your data with the aim of automatically assessing certain personal aspects.

Privacy information for applicants

Thank you for your interest in our company and for applying or having applied for a position in our group of companies. The following information is intended to give you an overview of the processing of your personal data in connection with your application to our group of companies and your rights under data protection law.

1. Who is responsible for data processing and whom can I contact?

We, the companies listed below, have decided to carry out the application process within the group of companies as so-called joint controllers in accordance with Art. 26 GDPR. In this sense, the joint controllers are:

PROLOGA GmbH
Walter-Hülse-Straße 5
D-06120 Halle (Saale)
+49 345 55 54-0
info@prologa.de

PROLOGA Services GmbH
Walter-Hülse-Straße 5
06120 Halle (Saale)
+49 345 55 54-0
info@prologa-services.com

PROLOGA Energy GmbH
Wallstraße 11
26122 Oldenburg
+49 441 779 359-0
info@prologa-energy.com

The Data Protection Officer for all three companies can be contacted at:Dr. Andreas Melzer
kelobit IT-Experts GmbH
Tel: 0345 132553-80
E-Mail: dsb@kelobit.de

2. What is shared responsibility?

The companies in our group have decided to run the recruitment process together as equal partners in order to fill vacancies across the group as efficiently and effectively as possible. This means that you do not have to apply to each company individually, but we will always forward your application to the most suitable company within the Group. The cooperation therefore also covers the processing of personal data arising from the application process, in particular the examination of your application documents, the coordination of appointments and invitations to interviews, interview notes and finally the decision on employment in one of our companies.

For this reason, all our group companies mentioned under point 1 are equally responsible for compliance with data protection regulations, in particular for the lawfulness of the processing, in accordance with Art. 26 GDPR. All of the companies mentioned above jointly protect your data in accordance with the legal requirements and are available to answer any questions you may have.

In order to carry out the application process, we have divided some tasks between the companies. Therefore, PROLOGA GmbH will primarily appear to you, e.g. as the operator of our website and application portal and in joint communications. Our other group companies are primarily responsible for the publication of vacancies in the respective companies or at their locations and for the review of eligible applications after a pre-selection by PROLOGA GmbH.

We therefore ask you to contact PROLOGA GmbH in the first instance with any questions or concerns regarding data protection in order to avoid unnecessary effort in processing your request. More detailed information on how to contact us is provided below.

3. What sources and data do we use?

We process the data that you have sent us in connection with your application in order to check your suitability for the position (or any other open positions in our companies) and to carry out the application process. This personal data includes in particular:

Personal details (e.g. name and address and contact details)
Information on qualifications (e.g. training, professional experience, language skills and further training)

4. What do we process your data for (purpose of processing) and on what legal basis?

The legal basis for the processing of your personal data in this application procedure is primarily Art. 6 para. 1 b of the GDPR and secondly Section 26 of the BDSG. According to this, the processing of data required in connection with the decision on the establishment of an employment relationship is permitted. If an employment relationship is established between you and us, we may process the personal data already received from you for the purposes of the employment relationship in accordance with Art. 6 para. 1 b GDPR and § 26 para. 1 BDSG, if this is necessary for the performance or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of employee representation arising from a law or a collective agreement, works agreement or service agreement (collective agreement).

It may be that we are unable to consider you for a position immediately, but would like to keep your application on file so that we can contact you quickly if necessary. If this is the case, we will ask for your consent in accordance with Section 26 (2) of the German Data Protection Act (BDSG) to include your application in our pool of applications for a certain period of time. If you give us your consent, you can revoke it at any time. Should your data be required for legal prosecution after completion of the application process, it may be used in accordance with the requirements of Art. 6 GDPR, in particular to protect legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. Our interest then lies in the assertion or defence of claims, for example in the context of the burden of proof in proceedings under the General Equal Treatment Act (AGG).

5. Who receives my data?

Your application will be reviewed by the Human Resources department upon receipt of your application. Suitable applications will then be forwarded internally to the managers responsible for the relevant vacancy. The next steps will then be agreed. Within the Group, your details will only be accessed by those who need to know in order to complete our recruitment process. As part of the application process, your application will be forwarded to the company within our group that needs to fill the vacancy or to whose department you have submitted your application. We use a number of service providers to support the application process, for example to help us communicate with you or to operate our application portal. We have carefully selected and contractually bound these service providers to ensure the protection of your personal data.

6. Application management with Personio

We use recruiting software or applicant management platforms and thus the services of third-party providers for the purpose of searching for applicants, submitting applications and selecting applicants.

The data submitted as part of your application will be stored in a database. This database is operated by Personio GmbH, Rundfunkplatz 4, 80335 Munich, which offers personnel administration and applicant management software. The data is stored exclusively on ISO-certified servers in Germany. In this context, Personio is our processor in accordance with Art. 28 GDPR; we have concluded a corresponding data processing agreement with the provider.

You can send us your application using an online form; the data will then be transmitted to us in encrypted form in accordance with the state of the art. You can also send us your application by e-mail. Please note, however, that e-mails are generally not sent encrypted on the Internet. As a rule, e-mails are encrypted in transit, but not on the (intermediate) servers from which they are sent and received. We can therefore accept no responsibility for the transmission path of the application between sending and receipt on our server. Alternatively, you can also send us your application by post. All applications received by us, regardless of how they reach us, are recorded in our application management platform.

7. Is data transferred to a third country or an international organisation?

As a general rule, data will not be transferred to organisations in countries outside the European Economic Area (so-called third countries). However, data may be transferred to third countries on a case-by-case basis if:

It is required by law,
you have given your consent, or
it is justified by a legitimate interest under data protection law and does not conflict with any overriding legitimate interest of the data subject.

We do not transfer personal data to third countries or international organisations. However, we use service providers for certain tasks, most of which also use service providers that may have their headquarters, parent company or data centres in a third country. A transfer is allowed if the European Commission has decided that a third country provides an adequate level of protection (Article 45 GDPR). If the Commission has not made such a decision, we or our service providers may only transfer personal data to a third country if adequate safeguards are in place (e.g. standard data protection clauses adopted by the EU Commission or the supervisory authority in a specific procedure) and enforceable rights and effective remedies are available. We have entered into appropriate contracts with our service providers and have also contractually agreed that data protection safeguards must always be in place with their contractual partners in accordance with the European data protection level.

8. How long will my information be kept?

We will keep your personal data for as long as is necessary to make a decision on your application. If your application is successful, your personal data will be transferred to our human resources information system. If we are unable to immediately consider you for a position and you consent to your personal data continuing to be stored, we will transfer your data to our candidate pool. Your data will be deleted after the agreed period (usually 12 months) or if you withdraw your consent. If we do not enter into an employment relationship with you, we may continue to retain the data if this is necessary to defend against any legal claims. This will usually be for six months after notice of termination is given or until a final decision is reached in a pending legal dispute.

9. What data protection rights do I have?

Every data subject has the right of access under Article 15 GDPR, the right of rectification under Article 16 GDPR, the right of erasure under Article 17 GDPR, the right to restrict processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. The restrictions under Sections 34 and 35 BDSG apply to the right of access and the right of erasure. In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 GDPR). You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of consent declarations given to us before the GDPR came into force, i.e. before 25 May 2018. Please note that revocation will only be effective for the future. Processing that took place before the revocation will not be affected. In principle, you can exercise your rights by contacting any of the entities listed in point 1. However, we ask you to contact PROLOGA GmbH in the first instance if you have any questions or concerns about data protection, as we have appointed this company to handle the rights of data subjects. By contacting PROLOGA GmbH directly, you will avoid unnecessary effort in dealing with your enquiry.

10. Is there an obligation to provide data?

There is no legal or contractual obligation to provide your personal data, nor are you under any obligation to do so. However, it is necessary for us to be able to enter into a contract of employment with you. Without this information, we will not be able to enter into or perform an employment relationship with you.

11. To what extent do you use automated decision making?

We do not use automated decision-making procedures in accordance with Article 22 of the GDPR for the establishment, performance and termination of the employment relationship. If we do use these procedures in individual cases, we will inform you separately about this and about your rights in this regard, to the extent required by law.

12. Does profiling take place?

We do not process your data with the aim of automatically evaluating certain personal aspects.

13. Information about your right to object under Article 21 of the GDPR

13.1 Right to object on a case-by-case basis

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(f) GDPR (data processing on the basis of a balancing of interests). This also applies to profiling on the basis of this provision within the meaning of Art. 4 No. 4 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

13.2 Recipients of an objection

The objection can be made informally with the subject line “Objection”, stating your name, address and date of birth, and should be addressed to the contact details mentioned in point 1 or to the channel used for the application.

14. Amendments to this Privacy Notice

We will revise this privacy policy in the event of changes to our data processing practices or as otherwise required. The current version will always be available on this website.

Status: 27/02/2025

Microsoft Teams

We take the protection of your personal data very seriously. We always treat your personal data confidentially and in accordance with the statutory data protection regulations. Therefore, we would like to inform you here about the processing of your personal data in connection with the use of Microsoft Teams (hereinafter referred to as “MS Teams”) and what rights you have.

1. Who is responsible for data processing and whom can I contact?

The responsible party is:

PROLOGA GmbH
Walter-Hülse-Straße 5
06120 Halle (Saale)
T: +49 345 55 54-0
E: info@prologa.com

You can reach our company data protection officer at:

Dr. Andreas Melzer
kelobit IT-Experts GmbH
T: 0345 132553-80
E: dsb@kelobit.de

2. What data is processed?

When using MS Teams, various types of data are processed. The scope of the data also depends on the data you enter yourself before or during participation in an online meeting. The following personal data are processed:

User details: e.g. display name (“Display Name”), e-mail address if applicable, profile picture (optional), preferred language.

Meeting metadata: e.g. date, time, meeting ID, phone numbers, location

Text, audio and video data: You may have the opportunity to use the chat function in an online meeting. In this respect, the text entries you make are processed in order to display them in the online meeting. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly during the meeting. You can turn off or mute the camera or microphone yourself at any time via the MS Teams apps.

3. What do we process your data for (purpose of processing) and on what legal basis?

3.1 Scope of processing

We use MS Teams to conduct online meetings, telephone and video conferences, webcasts, etc. To participate in an online meeting or enter the “meeting room”, you can also use a pseudonym.

The chat contents are logged when using MS Teams. We usually store the chat contents for a period of one month. If it is necessary for the purpose of logging the results of an online meeting, we can also log the chat contents for a longer period of time, but at the longest until the purpose pursued has been fulfilled. However, this will not usually be the case.

If we want to record meetings, we will inform you transparently in advance and, if necessary, ask for your consent. You will also see the fact of the recording in the Teams app or web browser view. The organiser can also specify which participants are entitled to be recorded.

In the case of webcasts, we may also process questions asked by participants for the purposes of recording and following up webcasts. You can also make use of the possibility to give a release for your screen. In this case, we have knowledge of the data and content you share via your screen.

We have no influence on the system-side processing of technical information such as device or hardware information (e.g. IP address, operating system data of the end device as well as time and date of access) by the service provider. Microsoft processes so-called telemetry data itself. The terms of use and information on data processing by Microsoft and MS Teams can be found at https://privacy.microsoft.com/de-DE/privacystatement and https://docs.microsoft.com/de-de/microsoftteams/teams-privacy?view=o365-worldwide.

3.2 Legal basis

Insofar as personal data of employees of our company are processed, the legal basis for data processing is Art. 6 Para. 1 lit. b DSGVO, possibly § 26 BDSG. If, in connection with the use of MS Teams, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of the use of MS Teams, the legal basis for data processing is Article 6 (1) (f) DSGVO. In these cases, our interest lies in the effective implementation of online meetings.

Otherwise, the legal basis for data processing when conducting online meetings is Art. 6 (1) lit. b DSGVO, insofar as the meetings are conducted within the framework of contractual relationships.

If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f DSGVO. Here too, our interest is in the effective conduct of online meetings.

If we make recordings of individual online meetings and consent is required and requested in this regard, the legal basis for this processing is Art. 6 (1) lit. a DSGVO.

4. Who receives my data?

In our company, only those persons have access to your data who need it for the smooth running of the online meetings, e.g. the organisers and participants in meetings from our company. This may also involve several specialist departments in our company, depending on which services or products you obtain from us. Furthermore, our IT department has access to your data for exclusively technical processing.

Personal data processed in connection with participation in online meetings will generally not be passed on to third parties unless it is intended to be passed on. Please note that content from online meetings, as well as face-to-face meetings, is often used to communicate information with customers, prospects or third parties and is therefore intended for disclosure.

As a provider of MS Teams, Microsoft necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in the context of our order processing agreement with MS Teams. Service providers used by us may also be recipients of your personal data within the scope of a commissioned processing pursuant to Art. 28 DSGVO.

We may be required to disclose certain data to the relevant authorised bodies as part of our legal obligations.

5. Are data transferred to a third country or to an international organisation?

In principle, we do not process data outside the European Union (EU), as we have limited our storage location to data centres in the European Union. However, we cannot exclude that routing or storage of data takes place via internet servers that are located outside the EU. This may be the case in particular if participants in online meetings are located in a third country.

A secure level of data protection is ensured by concluding supplementary EU standard data protection clauses and technical-organisational measures. When using standard data protection clauses, we aim to implement additional measures to protect their data where necessary. To this end, among other things, data is encrypted during transmission over the Internet and at rest, thus protecting it from unauthorised access by third parties. Microsoft uses standard technologies such as TLS and SRTP to encrypt all data in transit between users’ devices and Microsoft data centres and between Microsoft data centres. This includes messages, files (video, audio, etc.), meetings and other content. Corporate data at rest in Microsoft data centres is also encrypted in a way that allows organisations to decrypt content when needed. MS Teams also uses TLS and MTLS to encrypt chat messages. All server-to-server traffic requires MTLS – whether the traffic is restricted to the internal network or crosses the internal network perimeter. More information on how Microsoft Teams encrypts data can be found here: https://docs.microsoft.com/de-de/microsoftteams/teams-security-guide.

Microsoft has certification under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards for data processing in the USA. Any company certified under the DPF undertakes to comply with these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000KzNaAAK&status=Active.

6. How long will my data be stored?

As a matter of principle, we delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfil contractual services, to check and grant or ward off warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion will only be considered after the respective retention obligation has expired.

7. What data protection rights do I have?

Every data subject has the right to information under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR, the right to object under Article 21 of the GDPR and the right to data portability under Article 20 of the GDPR. With regard to the right to information and the right to erasure, the restrictions pursuant to Sections 34 and 35 BDSG apply. In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 DSGVO).

You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us before the applicability of the General Data Protection Regulation, i.e. before 25 May 2018. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected by this.

8. Is there an obligation to provide data?

Initially, the provision of your personal data is neither legally nor contractually required, nor are you obliged to provide such data. In order to participate in an online meeting or to enter the meeting room, you must at least provide information about your name. If you do not wish to do so, your participation in our online meetings will unfortunately not be possible.

9. To what extent is there automated decision-making?

No automated decision-making within the meaning of Art. 22 DSGVO is used. 10.

10. Does profiling take place?

We do not process your data with the aim of automatically evaluating certain personal aspects.

11. information about your right to object according to article 21 DSGVO

11.1 Individual right of objection

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

11.2 Recipients of an objection

The objection can be made informally with the subject “Objection”, stating your name and e-mail address, and should be addressed to the contact details mentioned under point 1.

12 Amendment of this data protection notice

We revise this data protection notice in the event of changes to data processing or other occasions that make this necessary. You will always find the current version on this website.

Status: 24.10.2023

Social Media

Data processing through social networks

Social networks such as Xing, Youtube, Facebook, Twitter, etc. can generally analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. Like buttons or advertising banners). Visiting our social media presences triggers numerous processing operations relevant to data protection. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account.However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal.In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or were logged in.

Please also note that we cannot track all processing operations on the social media portals.Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals.For details, please refer to the terms of use and data protection provisions of the respective social media portals.

Legal basis

Our social media presences are intended to ensure the most comprehensive presence possible on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO. The analysis processes initiated by the social networks may be based on different legal bases, which are to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a DSGVO).

Responsible person and assertion of rights

If you visit one of our social media sites (e.g. Xing), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint, for more details see separate entry) both vis-à-vis us and vis-à-vis the operator of the respective social media portal (e.g. vis-à-vis Xing).

Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.

Storage duration

The data collected directly by us via the social media presence is deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Social networks in detail

XING

We have a profile on XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. For details on how they handle your personal data, please refer to the privacy policy of XING: https://privacy.xing.com/de/datenschutzerklaerung.

YouTube in particular

We use a YouTube channel owned by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

We would like to point out that you use the YouTube channel offered here and its functions on your own responsibility. This applies in particular to the use of the “Discussion” function. Information about which data is processed by Google and for which purposes can be found in the privacy policy of Google: https://policies.google.com/privacy?hl=de https://policies.google.com/privacy?hl=de&gl=de#infocollect

We have no influence on the type and scope of the data processed by Google, the type of processing and use or the transfer of this data to third parties. We also have no effective control options in this respect.

By using Google, your personal information will be collected, transferred, stored, disclosed and used by Google and transferred to, and stored and used in, the United States, Ireland and any other country in which Google does business, regardless of your country of residence.There is a transfer to Google-affiliated companies and other trusted companies or individuals who process it on Google’s behalf. Google processes on the one hand your voluntarily entered data such as name and username, email address, telephone number. Google also processes the content that you create, upload or receive from others when using the services. This includes, for example, photos and videos that you save, documents and spreadsheets that you create, and comments that you write on YouTube videos.

On the other hand, Google also evaluates the content you share to determine what topics you are interested in, stores and processes confidential messages that you send directly to other users, and can determine your location using GPS data, wireless network information, or your IP address in order to send you advertising or other content.

For evaluation, Google may use analysis tools such as Google Analytics.PROLOGA has no influence on the use of such tools by Google and was not informed about such potential use. If tools of this type are used by Google for the YouTube channel of PROLOGA, PROLOGA has neither commissioned nor otherwise supported this in any way. PROLOGA is also not provided with the data obtained during the analysis. Only certain profiles of the subscribers can be viewed by PROLOGA via its account. Moreover, PROLOGA has no way to prevent or turn off the use of such tools on its YouTube channel. Finally, Google also receives information when you view content, for example, even if you have not created an account. This so-called “log data” may be the IP address, browser type, operating system, information about the website you visited previously and the pages you viewed, your location, your mobile carrier, the terminal device you use (including device ID and application ID), the search terms you used and cookie information. You have options to restrict the processing of your data in the general settings of your Google account.

In addition to these tools, Google also offers privacy settings specific to YouTube.To learn more, see Google’s privacy guide for Google products: https://policies.google.com/technologies/product-privacy?hl=de&gl=de

You can find more information on these points in Google’s privacy policy under the term “Privacy settings”:https://policies.google.com/privacy?hl=de&gl=de#infochoices

Furthermore, you have the option to request information via the Google privacy form: https://support.google.com/policies/answer/9581826?visit_id=637054532384299914-2421490167&hl=de&rd=3

Data processed by PROLOGA

PROLOGA also processes your data when you communicate with us via YouTube. The processing takes place for the purposes of PROLOGA’s public relations work. The recipient of the data is first Google, where it may be passed on to third parties for their own purposes and under the responsibility of Google. The recipient of publications is also the public, i.e. potentially anyone. PROLOGA itself does not collect any data via its YouTube channel.

Also via the integration of the YouTube videos of PROLOGA on its website (www.prologa.de or www.prologa-energy.de), the IP addresses of page visitors are not transmitted to Google. In particular, no tracking of any kind takes place on the website. However, the data you enter on YouTube, in particular your username and the content published under your account, will be processed by us insofar as we may respond to your publications under “Discussions”. The data freely published and disseminated by you on YouTube is thus included by PROLOGA in its offer and made available to its followers.

Other rights

Every data subject has the right to information under Article 15 of the DSGVO, the right to rectification under Article 16 of the DSGVO, the right to erasure under Article 17 of the DSGVO, the right to restriction of processing under Article 18 of the DSGVO, the right to object under Article 21 of the DSGVO and the right to data portability under Article 20 of the DSGVO. With regard to the right to information and the right to erasure, the restrictions pursuant to Sections 34 and 35 BDSG apply.

In addition, you have the right to lodge a complaint with the supervisory authority responsible for data protection issues at your place of residence or work (Article 77 DSGVO). The supervisory authority responsible for our company is:

Landesbeauftragter für den Datenschutz Sachsen-Anhalt
Postfach 1947
39009 Magdeburg

T: 0391 81803-0
E: poststelle@lfd.sachsen-anhalt.de

A list of other supervisory authorities and their contact details can be found in the following link:https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us before the applicability of the General Data Protection Regulation, i.e. before May 25, 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.