Cyberhorses is committed to protecting your Personal Data taking its commitment in this regard very seriously. For this reason we would like to take this opportunity to inform you about the Processing of your data specifically the type scope and purpose of its collection and use.
Our company always strives to ensure the comprehensive protection of your data while fully complying with applicable legal regulations in particular the European General Data Protection Regulation (GDPR) the Swiss revised Data Protection Law (revDSG) and the German Federal Data Protection Act (BDSG) as well as any other country-specific data protection regulations applicable to us.
As the Controller the company has implemented numerous technical and organizational measures to ensure the most complete protection of Personal Data processed on its website.
This Privacy Policy is intended to inform Data Subjects about the nature scope and purpose of the Personal Data that we collect use and process especially in connection with our website. It will in addition inform you the Data Subject of your rights.
The information will always be kept available for download on our website.
Our Privacy Policy is based on the terms used by European lawmakers in the GDPR. The aim is to ensure that the general public can easily read and understand the Policy’s provisions including our customers and business partners. For this purpose we would like to explain some of the terms used in advance.
Processor: a Processor is a natural or legal person public authority agency or other body that processes Personal Data for the Controller.
Data Subject: Data Subject refers to any identified or identifiable natural person whose Personal Data is processed by the Controller.
Cookies: Cookies are text files that are placed and stored on a computer system by means of an internet browser.
Third Party: a Third Party is a natural or legal person public authority agency or other body other than the Data Subject the Controller the Processor and the persons authorized to process the Personal Data under the direct responsibility of the Controller or the Processor.
Recipient: a Recipient is a natural or legal person public authority agency or other body to which Personal Data is disclosed whether or not it is a Third Party. However public authorities that may receive Personal Data in the context of a specific investigative task under EU or Member State law are not considered Recipients.
Consent: Consent means any freely given specific and informed indication of the Data Subject’s wishes in the form of a statement or other unambiguous affirmative act by which the Data Subject signifies his or her agreement to the Processing of his or her Personal Data.
Personal Data: Personal Data means any information relating to an identified or identifiable natural person (Data Subject). An identifiable natural person is one who can be identified directly or indirectly in particular by reference to an identifier such as a name an identification number location data an online identifier or to one or more factors specific to the physical physiological genetic mental economic cultural or social identity of that natural person.
Pseudonymization: Pseudonymization is the Processing of Personal Data in such a way that the Personal Data can no longer be attributed to a specific Data Subject without the use of additional information providing such additional information is kept separate and is subject to technical and organizational measures to ensure that the Personal Data are not attributed to an identified or identifiable natural person.
Profiling: Profiling is any type of automated Processing of Personal Data that consists of using such Personal Data to evaluate certain personal factors relating to a natural person in particular to analyse or predict factors relating to the natural person’s performance at work economic situation health personal preferences interests reliability behaviour location or change of location.
Processing: Processing means any operation or set of operations which is performed on Personal Data whether or not by automatic means such as collection logging organization filing storage adaptation or alteration retrieval consultation use disclosure by transmission dissemination or otherwise making available alignment or combination restriction erasure or destruction.
Controller: the Controller is the natural or legal person public authority agency or other body that solely or jointly with others determines the purposes and means of the Processing of Personal Data. Where the purposes and means of such Processing are determined by EU or Member State law the controller may be legally appointed or subject to specific criteria defined by law.
This Privacy Policy applies to all data that we process in our capacity as Controller within the meaning of the GDPR other data protection laws applicable in EU Member States and other provisions of a data protection nature:
You can reach our Data Protection Officer at the address of Cyberhorses AG or by sending an email to dpo@cyberhorses.io
Data Subjects may always address any questions or suggestions regarding data protection directly to our Data Protection Officer.
Our webpages do not make use of cookies.
Our website collects a variety of general data and information each time a Data Subject accesses the site storing it in log files on the server. The following general data and information may be logged:
No conclusions are drawn about the Data Subject when using this general data and information. It is rather required in order to:
Therefore the data and information collected is statistically analysed by us and/or evaluated with the aim of increasing the data protection and data security of our enterprise in order to ultimately ensure the best possible level of protection for the Personal Data we process. The data in the server log files is stored separately from any Personal Data provided by a Data Subject.
The legal basis for the collection and storage of the above-mentioned data is our legitimate interests pursuant to Art. 6(1)(1)(f) GDPR involving the maintenance and operation of a homepage.
To provide you with the best possible service and to promote our business we may transfer certain data internally or to selected Third Parties. There may also be a specific legal or statutory obligation that requires us to disclose your Personal Data to Third parties.
The parties to which we may disclose your information include:
Whenever we share Personal Data internally or with Third Parties in other countries we will implement appropriate safeguards in accordance with applicable data protection laws including where applicable the EU Standard Contractual Clauses when transferring data to countries outside the European Union or the European Economic Area. As required by applicable law Third Parties must use appropriate safeguards to protect Personal Data and may only access Personal Data as needed to perform their respective tasks.
Your Personal Data will not however be transferred to Third Parties for any purposes other than those set out in this Privacy Policy. In this respect (and in accordance with Art. (6)(1)(1) GDPR) we only share your Personal Data with Third Parties if:
Due to legal regulations and other reasons our website contains information that enables quick electronic contact with our company as well as direct communication with our representative. If you contact us by email or by using our contact form the Personal Data you provide will be automatically saved. Any Personal Data that you voluntarily submit to us will be retained for the purpose of processing your request or contacting you and will not be shared with Third Parties. Personal Data sent by e-mail or the contact form will be deleted when the respective conversation with the user has ended and no relevant retention periods prevent the deletion. The conversation is ended when circumstances indicate that the matter in question has been conclusively settled.
The legal basis for this Processing is usually our legitimate interest pursuant to Art. 6(1)(f) or Art. 6(1)(b) GDPR if the purpose is to fulfil or initiate a contract with you.
We process and retain your Personal Data only for the period of time necessary to achieve the purpose for which it is collected or insofar as this retention is required EU or relevant national lawmakers whose laws or regulations apply to us e.g. due to retention periods.
If the reason for retention no longer applies or if a retention period prescribed by the EU or national lawmakers applicable to us expires the Personal Data will be routinely deleted blocked or restricted for Processing in accordance with the statutory provisions.
As a Data Subject you are afforded the rights listed below which you may assert against us at any time:
Without prejudice to any other administrative or judicial remedy you have the right to lodge a complaint with the supervisory authority of your usual place of residence or place of work or our registered office in accordance with Art. 77 GDPR should you be of the opinion that the Processing of Personal Data concerning you violates the GDPR. The supervisory authority to which the complaint is lodged shall inform the complainant of the status and outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.
Under Art. 15 GDPR you have the right to request confirmation from us at any time concerning our Processing of your Personal Data.
Pursuant to Art. 15 GDPR you also have the right to obtain information from us at any time and free of charge about the Personal Data that we retain about you. Furthermore you are also entitled to request other information including the following:
Furthermore you have the right to be informed whether Personal Data has been transferred to a third country or to an international organization. If so you also have the right to obtain information about the appropriate safeguards in connection with the transfer.
In addition Art. 16 GDPR entitles you to demand the immediate correction of any inaccuracies in your Personal Data. Furthermore you have the right to request the completion of incomplete Personal Data – including by means of a supplementary declaration – taking the purposes of the Processing into account.
Under Art. 17 GDPR you may also request that your Personal Data be erased without undue delay providing one of the following reasons specifically applies and providing the Processing is not necessary:
If the Personal Data has been made public by us and our company as the Controller is required to erase the Personal Data pursuant to Article 17(1) GDPR we shall implement reasonable measures including technical measures taking into account the available technology and the cost of implementation in order to inform other data controllers processing the published Personal Data that you as the Data Subject have requested these other data controllers to erase all links to such Personal Data or copies or replications of such Personal Data.
Article 18 GDPR entitles you to request restriction of Processing if one of the following conditions is met:
Pursuant to Art. 20 GDPR you have the right to receive any Personal Data concerning you that you have provided to us in a structured commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us providing the Processing is based on Consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR providing the Processing has been carried out with the aid of automated procedures and providing the Processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller. When furthermore exercising your right to data portability pursuant to Article 20(1) GDPR you have the further right to have the Personal Data transferred directly from us to another controller insofar as this is technically feasible and insofar as this does not adversely affect the rights and freedoms of other persons.
Furthermore Art. 21 GDPR grants you the right at any time and for reasons arising from your particular situation to object to the Processing of Personal Data relating to you that is being carried out on the basis of Art. 6(1)(f) GDPR. This also applies to Profiling based on these provisions. In the event of such objection we shall no longer process the Personal Data unless we can demonstrate compelling legitimate grounds for the Processing which override your interests rights and freedoms as a Data Subject or unless the Processing serves the purpose of asserting exercising or defending legal claims. If we process Personal Data for the purpose of direct marketing you have the right to object at any time to the processing of Personal Data for such purpose. This also applies to Profiling insofar as it is associated with such direct marketing. If you object to our Processing for direct marketing purposes we will of course no longer process this Personal Data for such purposes.
Under Art. 22 GDPR and subject to the restrictions of Section 37 BDSG you also have the right not to be subject to a decision based solely on automated processing – including Profiling – that produces legal effects concerning you or significantly impacts you in a similar manner providing the decision is:
If the decision is necessary for the conclusion or performance of a contract between you and us or if it is made with your explicit consent we will take reasonable steps to safeguard your rights and freedoms as well as your legitimate interests including at least the right to obtain the intervention of a responsible person to express your point of view and to contest the decision.
To clarify we explicitly reiterate that you have the right under Art. 7(3) GDPR to withdraw your Consent to the Processing of Personal Data at any time. If you would like to exercise one of the rights to which you are entitled in accordance with subsections b) to j) of this section and make use of your rights please contact our Data Protection Officer referred to in Section 2 above or another member of our staff at any time. In the event that the right to erasure (subsection e) and restriction of processing (subsection f) is asserted we will comply with the respective request without undue delay and in individual cases take the necessary steps.
Our company collects and processes your Personal Data as a job applicant for the purpose of completing the application process. The legal basis for this activity is Art. 6(1)(b) GDPR in conjunction in Germany with Section 26(1)(1) BDSG. The processing may also take place electronically as is particularly the case if you send us corresponding application documents electronically for example by email.
If the application process is successful and we conclude an employment contract with you the transmitted data will be stored for the purpose of Processing the employment relationship in compliance with the statutory provisions pursuant to Section 26 BDSG.
If the application process does not end successfully and we do not conclude an employment contract with you the application documents will be deleted six weeks after the end of the application process unless we agree otherwise with you or there are other legitimate interests that prevent deletion. Other legitimate interests in this sense include for example a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG) in Germany.
Art. 6(1)(a) GDPR serves as the legal basis for our company with regard to processing operations in which we obtain Consent for a specific processing purpose. If the Processing of Personal Data is necessary for the performance of a contract concluded between you and us as is the case for example with processing operations that are necessary for a delivery of goods or the provision of another service or consideration the Processing is based on Art. 6(1)(b) GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures for example in cases of inquiries about our products or services. If our company is subject to a legal obligation by which the processing of Personal Data becomes necessary such as for the fulfilment of tax obligations the processing is based on Art. 6(1)(c) GDPR. In rare cases the Processing of Personal Data might become necessary to protect vital interests of you or another natural person. Such would be the case for example if a visitor were to be injured on our premises and as a result his or her name age health insurance data or other vital information had to be transferred to a doctor hospital or other Third Party. The Processing would then be based on Art. 6(1)(d) GDPR. Finally processing operations could be based on Art. 6(1)(f) GDPR if the Processing is necessary to protect a legitimate interest of our company or a Third Party providing the interests fundamental rights and freedoms of the Data Subject are not overridden.
If the Processing of Personal Data is based on Article 6(1)(f) GDPR our legitimate interest may in addition to the cases already mentioned in this policy statement include the conduct of our business to benefit the well-being of all our employees and shareholders.
The criterion determining the period for the retention of Personal Data is the respective statutory retention period. The relevant data is routinely deleted on expiry of this period. Finally the retention period is also based on statutory limitation periods.
We would also like to inform you that the provision of Personal Data may be necessary for the conclusion of a contract if for example you contact us via our homepage in the course of initiating a contract. Failure to provide Personal Data would mean that the contract with you cannot be concluded.
Otherwise you are not required to provide your data when visiting our website although failure to do so will make it technically impossible for you to visit our homepages.
A Data Subject may contact our Data Protection Officer prior to providing personal data. Our Data Protection Officer will inform the Data Subject on a case-by-case basis whether the provision of the Personal Data is required by law or by contract whether it is necessary for the conclusion of a contract whether there is an obligation to provide the Personal Data and what the consequences of not providing the Personal Data would be.
When you visit our website we use the widespread SSL (Secure Socket Layer) procedure in conjunction with the highest encryption level supported by your browser. As a rule this is 256-bit encryption. Should your browser not support 256-bit encryption we will use 128-bit v3 technology instead. You can tell whether an individual sub-page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the status bar of your browser.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation partial or complete loss destruction or unauthorized access by Third Parties. Our security measures are continuously improving to keep pace with technological developments.