THE ROC Research on Occupational Competencies GmbH Privacy Policy

We take the protection of your personal data very seriously. This privacy policy explains the type of information we collect about you, when we store the data and how we use it. We have undertaken appropriate technical and organisational measures to ensure that both we and our external suppliers comply with the latest data protection regulations. As the entity responsible for processing personal data, we have implemented numerous technical and organisational measures to ensure that personal data processed via this website is protected in the most comprehensive way possible. Nevertheless, internet-based data transmissions can still be subject to vulnerabilities, meaning that absolute protection cannot be guaranteed. For this reason, each data subject is free to provide us with personal data via alternative means, for example by telephone.

Please read our privacy policy carefully. Please email us at the address given in clause 2 if you have any questions or comments concerning this privacy policy. According to the provisions laid down in the GDPR, you have various rights which you can assert against us. Please refer to the “Your Rights” section for further information. Please do not hesitate to contact us if you have any questions concerning this privacy policy.

This privacy policy applies to users of our website www.TheRocInstitute.com.  The entity that is responsible for processing data for this website is:

 

THE ROC Research on Occupational Competencies GmbH,

Kurfürstendamm 213, 10719 Berlin;

Tel.: +49-30-610 82 031-0,

Fax: +49-30-610 82 03-29,

Datenschutz@TheRocInstitute.com.

We collect, process and use your personal data exclusively in accordance with the legal regulations and especially in accordance with the current data protection regulations.

When you register to use great8tachometer, you are agreeing to this privacy policy. The latest version of this privacy policy, which is supplemented by our terms of use policy, applies exclusively when you use our services.

Contract data

The necessary information is solely processed for the purpose of performing the contract with THE ROC Research on Occupational Competencies GmbH. If external service providers are involved in the performance of the contract, your data will only be passed onto them to the extent necessary for this purpose. In this respect, we only process data that is necessary for the conclusion, performance or termination of the contract. This information includes:

  • First, surname
  • Billing and delivery address
  • Email address
  • Invoicing and payment details
  • The end device’s IP address (internet protocol address) from which the website is accessed
  • Period covered by the contract
  • Period covered by the agreement to our privacy policy

Data relating to our test platform

When you carry out one of our tests, you are agreeing to allow us to process the data that you have provided on the form so that we can then present the results to you. Our evaluation algorithms operate in an anonymised form. Only when the evaluation has been completely carried out in an anonymous and objective form will your personal data specified during the conclusion of the contract be associated with the results of our tests. This guarantees that the evaluation process is both objective and credible.

Reasons for use include:

  • To produce information, e.g. to create competency reports based on responses you have provided.
  • To improve the services provided by the platform in general, including improvements to competency identification.
  • For research purposes: for example, the answers entered by the test person are used for research purposes in an anonymised form, i.e. with no identifying features.

Data exchange when visiting the website

When you visit the website operated by THE ROC Research on Occupational Competencies GmbH, various types of information are exchanged between your end device and our server. These types of information may include personal data. Information collected in this way is used in various ways including in measures we undertake to optimise our website.

Communication via forms

When you use our contact form to get in contact with us, we process data that is necessary to perform the contract and which enables both parties to communicate. This information includes:

  • First, surname
  • Email address
  • The end device’s IP address (internet protocol address) from which the website is accessed
  • Period of communication
  • Period covered by the agreement to our privacy policy

Legal basis

Pursuant to art. 13 of the GDPR, we hereby notify you of the legal basis of our data processing operations. Insofar as the legal basis is not identified in the privacy policy, the following applies: the legal basis for obtaining consent is pursuant to art. 6 para. 1 (a) and art. 7 of the GDPR; the legal basis for processing data in order to perform our services, to implement the measures provided for in the contract and to respond to queries is laid down in art. 6 para. 1 (b) of the GDPR; the legal basis for processing data in order to fulfil our legal obligations is laid down in art. 6 para. 1 (c) of the GDPR and the legal basis for processing data in order to safeguard our legitimate interests is laid down in art. 6 para. 1 (f) of the GDPR. 6 para. 1 (d) of the GDPR serves as the legal basis should the vital interests of a data subject or another natural person require that personal data should be processed.

Log files

Certain information is automatically transmitted by your internet browser each time you use the internet and we store this information in log files. We only use the log files to determine whether there are errors or for security reasons (e.g. to determine whether attempts have been made to hack the system). The log files are stored for 7 to 10 days and then deleted. Log files, which must be stored for the purpose of providing evidence, are excluded from deletion until the event in question is fully clarified and may be submitted to investigating authorities in certain cases.

The following information is specifically stored in the log files:

  • The end device’s IP address (internet protocol address) from which the website is accessed;
  • The internet address of the website from where the website was accessed (original or referrer URL);
  • The name of the service provider via which access to website takes place;
  • Name of the files or information that have been accessed;
  • Date, time of day and duration of the visit;
  • The amount of data transmitted;
  • Operating system and information regarding the internet browser that is used, including add-ons that have been installed (e.g. for Flash Player);
  • The http status code (e.g. “Request successful” or “Requested file not found”);

Encryption of your data and data transfer operations.

We take all the necessary technical and organisational security measures to protect your personal data from loss or misuse. Your data is therefore stored in a secure operating environment which cannot be accessed by the public. It is transmitted in an encrypted form using SSL technology (Secure Sockets Layer). The candidate’s public key is documented in a certificate (issued by Thawte, a recognized certificate authority). This means that communication between your computer and our servers is carried out using a recognised encryption process but only if your browser supports SSL. Please refer to the appropriate browser provider for information and updates.

Protection of your personal data

After your personal data is transmitted to us, we save it on our server to which there is restricted access. We have undertaken appropriate technical and organisational measures to ensure that only authorised personnel can access this server.

We use cookies in order to make our services even more user-friendly. You can disable cookies in your browser, however, this may inhibit the functionality of the platform. Cookies are text files which a website transfers onto the web browser on the storage medium on a user’s end device and which is temporarily placed there for the duration of the user’s visit to the website or which is sometimes placed there for longer periods depending on the type of cookie. Cookies carry out different functions (e.g. to differentiate between the individual user of the same website or in order to remember specific facts about the user, specific preferences, for example) and are used by most websites that are aiming to deliver a high-quality user experience.

You can set your browser to inform you when cookies are being enabled. You can also decide whether you wish to accept them individually and whether you wish to prevent the use of cookies in specific cases or in general. The functionality of our website may be restricted if you choose not to accept cookies.

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA), or if we use third party services, or disclose or transfer data to third parties, this only occurs if we are required to do so in order to fulfil (pre)contractual obligations, on the basis of your consent, on the basis of a statutory requirement or on the basis of our legitimate interests. Subject to legal or contractual concessions, we only process data or allow data to be processed in a third country under the specific conditions outlined in art. 44 ff. of the GDPR. This means that data is processed on the basis of special guarantees, for example the data protection level must be determined in accordance with the levels officially recognised by the EU (e.g. in accordance with the Privacy Shield Frameworks stipulated in the USA), or must comply with officially recognised contractual obligations (standard contractual clauses).

We shall process and store your personal data only for the duration that is necessary to achieve the purposes for which the data is stored, or to the extent provided for by the European legislative authority by means of European directives, or in any other laws or regulations that have been enacted and by which we are governed. If the purpose of data storage no longer applies or a retention period prescribed by the European legislative authority by means of European directives, or another legislator, expires, the personal data shall be typically blocked or erased in accordance with statutory provisions.

a)    Right of confirmation

You have the right, as granted by European directives and the European legislator, to request a confirmation from us which states whether we have processed your personal data. You can contact us at any point if you wish to exert your right of confirmation.

b)    Right to information

You have the right, as granted by European directives and the European legislator, to receive at no cost to yourself information relating to your personal data which has been saved and to receive a copy of this information. This specifically relates to:

  • the purposes of processing the data;
  • the categories of personal data that are processed;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  • if possible, the planned duration for which the personal data shall be stored, or, if this is not possible, the criteria for determining this duration;
  • the right to have personal data corrected or erased, or to restrict how much it can be processed by the data controller or the right to object to the processing of your personal data;
  • the right to lodge a complaint with a supervisory authority;
  • if the personal data is not collected from the data subject: all available information on the origin of the data.

You can contact us at any point if you wish to exert your right to information.

c)    Right to correction

You have the right, as granted by European directives and the European legislator, to demand that any incorrect personal data is immediately corrected. You also have the right to request the completion of incomplete personal data, including by means of a supplementary statement, taking into account the purposes of the data processing. You can contact us at any point if you wish to exert your right to correction.

d)    Right to erasure (Right to be forgotten)

You have the right, as granted by European directives and the European legislator, to demand that your personal data is immediately deleted, provided that one of the following reasons applies and the data processing is not necessary:

  • The personal data was no longer necessary for the purposes for which it was collected or handled in some other form which is no longer necessary.
  • The data subject revokes his consent to the processing of personal data pursuant to art. 6 para. 1 (a) of the GDPR or art. 9 para. 2 (a) of the GDPR and there is no other legal basis for processing the data.
  • The data subject lodges an objection against the processing of data in accordance with art. 21 para. 1 of the GDPR and there are no overriding legitimate reasons for the processing of the data, or the data subject lodges an objection against the processing of data pursuant to art. 21 para. 2 of the GDPR.
  • The personal data was processed illegally.
  • Erasure of personal data is necessary to fulfil a legal obligation under European Union law or the law of the Member States by which the data controller is governed.
  • The personal data was collected in relation to Information Society services offered pursuant to art. 8 para. 1 of the GDPR.

Please do not hesitate to contact us if any of the aforementioned reasons apply.

e)    Right to restriction of processing

You have the right, as granted by European directives and the European legislator, to demand that your data is processed in a restricted way if one of the following conditions is met:

  • The data subject disputes the correctness of the personal data and the data controller is granted sufficient time to verify whether the data is correct or not.
  • The processing of data is unlawful, the data subject declines the erasure of personal data and instead demands that the use of personal data be restricted.
  • The data controller no longer needs the personal data for the purposes of processing, but the data subject needs the data to assert, exercise or defend legal claims.
  • The data subject has lodged an objection to the processing of the data pursuant to art. 21 para. 1 of the GDPR and it is not yet clear whether the legitimate grounds of the controller outweigh those of the data subject.

Please do not hesitate to contact us if any of the aforementioned conditions are met.

f)     Right to data portability

You have the right, as granted by European directives and the European legislator, to receive the personal data in a structured, commonly-used and machine readable format. You also have the right to transfer this data to another data controller provided that this is based on your consent pursuant to art. 6 para. 1 (a) of the GDPR or art. 9 para. 2 (a) of the GDPR or if this relates to a contract pursuant to art. 6 para 1 (b) of the GDPR and the processing of data is performed with the aid of automated procedures, provided that the processing is not necessary for the performance of a task which is in the public interest or to enable the data controller to exercise official authority which has been delegated to him.

Furthermore, in exercising your right to data portability pursuant to art. 20 para. 1 of the GDPR, you have the right to demand that the personal data be transmitted directly from one of our data controllers to another data controller, insofar as this is technically feasible and insofar as this does not affect the rights and freedoms of other persons. You can contact us at any point if you wish to exert your right to data portability.

g)    Right to object

You have the right, as granted by European directives and the European legislator, to object at any time for reasons that may arise from your own particular situation to the processing of your personal data relating pursuant to art. 6 para 1 (e) or (f) of the GDPR. We will no longer process your personal data if you object to us doing so unless we can provide compelling and legitimate reasons for such processing which outweigh the interests, rights and freedoms of the data subject, or if processing the data serves to assert, exercise or defend legal claims.

You also have the right for reasons arising from your own particular situation to object to the processing of your personal data which we carry out for scientific or historical research purposes or for statistical purposes in accordance with art. 89 para. 1 of the GDPR, unless such processing is necessary for the fulfilment of a task which is in the public interest. You can contact us at any point if you wish to exert your right to object. In relation to the use of services provided by the Information Society and notwithstanding Directive 2002/58/EC, you also have the opportunity to exercise your right to object by means of automated procedures using technical specifications.

h)    Right to revoke consent under data protection law

You have the right, as granted by European directives and the European legislator, to revoke your consent to the processing of personal data at any time. You can contact us at any point if you wish to exert your right to revoke your consent.

Use of Amazon AWS

Personal and anonymised data that you have submitted to us and that we have collected is stored on servers operated by Amazon Web Services Germany GmbH, Krausenstr. 38, 10117 Berlin, Germany. The servers operated by Amazon Web Services which are used to store the data are located within the territory of the Federal Republic of Germany in Frankfurt and are subject to the data protection laws laid down by national and European legislators. Amazon Web Services also handles your data in compliance with the relevant legal provisions. To view Amazon Web Services’ data protection policy, please visit https://aws.amazon.com/de/privacy/?nc1=f_pr.

Use of Stripe

If you choose to use the payment service provider Stripe as your method of payment, your payment will be processed via the payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland. We send this service provider information relating to your order that you provided to us during the order process (name, address, account number, bank sort code, possibly your credit card number, the amount invoiced, currency and transaction number). Your data is passed on solely for the purpose of processing the payment with the payment service provider Stripe Payments Europe Ltd. For further information on Stripe’s data protection policy, please visit https://stripe.com/de/terms.

Use of videos (e.g. YouTube, Vimeo)

This website uses the YouTube embedding function to show and play back videos published on YouTube. An enhanced data protection mode is used in this case which, according to statements issued by the provider, initiates a process that only stores user information when videos are played back. When embedded YouTube videos are played back, YouTube uses cookies in order to collect information about user behaviour. According to information issued by YouTube, these cookies are used to collect information such as video statistics, to improve user-friendliness and to prevent improper conduct. Irrespective of whether videos are played back or not, a connection is made to the Google ad serving service DoubleClick each time this website is accessed. This may initiate further data processing operations over which we have no influence. For further information on data protection at YouTube, please view the provider’s data protection declaration at: https://www.google.de/intl/de/policies/privacy/.

Web analysis services

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses cookies which are text files that are stored on your computer that facilitate an analysis of how you use the website. The information generated by the cookie on how you use this website is usually transferred to a Google server in the USA and stored there.

However, your IP address will be abbreviated by Google within the member states of the European Union or in other countries that have signed the Agreement on the European Economic Area in order to prevent it being directly linked to a particular individual. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and abbreviated there. On behalf of the operator of this website, Google uses this information to evaluate your use of the website, compile reports regarding website activity and to provide other services to the website operator related to website usage and internet usage.

The IP address transmitted by your browser as part of Google Analytics shall not be merged with any other data held by Google. You can prevent cookies from being stored by selecting the appropriate settings in your browser; however, we wish to point out that by doing so, you may not be able to use all the functions of this website to their full extent. In addition, you can prevent Google from collecting the data on your use of the website (including your IP address) generated by the cookie, as well as the processing of this data by Google, by downloading and installing the browser plugin available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Google reCAPTCHA

We use Google reCAPTCHA (hereinafter referred to as reCAPTCHA) on our websites. This service is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Inc. is headquartered in the USA and is certified in accordance with the EU-US Privacy Shield Frameworks which guarantee compliance with the levels of data protection which are valid in the EU. reCAPTCHA is intended to verify whether data that is entered onto our website (e.g. on a contact form) has been entered by a real person or by an automated programme. In order to achieve this, reCAPTCHA analyses the behaviour of the website visitor by means of different observations. This analysis begins automatically as soon as the website visitor accesses the website. reCAPTCHA evaluates various types of information to conduct the analysis (e.g. IP address, duration of the user’s visit to the website and other factors such as mouse movements). The data that is captured during the analysis is transferred to Google.

reCAPTCHA analysis is carried out entirely as a background operation. Visitors to the website are not alerted to the fact that an analysis is taking place. The legal basis for this data processing is art. 6 para. 1 (f) of the GDPR. The website operator has a legitimate interest in ensuring that his website is protected from automated illicit access and SPAM. For further information on Google reCAPTCHA and Google’s privacy policy, please visit https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

We are entitled to amend this privacy policy at any time with future effect and/or to add to the policy, especially if the services are extended or we are required to do so due to changes in the law. The latest version of the privacy policy is available to view at all times on the THEROC website at https://www.therocinstitute.com/datenschutz/.

The user will be informed of any changes and/or additions to the policy by means of an amendment notification which will be sent to the email address that has been provided by the user for correspondence purposes and/or during the login process on the website. It will be deemed that the user has granted his consent to the changes and/or additions provided that the user does not object in writing (by email) within 6 weeks from the date that the amendment notification has been received.