THE ROC Research on Occupational Competencies GmbH,
Rudower Chaussee 17, 12489 Berlin
Tel.: +49-30-610 82 031-0,
Fax: +49-30-610 82 03-29,
We collect, process and use your personal data exclusively in accordance with the legal regulations and especially in accordance with the current data protection regulations.
The necessary information is solely processed for the purpose of performing the contract with THE ROC Research on Occupational Competencies GmbH. If external service providers are involved in the performance of the contract, your data will only be passed onto them to the extent necessary for this purpose. In this respect, we only process data that is necessary for the conclusion, performance or termination of the contract. This information includes:
- First, surname
- Billing and delivery address
- Email address
- Invoicing and payment details
- The end device’s IP address (internet protocol address) from which the website is accessed
- Period covered by the contract
Data relating to our test platform
When you carry out one of our tests, you are agreeing to allow us to process the data that you have provided on the form so that we can then present the results to you. Our evaluation algorithms operate in an anonymised form. Only when the evaluation has been completely carried out in an anonymous and objective form will your personal data specified during the conclusion of the contract be associated with the results of our tests. This guarantees that the evaluation process is both objective and credible.
Reasons for use include:
- To produce information, e.g. to create competency reports based on responses you have provided.
- To improve the services provided by the platform in general, including improvements to competency identification.
- For research purposes: for example, the answers entered by the test person are used for research purposes in an anonymised form, i.e. with no identifying features.
Data exchange when visiting the website
When you visit the website operated by THE ROC Research on Occupational Competencies GmbH, various types of information are exchanged between your end device and our server. These types of information may include personal data. Information collected in this way is used in various ways including in measures we undertake to optimise our website.
Communication via forms
When you use our contact form to get in contact with us, we process data that is necessary to perform the contract and which enables both parties to communicate. This information includes:
- First, surname
- Email address
- The end device’s IP address (internet protocol address) from which the website is accessed
- Period of communication
Certain information is automatically transmitted by your internet browser each time you use the internet and we store this information in log files. We only use the log files to determine whether there are errors or for security reasons (e.g. to determine whether attempts have been made to hack the system). The log files are stored for 7 to 10 days and then deleted. Log files, which must be stored for the purpose of providing evidence, are excluded from deletion until the event in question is fully clarified and may be submitted to investigating authorities in certain cases.
The following information is specifically stored in the log files:
- The end device’s IP address (internet protocol address) from which the website is accessed;
- The internet address of the website from where the website was accessed (original or referrer URL);
- The name of the service provider via which access to website takes place;
- Name of the files or information that have been accessed;
- Date, time of day and duration of the visit;
- The amount of data transmitted;
- Operating system and information regarding the internet browser that is used, including add-ons that have been installed (e.g. for Flash Player);
- The http status code (e.g. “Request successful” or “Requested file not found”);
Encryption of your data and data transfer operations.
We take all the necessary technical and organisational security measures to protect your personal data from loss or misuse. Your data is therefore stored in a secure operating environment which cannot be accessed by the public. It is transmitted in an encrypted form using SSL technology (Secure Sockets Layer). The candidate’s public key is documented in a certificate (issued by Thawte, a recognized certificate authority). This means that communication between your computer and our servers is carried out using a recognised encryption process but only if your browser supports SSL. Please refer to the appropriate browser provider for information and updates.
Protection of your personal data
After your personal data is transmitted to us, we save it on our server to which there is restricted access. We have undertaken appropriate technical and organisational measures to ensure that only authorised personnel can access this server.
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA), or if we use third party services, or disclose or transfer data to third parties, this only occurs if we are required to do so in order to fulfil (pre)contractual obligations, on the basis of your consent, on the basis of a statutory requirement or on the basis of our legitimate interests. Subject to legal or contractual concessions, we only process data or allow data to be processed in a third country under the specific conditions outlined in art. 44 ff. of the GDPR. This means that data is processed on the basis of special guarantees, for example the data protection level must be determined in accordance with the levels officially recognised by the EU (e.g. in accordance with the Privacy Shield Frameworks stipulated in the USA), or must comply with officially recognised contractual obligations (standard contractual clauses).
We shall process and store your personal data only for the duration that is necessary to achieve the purposes for which the data is stored, or to the extent provided for by the European legislative authority by means of European directives, or in any other laws or regulations that have been enacted and by which we are governed. If the purpose of data storage no longer applies or a retention period prescribed by the European legislative authority by means of European directives, or another legislator, expires, the personal data shall be typically blocked or erased in accordance with statutory provisions.
a) Right of confirmation
You have the right, as granted by European directives and the European legislator, to request a confirmation from us which states whether we have processed your personal data. You can contact us at any point if you wish to exert your right of confirmation.
b) Right to information
You have the right, as granted by European directives and the European legislator, to receive at no cost to yourself information relating to your personal data which has been saved and to receive a copy of this information. This specifically relates to:
- the purposes of processing the data;
- the categories of personal data that are processed;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- if possible, the planned duration for which the personal data shall be stored, or, if this is not possible, the criteria for determining this duration;
- the right to have personal data corrected or erased, or to restrict how much it can be processed by the data controller or the right to object to the processing of your personal data;
- the right to lodge a complaint with a supervisory authority;
- if the personal data is not collected from the data subject: all available information on the origin of the data.
You can contact us at any point if you wish to exert your right to information.
c) Right to correction
You have the right, as granted by European directives and the European legislator, to demand that any incorrect personal data is immediately corrected. You also have the right to request the completion of incomplete personal data, including by means of a supplementary statement, taking into account the purposes of the data processing. You can contact us at any point if you wish to exert your right to correction.
d) Right to erasure (Right to be forgotten)
You have the right, as granted by European directives and the European legislator, to demand that your personal data is immediately deleted, provided that one of the following reasons applies and the data processing is not necessary:
- The personal data was no longer necessary for the purposes for which it was collected or handled in some other form which is no longer necessary.
- The data subject revokes his consent to the processing of personal data pursuant to art. 6 para. 1 (a) of the GDPR or art. 9 para. 2 (a) of the GDPR and there is no other legal basis for processing the data.
- The data subject lodges an objection against the processing of data in accordance with art. 21 para. 1 of the GDPR and there are no overriding legitimate reasons for the processing of the data, or the data subject lodges an objection against the processing of data pursuant to art. 21 para. 2 of the GDPR.
- The personal data was processed illegally.
- Erasure of personal data is necessary to fulfil a legal obligation under European Union law or the law of the Member States by which the data controller is governed.
- The personal data was collected in relation to Information Society services offered pursuant to art. 8 para. 1 of the GDPR.
Please do not hesitate to contact us if any of the aforementioned reasons apply.
e) Right to restriction of processing
You have the right, as granted by European directives and the European legislator, to demand that your data is processed in a restricted way if one of the following conditions is met:
- The data subject disputes the correctness of the personal data and the data controller is granted sufficient time to verify whether the data is correct or not.
- The processing of data is unlawful, the data subject declines the erasure of personal data and instead demands that the use of personal data be restricted.
- The data controller no longer needs the personal data for the purposes of processing, but the data subject needs the data to assert, exercise or defend legal claims.
- The data subject has lodged an objection to the processing of the data pursuant to art. 21 para. 1 of the GDPR and it is not yet clear whether the legitimate grounds of the controller outweigh those of the data subject.
Please do not hesitate to contact us if any of the aforementioned conditions are met.
f) Right to data portability
You have the right, as granted by European directives and the European legislator, to receive the personal data in a structured, commonly-used and machine readable format. You also have the right to transfer this data to another data controller provided that this is based on your consent pursuant to art. 6 para. 1 (a) of the GDPR or art. 9 para. 2 (a) of the GDPR or if this relates to a contract pursuant to art. 6 para 1 (b) of the GDPR and the processing of data is performed with the aid of automated procedures, provided that the processing is not necessary for the performance of a task which is in the public interest or to enable the data controller to exercise official authority which has been delegated to him.
Furthermore, in exercising your right to data portability pursuant to art. 20 para. 1 of the GDPR, you have the right to demand that the personal data be transmitted directly from one of our data controllers to another data controller, insofar as this is technically feasible and insofar as this does not affect the rights and freedoms of other persons. You can contact us at any point if you wish to exert your right to data portability.
g) Right to object
You have the right, as granted by European directives and the European legislator, to object at any time for reasons that may arise from your own particular situation to the processing of your personal data relating pursuant to art. 6 para 1 (e) or (f) of the GDPR. We will no longer process your personal data if you object to us doing so unless we can provide compelling and legitimate reasons for such processing which outweigh the interests, rights and freedoms of the data subject, or if processing the data serves to assert, exercise or defend legal claims.
You also have the right for reasons arising from your own particular situation to object to the processing of your personal data which we carry out for scientific or historical research purposes or for statistical purposes in accordance with art. 89 para. 1 of the GDPR, unless such processing is necessary for the fulfilment of a task which is in the public interest. You can contact us at any point if you wish to exert your right to object. In relation to the use of services provided by the Information Society and notwithstanding Directive 2002/58/EC, you also have the opportunity to exercise your right to object by means of automated procedures using technical specifications.
h) Right to revoke consent under data protection law
You have the right, as granted by European directives and the European legislator, to revoke your consent to the processing of personal data at any time. You can contact us at any point if you wish to exert your right to revoke your consent.
Use of Amazon AWS
Personal and anonymised data that you have submitted to us and that we have collected is stored on servers operated by Amazon Web Services Germany GmbH, Krausenstr. 38, 10117 Berlin, Germany. The servers operated by Amazon Web Services which are used to store the data are located within the territory of the Federal Republic of Germany in Frankfurt and are subject to the data protection laws laid down by national and European legislators. Amazon Web Services also handles your data in compliance with the relevant legal provisions. To view Amazon Web Services’ data protection policy, please visit https://aws.amazon.com/de/privacy/?nc1=f_pr.
Use of Stripe
If you choose to use the payment service provider Stripe as your method of payment, your payment will be processed via the payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland. We send this service provider information relating to your order that you provided to us during the order process (name, address, account number, bank sort code, possibly your credit card number, the amount invoiced, currency and transaction number). Your data is passed on solely for the purpose of processing the payment with the payment service provider Stripe Payments Europe Ltd. For further information on Stripe’s data protection policy, please visit https://stripe.com/de/terms.
Use of videos (e.g. YouTube, Vimeo)
Web analysis services
However, your IP address will be abbreviated by Google within the member states of the European Union or in other countries that have signed the Agreement on the European Economic Area in order to prevent it being directly linked to a particular individual. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and abbreviated there. On behalf of the operator of this website, Google uses this information to evaluate your use of the website, compile reports regarding website activity and to provide other services to the website operator related to website usage and internet usage.
The IP address transmitted by your browser as part of Google Analytics shall not be merged with any other data held by Google. You can prevent cookies from being stored by selecting the appropriate settings in your browser; however, we wish to point out that by doing so, you may not be able to use all the functions of this website to their full extent. In addition, you can prevent Google from collecting the data on your use of the website (including your IP address) generated by the cookie, as well as the processing of this data by Google, by downloading and installing the browser plugin available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
We use Google reCAPTCHA (hereinafter referred to as reCAPTCHA) on our websites. This service is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Inc. is headquartered in the USA and is certified in accordance with the EU-US Privacy Shield Frameworks which guarantee compliance with the levels of data protection which are valid in the EU. reCAPTCHA is intended to verify whether data that is entered onto our website (e.g. on a contact form) has been entered by a real person or by an automated programme. In order to achieve this, reCAPTCHA analyses the behaviour of the website visitor by means of different observations. This analysis begins automatically as soon as the website visitor accesses the website. reCAPTCHA evaluates various types of information to conduct the analysis (e.g. IP address, duration of the user’s visit to the website and other factors such as mouse movements). The data that is captured during the analysis is transferred to Google.
The user will be informed of any changes and/or additions to the policy by means of an amendment notification which will be sent to the email address that has been provided by the user for correspondence purposes and/or during the login process on the website. It will be deemed that the user has granted his consent to the changes and/or additions provided that the user does not object in writing (by email) within 6 weeks from the date that the amendment notification has been received.