Privacy Policy

How we handle your personal data is explained in this privacy policy. It is
based on the General Data Protection Regulation (GDPR). Except the third party
providers that we name in this document, we do not pass any data to third
parties. If you have any questions, please contact us.

Content

Controller

The controller for processing of data is

Pharca GmbH
Kirchstraße 4, 77736 Zell am Harmersbach

General Information

Provision of data

As a rule, it is neither legally nor contractually required to provide
personal data in order to use our website. Insofar as the provision of data is
necessary for the conclusion of a contract or the user is obliged to provide
personal data, we shall inform the user of this circumstance and the
consequences of not providing the data in this privacy policy.

 

Data transfer to third countries

We may use service providers and third parties located in countries outside
the European Union and the European Economic Area. The transfer of personal
data to such third countries takes place, unless the user has consented to the
data transfer, on the basis of an adequacy decision by the European Commission
(Art. 45 GDPR) or we have provided appropriate safeguards to ensure data
protection (Art. 46 GDPR). Insofar as there is an adequacy decision by the
European Commission for the transfer of data to a third country, we refer to
this in this privacy policy. Furthermore, users can obtain a copy of the
appropriate safeguards from us, insofar as these are not already contained in
the privacy policies of the service providers or third-party providers.

 

Automated decision-making
If we use automated decision-making, including profiling, this privacy policy
will inform you of this fact, the logic involved and the scope and intended
effects of such processing. Otherwise, there shall be no automated
decision-making process.
Processing for other purposes
Data is generally only processed for the purposes for which it was collected.
If, in exceptional cases, data is intended to be further processed for other
purposes, we will inform you of these other purposes before such further
processing and provide all other relevant information (Art. 13 (3) GDPR).

Website hosting

Every time our website is called up, the user’s browser transmits various
data. For the duration of the visit on the website, the following data is
processed and stored in log files even after the connection has ended:

  • Browser type and version used
  • Operating system
  • Pages and files accessed
  • Amount of data transmitted
  • Date and time of retrieval
  • User’s provider
  • IP address in anonymous form
  • Referrer URL

The processing of this data is necessary in order to deliver the website to
the user and to optimise it for the user’s end device. Storage in log files
serves to improve the security of our website (e.g. protection against DDOS
attacks). IP addresses are not rendered anonymous before being stored in log
files.

The legal basis for the processing is Art. 6 (1) f) GDPR. Our legitimate
interest is to provide the website and to improve website security. Log files
are automatically deleted after 30 days.

Cookies, pixel tags and mobile identifiers

On our website, we use technologies to recognise the used end device. These
can be cookies, pixel tags and/or mobile identifiers.

The recognition of an end device can generally be used for different purposes.
It may be necessary in order to provide functions of our website, for example
to make a shopping cart available. In addition, these technologies can be used
to track user behaviour on the site, for example for advertising purposes. We
describe the technologies we use and the purpose of their use separately and
in detail in this privacy policy.

For a better understanding, we will explain below how cookies, pixel tags and
mobile identifiers work in general:

  • Cookies are small text files that contain certain information and are stored
    on the user’s end device. In most cases, the information consists of an
    identification number that is assigned to an end device (cookie ID).
  • A pixel tag is a transparent graphic file that is integrated into a page and
    enables a log file analysis.
  • A mobile identifier is a unique number (mobile ID) stored on a mobile device
    which can be read out by a website.

Cookies may be required for our website to function properly. The legal basis
for the use of cookies of this nature is Art. 6 (1) f) GDPR. Our legitimate
interest is to provide the functions of our website.

We use cookies that are not required for the operation of our website in order
to make our offer more user-friendly or to be able to trace the use of our
website. The legal basis here depends on whether user consent must be obtained
or whether we can invoke a legitimate interest. The user can revoke given
consent, among other things, by means of browser settings at any time.

The user can prevent and object to the processing of data by means of cookies
by choosing suitable browser settings. An objection may lead to some functions
on the website no longer being available. We will inform you separately about
further possibilities for objecting to the processing of personal data by
means of cookies in this privacy policy. Where necessary, we provide links
which can be used to state an objection. These are labelled “opt-out”.

Establishing contact

In the event contact is established, we process the user’s details, date and
time for the purpose of processing the enquiry, including any queries.

The legal basis for the data processing is Art. 6 (1) f) GDPR. Our legitimate
interest is to answer our user’s enquiries. Additional legal basis is provided
by Art. 6(1) b) GDPR, if processing is necessary for the performance of a
contract or for the implementation of pre-contractual measures.

The data will be deleted as soon as the enquiry, including any queries, has
been answered. We will check at regular intervals, but at least every two
years, whether any data accumulated in connection with contacts must be
deleted.

Job applications

When users apply for a job, we process personal data for the purpose of the
application process. In addition to the data transmitted by the user, we also
process other data that is collected during the application process (e.g.
during a job interview). Should we include data in an applicant pool, this
will only be done on the basis of the user’s prior consent. In this case, the
data will be processed beyond the conclusion of the application procedure so
that contact can be established in the event of suitable job offers.

Applicant data will be deleted three months after completion of the
application procedure. In the event of inclusion in an applicant pool, the
data will be retained for a maximum of two years, unless the consent given is
revoked beforehand.

The legal basis for the processing is Art. 6 (1) b) GDPR. If consent is given
for inclusion in an applicant pool, the processing is based on Art. 6 (1) a)
GDPR. At the end of the application procedure, processing takes place on the
basis of Art. 6 (1) f) GDPR. Our legitimate interest consists in the defence
of possible claims under Allgemeines Gleichbehandlungsgesetz [German General
Equal Treatment Act].

Other third-party services

 

Matomo Analytics

We use Matomo Analytics to analyse the use of our website, an open source tool
that we run on our own server.

To be able to track user activities on the website, a cookie is placed on the
end device. The user’s IP address is automatically truncated. Among other
things, the approximate geographical location, end device, screen resolution,
browser and visited pages including the length of stay are evaluated.

Insofar as we obtain user consent, data processing is carried out on the legal
basis of Art. 6 (1) a) GDPR. Otherwise, the legal basis for the data
processing is Art. 6 (1) f) GDPR. Our legitimate interests are optimising our
website, improving our offers and online marketing.

Google Analytics

We use Google Analytics to analyse the use of our website. Provider: Google
Ireland Ltd., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5,
Ireland.

To be able to track user activities on the website, a cookie is placed on the
end device. We use Google Analytics with the extension anonymize IP.
The user’s IP address is automatically truncated before being transmitted to
servers in the USA. Among other things, the approximate geographical location,
end device, screen resolution, browser and visited pages including the length
of stay are evaluated.

Insofar as we obtain user consent, data processing is carried out on the legal
basis of Art. 6 (1) a) GDPR. Otherwise, the legal basis for the data
processing is Art. 6 (1) f) GDPR. Our legitimate interests are optimising our
website, improving our offers and online marketing.

The data collected by Google Analytics is automatically deleted after 14
months.

Opt-Out

Privacy Policy of Google Analytics

KeyCDN

We utilise the content delivery network (CDN) KeyCDN. Provider: proinity LLC,
Faerberstrasse 9, 8832 Wollerau, Schweiz.

Content is loaded from CDN servers. In order to establish a connection, it is
technically necessary to transmit the user’s IP address.

The legal basis for the processing is Art. 6 (1) f) GDPR. Our legitimate
interest is to improve the speed and availability of our website.

Proinity LLC is headquartered in Switzerland. The
European Commission has determined
that an adequate level of protection for personal data exists in Switzerland
(according to Art. 45 GDPR).

Privacy Policy of KeyCDN

LinkedIn

We integrate contents and buttons of the social network LinkedIn on our
website via a plugin. Provider: LinkedIn Corp., 1000 W. Maude Ave., Sunnyvale,
California 94085, USA.

To load content from LinkedIn, it is necessary to transfer the user’s IP
address to the company in terms of technology. If the user is logged in to
LinkedIn, the visit of a page can be attached to the account.

Insofar as we obtain user consent, data processing is carried out on the legal
basis of Art. 6 (1) a) GDPR. Otherwise, the legal basis for the data
processing is Art. 6 (1) f) GDPR. Our legitimate interest for the integration
of LinkedIn content and buttons is making our website user-friendly.

Privacy Policy of LinkedIn

Profiles in social networks

We are present in one or more social networks. In detail, these are: LinkedIn.
When contacting us, we process personal data as described above under
“Establishing contact”.

Social network providers process data according to their data protection
regulations, which can be accessed here:

 

If a user is logged in with an account, the activities on our profile in the
respective social network may be attached to said user. This can take place
across devices and without login as the case may be, for example when using
cookies or mobile identifiers. Social network providers use the data collected
to create pseudonymised user profiles, which they can use in particular to
display personalised advertising.

Rights of the data subject

Where personal data relating to a user is being processed, the user has the
following rights:

Right of access: The user has the right to obtain from the
controller confirmation as to whether or not personal data concerning him or
her are being processed, and, where that is the case, access to the personal
data and a copy of the personal data undergoing processing.

Right to rectification: The user has the right to obtain from
the controller without undue delay the rectification of inaccurate personal
data concerning him or her.

Right to erasure: The user has the right in accordance with
the law to obtain from the controller the erasure of personal data concerning
him or her without undue delay.

Right to restriction of processing: The user has the right in
accordance with the law to obtain from the controller restriction of
processing.

Right to data portability: The user has the right to receive
the personal data concerning him or her, which he or she has provided to a
controller, in a structured, commonly used and machine-readable format and has
the right in accordance with the law to transmit those data to another
controller.

Right to object: The user has the right to object, on grounds
relating to his or her particular situation, at any time to processing of
personal data concerning him or her which is based on point (e) or (f) of
Article 6 (1) GDPR, including profiling based on those provisions. Where
personal data are processed for direct marketing purposes, the user has the
right to object at any time to processing of personal data concerning him or
her for such marketing, which includes profiling to the extent that it is
related to such direct marketing.

Right to withdrawal: The user has the right to withdraw his
or her consent at any time.

Right to lodge a complaint: The user has the right to lodge a
complaint with a supervisory authority.

Last Updated: 20/12/2023