The data protection assertion of the Taskiy is built on the terms used by the European legislator for the acceptance of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible for the general public, as well as our users and business partners. To make sure this, we would like to first describe the terminologies being used.
We use the following terms in this privacy policy declaration:
Personal data means any detail involving to an identified individual. An identifiable individual is one who can be identified, directly or indirectly, in particular with reference to an identifier such as a name, location data, or more factors specific to the physical, physiological, economic or social identity of that person.
An individual is any identified or identifiable person, whose personal data is processed by the organizer accountable for the processing.
Processing is any operation or set of operations that is executed on personal data, whether or not by programmed means, such as collection, recording, organization, storage, adaptation, alteration, retrieval, consultation, usage, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing is the motif of stored personal data with the purpose of restricting their processing in the future.
Profiling means any format of programmed processing of personal data containing the usage of personal data to assess certain personal aspects concerning a person, in particular to analyze or forecast features concerning that person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be endorsed to a specific individual without using supplementary data, only if such supplementary data is kept distinctly and is subject to technical and organizational measures to make sure that the personal data are not attributed to an identified person.
Controller responsible for the processing is a person, public authority, agency or other group which, alone or conjointly with others, defines the purposes and means of the processing of personal data; where the purposes and means of such processing are defined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor is a person, public authority, agency or other group which processes personal data on behalf of the controller.
Recipient is a person, public authority, agency or another group, to which the personal data are revealed, whether a third party or not. Though, public authorities which may get personal data in the basis of a particular inquiry in accordance with Union or Member State law shall not be considered as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules depending on the purposes of the processing.
Third party is a person, public authority, agency or group other than the data subject, controller, and persons who, beneath the direct power of the controller, are authorized to process personal data.
Consent of an individual is any given without restrictions, precise, well-versed and definite indication of an individual's wishes by which he or she, by a statement or by a clear agreeing action, indicates agreement to the processing of personal data relating to him or her.
Controller for the purposes of the General Data Protection Regulation (GDPR), added privacy laws applicable in Member states of the European Union and other provisions correlated to data protection is:
Taskiy GmbHThe website pages of the Taskiy use cookiesin the form of text files that are stored in a computer system through an internet browser.
Many websites and servers use cookies comprising a so-called cookie ID. A cookie ID is a irreplaceable identifier of the cookie. It comprises of a character string by which website pages and servers can be allocated to the specific internet browser in which the cookie was stored. This permits visited websites and servers to segregate the individual browser of an individual from other internet browsers which comprises other cookies. A specific internet browser can be identified with the use of the unique cookie ID.
Over the use of cookies, the Taskiy can provide the users of this website with more user-friendly services which is not possible without the cookie setting.
By means of a cookie, the data and offers on our website can be enhanced with the user in mind. Cookies let us, as previously mentioned, to identify our website users. The purpose of this recognition is to make it easier for users to make use of our website. The website user that uses cookies e.g. does not have to provide access data every single time the website is accessed, as this is taken over by the website, and the cookie is hence stored on the user's computer.
An individual may, at any point of time, stop the setting of cookies through our website by means of an equivalent setting of the web browser used, and may accordingly always deny the setting of cookies. Moreover, already set cookies may be removed at any time by a web browser. This is possible in all popular web browsers. If an individual disables the setting of cookies in the web browser used, not all utilities of our website may be completely usable.
The website of the Taskiy gathers a series of general information when an individual or automated system accesses the website. This general information is stored in the server log files. Together may be (1) the browser versions and types used, (2) the operating system used by getting access to the system, (3) the website from which an source system gets our website, (4) the date and time of access to the website, (5) an IP address, (6) the Internet service provider of the source system, and (7) any other related information which may be used in the event of spasms on our information technology systems.
While using this general information, the Taskiy does not draw any conclusions about an indiidual. Relatively, this information is required to (1) convey the content of our website properly, (2) enhance the content of our website, (3) making sure the long-term feasibility of our website technology, and (4) provide law enforcement experts with the information required for criminal prosecution in case of a cyber-attack. Hence, the Taskiy examines anonymously gathered information statistically, with the target of increasing the data protection and data security of our organization, and to make sure a best level of protection for the personal data we process. The anonymous data of the server log files are stored independently from all personal data provided by an individual.
An individual has the option to register on the website with the indication of personal data. Which personal data are transferred to the controller is decided by the corresponding input mask being used for the registration. The personal data entered by an individual are gathered and stored completely for internal use by the controller. The controller may request transmission to one or more processors which also utilizes personal data for an internal purpose.
By registering on the website, the IP address allocated by the Internet service provider (ISP) and used by an individual date, and time of the registration are also stored. The storage of this data takes place beside the circumstance that this is the single way to avoid the exploitation of our services, and, if necessary, to make it possible to investigate committed offenses. Thus, the storage of this data is compulsory to secure the controller. This data is not passed on to third parties unless there is a legal requirement to pass on the data, or if the transmission attends the purpose of criminal prosecution.
The registration of an individual, with the intended indication of personal data, is anticipated to qualify the controller to offer an individual service that may only be provided to registered users because of the nature of the matter in question. Registered individuals are allowed to modify the personal data specified all through the registration at any time, or to have them totally removed from the data stock of the controller.
The data controller shall, at any time, offer information on demand to each individual as to what personal data are stored about the individual. Moreover, the data controller shall correct or remove personal data at the demand or indication of an individual, in so far as there are no legal storage obligations. The completeness of the controller’s employees is accessible to an individual in this respect as contact persons.
The data controller shall process and store the personal data of an individual only for the duration required achieving the purpose of storage, or as far as this is approved by the European legislator or other legislators in regulations to which the controller is subject to.
If the storage purpose is not valid, or if storage duration prescribed by the European legislator or another competent legislator finishes, the personal data are usually blocked or removed in accordance with legal requirements.
Right of confirmation
Each individual shall have the right permitted by the European legislator to obtain from the controller the approval as to whether or not personal data regarding him or her are being processed. If an individual requests to gain himself of this right of confirmation, he or she may, at any time, contact any employee of the controller.
Right of access
Each individual shall have the right permitted by the European legislator to attain from the controller unrestricted information about his or her personal data stored at any time and a copy of this information. Moreover, the European regulations permit an individual access to the following information:
Moreover, an individual shall have a right to get information as to whether personal data are conveyed to a third country or to an international society. Where this is the case, an individual shall have the right to be well-versed of the proper safeguards concerning to the transmission.
If an individual needs to gain himself of this right of access, he or she may, at any time, contact any employee of the controller.
Right to rectification
Each individual shall have the right permitted by the European legislator to obtain from the controller without excessive delay the modification of incorrect personal data relating to him or her. Taking into account the purposes of the processing, an individual shall have the right to have inadequate personal data completed, comprising by means of providing a additional statement.
If an individual demands to use this right to modification, he or she may, at any time, contact any employee of the controller.
Right to erasure (Right to be forgotten)
Each individual shall have the right permitted by the European legislator to obtain from the controller the removal of personal data relating to him or her without excessive delay, and the controller shall have the obligation to remove personal data without excessive delay where one of the following bases applies, as long as the processing is not required:
If one of the above-mentioned reasons applies, and an individual demands the removal of personal data stored by the Taskiy, he or she may, at any time, contact any employee of the controller. An employee of Taskiy shall on time make sure that the removal request is conformed with directly.
Where the controller has made personal data public and is obliged pursuant to Article 17(1) to remove the personal data, the controller, taking responsibility of present in-use technology and the cost of implementation, shall take realistic steps, with technical measures, to notify other controllers processing the personal data that an individual has demanded removal by such controllers of any links to, or copy or repetition of, those personal data, as far as processing is not necessary. Employees of the Taskiy will organize the required measures in individual cases.
Right of restriction of processing
Each individual shall have the right permitted by the European legislator to get from the controller constraint of processing where one of the following relates:
If one of the above-mentioned situations is seen, and an individual demands the limitation of the processing of personal data stored by the Taskiy, he or she may at any time contact any employee of the controller. The employee of the Taskiy will organize the limitation of the processing.
Right to data portability
Each individual shall have the right permitted by the European legislator, to get the personal data relating to him or her, which was provided to a controller, in an organized, usually used and machine-readable layout. He or she shall have the right to transfer those data to the other controller with no interference from the controller to which the personal data have been given, as long as the processing is depended on approval pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is approved out by programmed means, as long as the processing is not needed for the performance of a task carried out in the public interest or in the implementation of official authority vested in the controller.
Moreover, in implementing his or her right to data portability pursuant to Article 20(1) of the GDPR, an individual shall have the right to have personal data transferred straight from one controller to the other, where technically realistic and when doing so does not harmfully affect the rights and freedoms of others.
In order to emphasize the right to data portability, an individual may, at any time, contact any employee of the Taskiy.
Right to object
Each individual shall have the right permitted by the European legislator to object, on bases concerning to his or her specific situation, at any time, to processing of personal data relating to him or her, which is depended on point (e) or (f) of Article 6(1) of the GDPR. This is also applicable to profiling depended on these provisions.
The Taskiy shall no longer process the personal data in the occurrence of the complaint, unless we can exhibit convincing legitimate bases for the processing which overrule the interests, rights and freedoms of an individual, or for the formation, implementation or protection of legal claims.
If the Taskiy processes personal data for straight marketing purposes, an individual shall have the right to object, at any time, to processing of personal data relating to him or her for such marketing. This is applicable to profiling to the level that it is correlated to such direct marketing. If an individual objects to the Taskiy to the processing for straight marketing purposes, the Taskiy will no longer process the personal data for foresaid purposes.
Additionally, an individual has the right, on bases of his or her specific condition, to object to processing of personal data relating to him or her by the Taskiy for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is required for the presentation of a task approved for reasons of public interest.
In order to implementing the right to object, an individual may contact any employee of the Taskiy. Moreover, an individual is allowed in the context of the use of information society services, and though Directive 2002/58/EC, to use his or her right to object by programmed means with the use of technical specifications.
Automated individual decision-making, comprising profiling
Each individual shall have the right permitted by the European legislator not to be subject to a decision based only on programmed processing, comprising profiling, which produces legal effects relating to him or her, or equally expressively affects him or her, as long as the decision (1) is not is required for entering into, or the performance of, a contract between individual and a data controller, or (2) is not sanctioned by Union or Member State law to which the controller is subject and which also lays down appropriate actions to safeguard an individual's rights and freedoms and legitimate interests, or (3) is not depend on an individual's clear consent.
If the decision (1) is required to get into, or the performance of, a contract between an individual and a data controller, or (2) it is based on an individual's clear consent, the Taskiy shall execute appropriate procedures to safeguard an individual's rights and freedoms and legitimate interests, at least the right to obtain human interference on the part of the controller, to show his or her point of view and challenge the decision.
If an individual demands to implement the rights relating to programmed specific decision-making, he or she may, at any time, contact any employee of the Taskiy.
Right to withdraw data protection consent
Each individual shall have the right permitted by the European legislator to take back his or her permission to processing of his or her personal data at any time.
If an individual demands to implement the right to take back the permission, he or she may, at any time, contact any employee of the Taskiy.
The data controller shall gather and process the personal data of users for the purpose of the processing of the application procedure. The processing may also be worked on electronically. This is the case, in particular, if a user submits equivalent application documents by e-mail or by means of a web form on the website to the controller. If the data controller accomplishes an employment contract with a user, the submitted data will be stored for the purpose of processing the employment relationship in agreement with legal necessities. If no employment contract is determined with the user by the controller, the application documents shall be automatically removed two months after announcement of the denial decision, on condition that no other legitimate interests of the controller are contrasting to the removal.
Art. 6(1) lit. a GDPR assists as the legal base for processing actions for which we acquire permission for a precise processing purpose. If the processing of personal data is required for the performance of a contract to which an individual is gathering, as is the case, for example, when processing operations are required for the supply of any service, the processing is built on Article 6(1) lit. b GDPR. The same is applicable to such processing actions which are essential for carrying out pre-contractual measures, for example in the case of inquiries relating to our services. Is our company subject to a legal responsibility by which processing of personal data is essential, such as for the satisfaction of tax requirements, the processing is depended on Art. 6(1) lit. c GDPR. In occasional cases, the processing of personal data may be required to defend the vital interests of an individual or of othe other person. This would be the case, for example, if users were injured in our company and his name, age, health insurance data or other vital information would have to be delivered on to a doctor, hospital or other third party. At this time the processing would be depended on Art. 6(1) lit. d GDPR. Lastly, processing actions could be depended on Article 6(1) lit. f GDPR. This legal basis is being utilized for processing actions that are not enclosed by any of the aforementioned legal bases, if processing is required for the purposes of the legitimate interests tracked by our company or by a third party, excluding where such interests are overruled by the interests or ultimate rights and freedoms of an individual that needs protection of personal data. Such processing actions are mainly allowable because they have been precisely stated by the European legislator. He considered that a legitimate interest could be anticipated if an individual is a client of the controller.
Where the processing of personal data is depended on Article 6(1) lit. f GDPR our legitimate interest is to bring out our business in favor of the comfort of all our employees and the shareholders.
The standards used to define the period of storage of personal data are the corresponding constitutional retention period. After termination of that duration, the conforming data is usually removed, as long as it is no longer required for the fulfillment of the contract or the commencement of a contract.
We make clear that the provision of personal data is somewhat needed by law (e.g. tax regulations) or can also result from predetermined contractual provisions (e.g. information on the contractual partner). Occasionally it may be required to determine a contract that an individual provides us with personal data, which must afterwards be processed by us. An individual is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with an individual could not be established. Formerly personal data is provided by an individual, an individual must contact any employee. The employee clarifies to an individual if in case the provision of the personal data is essential by law or contract or is required for the closing of the contract, whether there is a requirement to provide the personal data and the consequences of non-provision of the personal data.
Being a responsible company, we do not use programmed decision-making or profiling.