The protection of your personal data is particularly important to us. You can therefore use our website without providing such data. However, if you wish to make use of certain offers or services of our website, this may result in the processing of your personal data in individual cases. In this context, we obtain your consent if there is no legal basis for such data processing, but the processing is necessary for the use of our website.
As the controller, we have initiated a number of technical and organizational measures (TOMs) in order to be able to offer you the fullest possible protection of your personal data when using our website. However, we would like to point out here that data transmission on the Internet may have fundamental security gaps and that we cannot guarantee absolute protection for this reason. You therefore have the option at any time to transmit personal data to us by other means (for example, by telephone or post).
Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more special features that express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject is any identified or identifiable natural person whose personal data are processed by the controller.
Processing means any operation or set of operations performed on personal data, with or without the aid of automated procedures, such as collection, recording, organisation, ordering, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination , restriction, deletion or destruction.
Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.
Profiling is any type of automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movement of that natural person.
Pseudonymisation means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not assigned to an identified or identifiable natural person.
Controller or controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law.
Processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, public authorities which may receive personal data in the context of a specific investigation mandate under Union or Member State law shall not be considered as recipients.
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct responsibility of the controller or processor, are authorised to process the personal data.
Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data concerning him or her.
Controller within the meaning of the GDPR is:
Der Ministerpräsident des Landes Schleswig-Holstein
Zentrales IT-Management der Landesregierung
Data Protection Officer
The data protection officer is:
Data Protection Officer of ZIT SH
Data subjects can contact our data protection officer at any time with concerns about data protection.
By using cookies, we can provide user-friendly services via our website and constantly improve and optimize the offers and information on our website. The purpose of recognition and identification is therefore to simplify the use of our website.
You can prevent the setting of cookies at any time by making appropriate settings in your browser and in this way permanently object to the setting of cookies. You also have the option of deleting cookies that have already been set within your browser. If you object to the setting of cookies in this way, not all functions of our website may be fully available.
General Information and Data Collection
When you access our website, general information and data are collected and stored in so-called log files of our server. These are usually
- type of browser accessed and its version,
- operating system to be accessed,
- referrer URL (website from which our site was redirected),
- ofpages accessed,
- date and time of access,
- IP address (Internet protocol address),
- ISP of the accessing system (Internet service provider) and
- the above-called data and information similar data and information that we need to defend against cyber attacks and other attacks on our IT systems.
We use this information without drawing any conclusions about the person concerned, but need it to
- to depict and maintain the content of our website correctly and truthfully,
- to gradually improve the content of our website and the advertising for it
- to ensure and guarantee the general functionality and operability of our website and our IT systems and
- to be able to provide the prosecuting authorities with appropriate information in the event of criminal offences in connection with our website.
The purpose of the processing is therefore the statistical evaluation as well as the increase of data and IT security.
We store the above-called log file data anonymously and separately from possible other personal data of the data subject.
Registration function of our website
On our website we offer the possibility to register by providing personal data. Which specific data is transmitted to us as the person responsible is determined by the respective input field. We use the data transmitted in this regard exclusively internally and store it only for our own purposes. In the case of the transmission of this personal data to processors, we ensure that they also use the data only internally and, if there is no other legal basis, obtain the consent of the data subject, if necessary.
In addition to the personal data requested by the input fields, we also collect and store the IP address of the registerer and the date and time of registration. In this way, we want to ensure that possible misuse of our services is prevented and, in case of doubt, we are able to investigate any crimes that may have been committed. We do not pass on this data to third parties, unless we are obliged to do so by law or the disclosure serves purposes of criminal prosecution.
Through the registration function and the associated voluntary provision of personal data of the data subject, we can offer them services and content via our website that, by their nature, can only be offered to registered users. Data subjects have the possibility at any time to have the data provided by them changed or deleted by the controller.
We provide data subjects with information at any time and on request about which specific personal data we have stored. At the request of the data subject, we will also delete or correct his or her personal data, provided that deletion does not conflict with any statutory retention obligations.
We offer users of our website the opportunity to subscribe to our company's newsletter. Which of your personal data is transmitted to us in this context can be found in the corresponding input field.
The possibility to receive our newsletter only exists under the following conditions:
- The data subject has a valid and functional e-mail address
- The data subject has registered for our newsletter in the so-called double opt-in procedure
For legally mandatory reasons, we will initially send the data subject a confirmation e-mail for the double opt-in procedure to the e-mail address entered by him. In this way, we check whether the data subject, who is the owner of the e-mail address, has consented to receive the newsletter.
When registering for the newsletter, we also collect and store the IP address of the data subject, the date and time of registration and the operating system used for this purpose. The collection and storage of this information is necessary in order to be able to trace a possible misuse of the e-mail address of the person concerned and to legally secure oneself in this way.
We use the data collected with a view to registering for our newsletter exclusively in connection with our newsletter. In addition, we reserve the right to inform the subscriber of the newsletter by e-mail in the event of technical difficulties, changes to our newsletter offer or other events relevant to the newsletter. The data collected in the context of our newsletter will not be passed on to third parties.
The data subject can cancel the subscription to our newsletter at any time and revoke his consent to the collection, use and storage of his personal data at any time. For this purpose, our newsletter usually contains a corresponding unsubscribe link. Irrespective of this, the data subject can inform us at any time of his decision to no longer receive the newsletter in another way (e.B. by e-mail or in writing).
Newsletter tracking function
For statistical purposes and for the evaluation of our newsletter marketing, our newsletters have a tracking function. For this purpose, our newsletters contain so-called tracking pixels, i.e. miniature graphics that enable log file recording and analysis. In this way, we can recognize, for example, whether and, if so, when our newsletter has been opened by the data subject and which links contained therein have been clicked.
The collection and processing of data determined in this way serves the purpose of optimising and constantly improving our online marketing and newsletter dispatch. The relevant data will not be passed on to third parties.
Data subjects have the right to revoke the consent given to receive the newsletter at any time. We consider unsubscribing from the newsletter as such a revocation and will then delete all personal data of the data subject stored in relation to the newsletter.
Contact form function
Due to telemedia law requirements, our website contains an e-mail address and a contact form that enable a quick electronic contact with us. If you contact us using these communication tools, the personal data you provide will be stored for the purpose of processing and answering your request as well as for contacting us. This data will not be passed on to third parties.
Blog with comment function
Our website contains an electronic weblog book (blog) on which we regularly publish articles and up-to-date information. This blog offers visitors to our website the opportunity to write comments on published contributions. If you use this comment function, in addition to the comment itself and the time of commenting, the pseudonym chosen by the user will also be stored and published. Furthermore, for reasons of IT security and in the event that a comment contains illegal content or violates the rights of third parties, we log and store the IP address of the commenter. The personal data collected in this way will not be passed on to third parties, unless such disclosure serves our legal prosecution, criminal prosecution or is otherwise required by law.
Subscription function of blog comments
Our blog offers the possibility to subscribe to comments made by third parties. For example, a commenter can subscribe to the other comments made on his comment.
The person who wants to subscribe to comments receives a confirmation e-mail automatically generated by the system, which is used in the so-called double opt-in procedure to check whether the owner of the specified e-mail address actually wants to subscribe to the comments. The subscription to comments can be terminated at any time.
Rights of data subjects
Right to confirmation and information
Every data subject has the right to request confirmation from the controller as to whether he is processing them concerning personal data. If this is the case, the data subject also has the right to request information free of charge about the personal data stored about him or her and to receive a copy of them. In particular, the data subject may request information on the following information:
- the purposes of the processing
- the categories of personal data
- the recipients or categories of recipients to whom the personal data have been or will be disclosed
- the storage period (if possible) or the criteria for determining the storage period
- the existence of a right to rectification, a right to erasure, a right to restriction of processing, a right to object to processing and a right of appeal to the data protection authority
- if the data is collected from third parties (i.e. not from the data subject himself), information about the origin of the data
- ggf. about the existence of automated individual decisions including profiling and corresponding detailed information about the logic underlying profiling and the extent and impact on the data subject
- g. about the transfer of personal data data to a third country or an international organisation and, if so, the appropriate safeguards in respect of such transfer
Right to rectification
Data subjects may request from the controller the correction of inaccurate personal data concerning them. This includes the right to request the completion of personal data concerning them by means of a supplementary declaration.
Right to erasure ("to be forgotten")
Data subjects have the right to request from the controller the erasure of personal data concerning them, unless a legal provision precludes or the processing is necessary and
- the data are no longer necessary for the processing purpose for which they were originally collected
- the data subject withdraws his consent and there is no other legal basis for further processing
- the data subject objects to the processing (Art. 21 para. 1 GDPR) and there are no overriding legitimate interests for further processing or the data subject objects to the processing pursuant to Art. 21 para. 2 GDPR
- the data have been unlawfully processed
- the erasure is required by a legal obligation to which the controller is subject
- the data have been collected in connection with information society services offered pursuant to Article 8 (1) GDPR
If the personal data subject to the deletion obligation have been made public, we will take appropriate measures, taking into account the costs and available technical means, to inform other controllers that the controller has requested the deletion of all links to and reproductions of this data. This does not apply if and to the extent that further processing is necessary.
Right to restriction of processing
Data subjects have the right to request from the controller the restriction of processing if
- the data subject disputes the accuracy of the personal data for the period of time required by the verification
- the processing is unlawful, but the data subject refuses to erase it and instead requests restricted processing
- the controller no longer needs the data for his processing purposes, but the data subject needs them to exercise, assert or defend legal claims
- the data subject has objected to the processing pursuant to Article 21 (1) GDPR, but it has not yet been determined whether legitimate interests of the controller prevail
Right to data portability(s)
Data subjects have the right to receive from the controller the personal data that they have provided to him in a common, structured and machine-readable format. Data subjects also have the right to have this data transmitted by the controller to another controller without hindrance by the controller or to transmit it themselves, provided that the processing is based on consent pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit.b GDPR and the processing is based on an automated procedure. This shall not apply if the processing by the original controller is necessary for the performance of a public task entrusted to him or if the transfer from the original to the new controller cannot be technically realized or if the rights and freedoms of other persons are adversely affected.
Right to object
Data subjects have the right, on grounds relating to their particular situation, to object to the processing of their personal data if they are processed on the legal basis of Article 6(1)(e) or (f). This also applies to profiling.
If the data subject raises such an objection, we will no longer process the personal data in question, unless we can demonstrate the rights, freedoms and interests of the data subject to overriding legitimate interests for further processing or the further processing serves our legal defence or the establishment or exercise of legal claims.
If the data processing is carried out on our part for direct marketing purposes, the data subject has a right of objection at any time, which also refers to profiling, as long as and to the extent that it is related to direct advertising.
If the data subject raises such an objection to direct marketing, we will no longer process the personal data concerned.
In addition, data subjects have the right, on grounds arising from their particular situation, to object to the processing of their personal data for scientific, statistical or historical purposes (Art. 89 para. 1 GDPR). This does not apply if the processing is in the public interest and is necessary for the performance of a related task.
Right not to be subject to automated individual decision-making, including profiling
Data subjects have the right not to be subject to a decision based solely on automated processing of personal data concerning them, including profiling, which has legal effects vis-à-vis them or is otherwise similarly significant and affects them. This does not apply if
- so such a decision is necessary for the conclusion or performance of a contract between the data subject and the controller
- such a decision is permissible under the law to which the controller is subject and this right provides adequate safeguards for the rights, freedoms and legitimate interests of the data subject
- the data subject has expressly consented
If an automated individual decision is necessary for the fulfilment or initiation of the contract or if it is based on consent, we take measures to protect the rights, freedoms and legitimate interests of the data subject. This includes the right of the data subject to request the intervention of a person from the controller, to be able to express his or her own point of view and to contest the decision.
Right to withdraw consent
Data subjects have the right to revoke their consent to the processing of personal data at any time.
Contact person for data subjects
In order to exercise the rights of data subjects mentioned in this section, data subjects may in principle contact any of our employees.
Data protection in the application process
We process personal data of applicants in the context of the job offers advertised by us or in the case of unsolicited applications for the purposes of the application process. This can be done electronically, which is the case in particular if the applicant submits his documents to us electronically by e-mail or, if necessary, via a web form offered for this purpose.
If such an application leads to the conclusion of an employment relationship between the data subject and the person responsible, the data will be stored in compliance with legal regulations for the purpose of processing the employment relationship.
If such an application does not result in the conclusion of an employment relationship, the data will be deleted by the controller after six months at the latest. This does not apply if a longer storage of the data is in the legitimate interest of the controller (for example, for legal defense in proceedings under the AGG).
Our website uses components of the social network Facebook. This is an online community that allows users to virtually interact and communicate with each other. For this purpose, users network via friend requests and create profiles that contain private information and other data, such as photos, videos, etc. Facebook also allows its members to provide personal or company-related information.
Facebook is operated by Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States of America.
Controller within the meaning of the GDPR, if the data subject lives within the European Union, is the company Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Republic of Ireland.
If the user of our website calls up a subpage on which the Facebook plugin is included, the user's browser automatically downloads a representation of this Facebook component. In this context, Facebook receives information about which subpage the user has accessed.
An overview of all available Facebook plugins can be viewed here: https://www.developers.facebook.com/docs/plugins/?locale=de_DE
If the user is simultaneously a member of Facebook and is logged in to Facebook during the visit to our website, Facebook recognizes which subpages of our website he visits and assigns this data to his Facebook profile. This also happens if the data subject clicks on a "Like" button or makes a comment using the components offered on our website.
The user can prevent the transmission of this data to Facebook if he ends his session with Facebook before visiting our website and logs out.
We would like to point out that there is a possibility that the general data and information mentioned in section 6 of this data protection declaration will be transmitted to the provider and that the provider will store it.
Facebook also provides documentation on which specific setting options are offered for data protection and the protection of the privacy of users.
In addition, applications are available on the Internet by means of which data subjects can suppress and prevent the transmission of data to Facebook.
Our website uses components of the short message and microblogging service <em>Twitter</em>. This is an online community through which users can post and share short messages limited to 280 characters, including photos or videos, with other users (followers).
Twitter is operated by Twitter, Inc., 1355 Market St., Suite 900, San Francisco, CA 94103, United States of America.
If the user of our website calls up a subpage on which the Twitter plugin is included, the user's browser automatically downloads a representation of this Twitter component. In this context, Twitter receives information about which subpage the user has accessed.
An overview of all available Twitter plugins and buttons can be viewed here: https://about.twitter.com/de/resources/buttons
If the user is simultaneously a member of Twitter and logged in to Twitter during the visit to our website, Twitter recognizes which subpages of our website he visits and assigns this data to his Twitter profile. This also happens if the data subject clicks on a Twitter button using the components offered on our website.
The user can prevent the transmission of this data to Twitter if he ends his session at Twitter before visiting our website and logs out.
We would like to point out that there is a possibility that the general data and information mentioned in section 6 of this data protection declaration will be transmitted to the provider and that the provider will store it.
Legal basis of processing
The legal basis of Art. 6 para. 1 lit. a) GDPR is relevant if the consent of the data subject to the processing of his or her personal data has been obtained.
Processing of personal data that serves the performance of a contract or to initiate a contract with the data subject is based on Art. 6 para. 1 lit.b) GDPR.
Processing of personal data is based on Art. 6 para. 1 lit.c) GDPR if it is carried out on the basis of legal obligations to which we are subject, such as the fulfillment of tax obligations.
Art. 6 para. 1 lit. d) GDPR is the basis for the processing of personal data if it is necessary to protect the vital interests of the data subject or another natural person. Such a case would be if a visitor were injured on our premises and we would then have to transmit his name, age, health insurance data or other vital data to a doctor or hospital.
Art. 6 para. lit. f) GDPR justifies the processing of personal data, which in each case find no basis in the previously mentioned and which is necessary to safeguard a legitimate interest of our company or a third party. In doing so, the interests, fundamental rights and freedoms of the data subject shall not prevail.
Legitimate interests in the processing pursued by the controller or a third party
In the case of processing of personal data on the basis of Art. 6 para. 1 lit. f GDPR, our legitimate interest is in a business activity that is oriented towards the well-being of our employees and shareholders.
Storage period of personal data
The benchmark for the duration of the storage of personal data is the legal retention period. After expiry of this period, the respective data will be routinely deleted if they are necessary for the fulfilment or initiation of the contract.
Legal or contractual provisions for the provision of the personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision
The provision of personal data may result from contractual (e.B. information about the contractual partner) or legal (e.B. tax regulations) obligations. Thus, it may result that a data subject provides personal data for the conclusion of a contract, which are subsequently processed by us. Thus, when concluding a contract with our company, a person may be obliged to provide personal data. In this case, a lack of provision of this data would lead to the conclusion of a contract becoming impossible.
Before providing personal data, the data subject may contact our company. We inform the data subject whether the provision of this data is contractually or legally required, is necessary for this and what concrete consequences a non-provision would have.
Existence of automated decision-making
We, as a responsible company, deliberately refrain from automated decision-making or profiling.