The Controller for processing of your personal data is G.A.M.E. If you wish to object to the processing of your data by G.A.M.E. in accordance with the data protection regulations, or object to individual measures, you can do so by sending your objection by e-mail or letter to the following points of contact: E-Mail: info@game-gmbh.com. Of course, you can at any time also obtain information free of charge about your personal data stored by us.

2.1 PERSONAL DATA

Personal data means any information that can be assigned to an identified natural person or to one who can be identified, directly or indirectly.

Personal data includes general personal data (e.g. name, address, data of birth, telephone number, e-mail address, etc.), bank details (account number, etc.), and data issued by authorities (e.g. driving license number, identity card number, passport number), evaluations (e.g. school reports and references from employers, etc.), online data (IP address, location data, etc.), customer data and supplier data and so forth.

2.2 COLLECTION, PROCESSING AND USE OF YOUR PERSONAL DATA

Data protection is very important to us. That is why, when processing your personal data, we adhere strictly to the statutory provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (FDPA), Telemedia Act (TMA) and the other data protection legislation in the European Economic Area (EAA) and in Switzerland.

The G.A.M.E. operates throughout German as an engineering service provider. As an adviser, driver of innovation and support provider, we are a competent development partner of German, Bulgarian and international companies. We support our customer along the whole process chain from inception to serial production. G.A.M.E. processes data in order to carry out advisory and development activities at or for G.A.M.E.’s customers and its group companies as well as all related ancillary business.

Your personal data will only be used for the purposes of advertising / market research and for the configuration of our services if you have explicitly granted us your consent thereto.

2.2.1 DESCRIPTION OF THE CATEGORIES OF PERSONS CONCERNED

In general, the only data collected is that needed for the fulfilment of the corporate purpose and contractual agreements. In essence, personal data is collected, processed and used in relation to the following categories of persons:

• Customer data: Personal identification data, and communication data are processed in order to fulfil the company purpose. Also in order to initiate business contacts and provide information to customers.
• Supplier data: Personal identification data, communication data are as well as payment data and bank details, are processed in order to fulfil the company purpose.
• Employee data: Personal identification data, Performance data (references e.g.), contract master data, insurance data, data on absences (due to illness), payment and bank details, tax and social insurance data, login data, communication data, data on travel bookings and expenses and the booking of vehicles are processed to implement and process the respective employment relationship.
• Applicant data: Personal identification data, performance data, payment and bank details as well as data on travel bookings (in case of booking via G.A.M.E.) of applicants are processed to initiate employment and for the further development of our internal systems.
• Website visitors: Usage data (pseudonymised profiles pursuant to section 15 TMA) is processed for statistical purposes and to improve the information provided on our website.
• Interested parties: Personal identification data, communication data and, where appropriate, commercial and financial information of parties interested in G.A.M.E. is only processed in order to fulfil the business purpose.
• Other personal data: Personal data of other business partners (e.g. system partners, chambers, associations, banks and authorities) is also processed in order to fulfil the business purpose.

2.2.2 RECIPIENTS OR CATEGORIES OF RECIPIENTS OF DATA

In general, the only data shared internally and externally is that needed for the fulfilment of the corporate purpose and the contractual agreements. These are mainly the following recipients:

• Service providers commissioned to assist in the correct performance of business (e.g. Suppliers to support administrative processes, including travel service providers for the execution of employees’ business trips, insurers in relation to claims arising from the employment relationship). The legal basis is either Art. 28 GDPR in the case of order processing or, where appropriate, § 26 FDPA (in conjunction with Art. 88 GDPR) for the purposes of initiating or executing a business relationship with you
• External bodies for the fulfilment of the purposes mentioned under 2 (e.g. customers, customers and suppliers for the implementation of projects, banks for the payment of salaries, tax consultants and auditors). The legal basis is generally § 26 FDPA (in conjunction with Art. 88 GDPR) for the initiation or implementation of an employment relationship with the employees or Art. 6(1) letter f GDPR in relation to the Group’s general obligations such as tax returns, audits of annual accounts, etc.
• Public authorities in the event of overriding statutory provisions (e.g. social security institutions, financial authorities). The legal basis for this is Art. 6(1) letter c GDPR in conjunction with the respective legislation, in particular employment legislation and social welfare law.

No personal data is transmitted to third countries. Should this be necessary for project reasons, we will adhere strictly to the statutory requirements for appropriate guarantees as a precondition for the transmission of data to third countries pursuant to Art. 46 GDPR. The measures adopted by us are (in this sequence), (i) data is transmitted to a third country recognised by the EU Commission in accordance with Art. 45 GDPR, (ii) in the case of the USA, data is transmitted to a company certified under the EU-US Privacy Shield (www.privacyshield.gov), or (iii) otherwise data is transmitted to companies in accordance with the standard data protection clauses recognised by the EU Commission pursuant to Art. 46(2) letter c GDPR.

2.3 COLLECTION OF DATA WHEN YOU VISIT OUR WEBSITE

When you access our website, information of a general nature is automatically collected. This information (server log files) includes the browser type, the operating system used, the domain names of your internet service provider, and similar. This is exclusively information that permits no conclusions to be drawn regarding you as an individual. This information is needed for technical reasons in order to correctly delivery website content requested by you and is an integral component of internet usage. Anonymous information of this type analysed statistically in order to optimise our website and the technology behind it. The legal basis is our legitimate interest in providing the services of our website pursuant to Art. 6(1) letter f GDPR.

2.4 CONTACT FORM

Should you contact us by e-mail or using a contact form, the information you provide is stored for the purposes of processing your enquiry and responding to possible follow-on questions. The legal basis is our legitimate interest in providing the services of our website pursuant to Art. 6(1) letter f GDPR, and in responding to an enquiry made by you within the meaning of Art. 6(1) letter b GDPR.

2.5 DATA PROTECTION INFORMATION FOR APPLICANTS

Should you apply to G.A.M.E. in the hope of entering an employment relationship with G.A.M.E., G.A.M.E. processes your personal data, provided by you to us as part of your application, in order to initiate and, where appropriate, execute the contract. The legal basis for this in each case is § 26 FDPA (in conjunction with Art. 88 GDPR) for the purposes of initiating or executing an employment relationship.

Of necessity, this is the data provided by you, such as the title, name, address, e-mail address and telephone number as well as information regarding your training and further education, professional experience, knowledge in the sense of additional qualifications, preferences in relation to employment by G.A.M.E. including your occupational field, preferred work location and working hours, etc.

The following categories of data are collected:

• Personal identification data and contract master data (e.g. name, postal address, e-mail address, telephone number)
• (Work) preferences (e.g. occupational field, form of employment)
• Training, professional experience, knowledge
• Application documents (e.g. certificates, references, CV, photo)
• Usage and inventory data (e.g. IP address, name of the file retrieved, data and time of retrieval, data volume transferred, notification of successful retrieval, browser, original domain).

Furthermore, we use your e-mail address to contact you when we conduct internal surveys with a view to improving quality at G.A.M.E. Participation in the surveys is voluntary and the results are only used once they have been rendered anonymous.

This personal data is also processed for the purpose of compliance with laws and regulations, such as employment legislation, tax and social welfare law, as well as international sanction regulations (e.g. EU anti-terrorism directive).

2.5.1 APPLICATION OR CONTACT AT TRADE FAIRS

Should you contact us in person at trade fairs with your application and provide us with personal data in your application documents for that purpose, we will use the data provided by you exclusively within the application process and only then store it in our personalised database.

2.5.2 APPLICATION BY OTHER MEANS (E.G. BY E-MAIL):

Should you contact us in another way (e.g. by e-mail) with your application and provide us with personal data in your application documents for that purpose, we will use the data provided by you exclusively within the application process.

2.6 INFORMATION ON DATA PROTECTION FOR COSTOMERS AND SUPPLIERS

We process personal data as part of our business relationship with customers and suppliers, or prospective customers and suppliers. If you have a business relationship with G.A.M.E. or are involved in negotiations regarding a possible business relationship with G.A.M.E., G.A.M.E. processes your personal data, which you have provided us with, for the purposes of initiating and, where appropriate, executing contracts.

Data is also processed for the purposes of invoicing, accounting, project management and the maintenance of the ongoing business relationship. In each case, the legal basis is Art. 6(1) letter b GDPR.

The following categories of data are collected:

• Personal identification data and contract master data (e.g. name, postal address, e-mail address, phone number) of business partners and their contact persons
• Order and invoice data
• Payment data and bank details
• Communication
• Data for and about advertising and direct marketing

Data is also processed for the purposes of invoicing, accounting, project management and the maintenance of the ongoing business relationship, including for advertising and direct marketing. The legal basis for this is, in each case, Art. 6(1) letter b GDPR in relation to the conclusion, execution and handling of contracts as well as Art. 6(1) letter f GDPR in relation to our legitimate interests, for example in bookkeeping and direct marketing.

This personal data is also processed for the purpose of compliance with laws and regulations, such as employment legislation, tax and social welfare law, Money Laundering Act as well as international sanction regulations (e.g. EU anti-terrorism directive). The legal basis is Art. 6(1) letter c GDPR in conjunction with the respective provision of national law.

G.A.M.E. itself collects and stores the data. Your data is neither sold nor provided to other unauthorised third parties. G.A.M.E. assures you that the data will only be forwarded within the G.A.M.E. and to customers, limited respectively to the scope necessary for the
achievement of the purpose:

3.1 TO INITIATE CONTRACTS

Your data will only be forwarded to customers to the extent that this is necessary for the hirers within the framework of temporary employment for the acquisition of activities. Applications in the areas of back office and business management are not affected by this.

3.2 TO EXECUTE CONTRACTS

Insofar necessary for the purpose of implementing your work relationship with G.A.M.E., your personal data is transmitted to the third parties necessarily involved in the contract execution (customers and suppliers).

3.3 WITHIN THE FRAMEWORK OF OUR BUSINESS PURPOSES OR WHEN PERMITTED OR REQUIRED BY STATUTE

We can forward information about you to third parties for business reasons or when permitted or required to do so by statute. The data is also only communicated to state institutions or authorities entitled to receive such information within the scope of the statutory obligations to furnish information or where G.A.M.E. is obliged to communicate it by court order.

We employ state-of-the-art encryption processes (e.g. SSL) to protect your data during transfer using HTTPS.

We adhere to the principles of data avoidance and data minimisation. We store your personal data only for as long as is necessary to fulfil the purposes described here or for the various retention periods stipulated by the legislator. When the respective purpose no longer exists or the retention periods have expired, the corresponding data is routinely blocked or erased in accordance with the statutory regulations.

You have the right at any time to receive information about any of your personal data stored by us. You also have the right to rectification, blocking or, except for data storage required for the performance of business, erasure of your personal data. Furthermore you have a right to have data transferred in a structured, customary and machine-readable format if you have provided that data on the basis of a consent or on the basis of a contract between you and us. You have a right to object on the basis of processing based on a legitimate interest; we retain the right to provide you with our compelling grounds (Art. 21(1) GDPR). We indicated above when this right exists. If you wish to assert these rights, please contact our data protection officer. You will find the contact details above.

So that the blocking of data can be considered at any time, that data must be kept available in a ‘blocking file’ for checking purposes. You can also request the erasure of data, provided it is not subject to a statutory obligation to archive data. If such an obligation exists, we will block your data at your request.

You can request changes or withdraw a consent with effect for the future by sending a corresponding communication to us.

Please contact us at info@game-gmbh.com if you wish to exercise these rights. If you would like to apply to receive detailed information about all your personal data stored by G.A.M.E., you must send us proof of your identity including a photograph.

We take physical, technical and administrative security measures in order to protect your personal data appropriately against loss, misuse, unauthorised access and sharing and change. These security measures include firewalls, data encryption, physical restrictions on access to our computer centres, and rights controls on access to data.

On our website we use social media plugins of the social networks Xing, LinkedIn and Kununu. The social media plugins can be identified from the logo of the respective social media network.

XING AG (Gänsemarkt 43 – 20354 Hamburg – Germany)

LinkedIn Corp. (2029 Stierlin Court – Mountain View – CA 94043 – USA)

Kununu GmbH (Neutorgasse 4-8, Top 3.02 – 1010 Vienna – Austria)

The social media plugins on our website are deactivated unless you activate them. To be able to use the social media plugins you must activate them by clicking the corresponding button. No data will be transferred to the social network if the social media plugin is not activated. After it has been activated, the social media plugin established a connection with the social media network’s servers and remains active until you deactivate it again or delete your corresponding cookies. Activation establishes a direct connection with the servers of the respective social media network. The content of the social media plugin is transmitted by the social media network directly to your browser, which integrates it into the website visited. We therefore have no influence on the scope of the data collected by the social media plugin.

More information about the purpose and scope of data collection as well as the further processing and use of the data by the respective social media network, your rights in respect of this and the possibilities to alter settings in order to protect your privacy can be found in the data protection policies of the social media networks.

Xing: https://www.xing.com/privacy

LinkedIn: http://de.linkedin.com/legal/privacy-policy

Kununu: https://www.kununu.com/de/info/datenschutz