DATA PRIVACY POLICY
AES Aerospace Embedded Solutions GmbH appreciates your interest in our company and products. We take the protection of your personal data seriously and want you to feel comfortable visiting our web pages. We attach great importance to protecting your privacy while processing personal data, and take it into account in our business processes. We process personal data collected during visits to our websites in accordance with the applicable data protection and data security laws.
§ 1 CONTROLLER AND SCOPE OF APPLICATION
The controller in the sense of the General Data Protection Regulation and other national privacy laws of Member States as well as other privacy law provisions is
AES Aerospace Embedded Solutions GmbH
Friedenheimer Brücke 29
D-80639 München
This data privacy policy applies to the website of AES Aerospace Embedded Solutions GmbH (hereinafter called AES), accessible on https://www.aes.gmbh/ (hereinafter referred to as “AES-website”) and our career portal https://careers.aes.gmbh/ (hereinafter referred to as "Career Portal"). The AES-website and the Career Portal hereinafter collectively referred to as our “Websites".
§ 2 PRIVACY OFFICER
The data privacy officer can be reached at:
AES Aerospace Embedded Solutions GmbH
c/o Data Privacy Officer
Friedenheimer Brücke 29
D-80639 München
E-mail: dpo [at] aes.de
§ 3 WHAT ARE PERSONAL DATA?
Personal data are individual details about personal or factual situations of a specific or identifiable natural person (data subject). This includes information such as your name, address, phone number, date of birth, or e-mail address. Information with which we cannot (or can only with a disproportionate effort) establish a reference to your person, e.g. by making the information anonymous, is not personal data.
​
​
§ 4 GENERAL INFORMATION ON DATA PROCESSING
a) Scope
We only collect and use our users' personal data if and to the extent needed to provide a functional website as well as our contents and services. We use your personal data to provide the services you need, to answer your questions and to operate and improve our websites and applications.
Your personal data is not used for any other purpose, especially not for advertising purposes. Your personal data shall not be transferred to third parties without your consent, except in the cases described below, unless we are legally obliged to provide the data.
b) Legal basis
If we obtain the consent of the data subject to his/her process personal data, Art. 6, Section 1a, of the EU General Data Protection Regulation (GDPR) shall serve as the legal basis for processing said data. Art. 6, Section 1b, of the GDPR serves as legal basis for processing the personal data required to execute a contract to which the data subject is a party. Article 6, Section 1c, of the GDPR serves as legal basis for processing the personal data required to fulfil a legal obligation of our company.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6, Section 1f, of the GDPR shall serve as legal basis for processing.
c) Data erasure and storage time
Your personal data shall be erased or blocked as soon as the purpose of storage ceases to apply. However, the data may be stored if provided for by European or national laws or other statutory provisions to which the controller is subject. The data shall be blocked or erased at the end of a storage period prescribed by the aforementioned standards, unless the data needs to be stored further in order to conclude or implement a contract.
d) Hosting
aa) AES-website
We use the website construction kit system of Wix HQ, 6350671, Nemal Tel Aviv St 40, Tel Aviv-Yafo, Israel ("Wix") for the purpose of hosting and displaying the AES-website on the basis of processing on our behalf.
All data collected on our AES-website is processed on Wix's servers. As part of the aforementioned services of Wix, data may also be transmitted to Wix Inc, 500 Terry A. Francois Boulevard, San Francisco, California 94158, USA, as part of further processing on our behalf.
In the event that data is transferred to Wix in Israel, the appropriate level of data protection is guaranteed by an adequacy decision of the European Commission. Further information on data protection at Wix can be found on the following website: https://de.wix.com/about/privacy
bb) Career Portal
For our Career Portal, we use a DigitalRecruiters software of TALENTSOFT GMBH
Spichernstraße 6, 50672 Cologne, Germany for the purpose of hosting and displaying the Career Portal on the basis of processing on our behalf.
Further information on data protection at TALENTSOFT GmbH can be found on the following website:
§ 5 INDIVIDUAL PROCESSING OPERATIONS
You can use a large part of our website without providing your personal data. Access data without personal reference, such as the name of your Internet service provider, the page from which you are visiting us, the names of the files required and their retrieval date are stored. These data are exclusively evaluated for the purpose of improving our website and do not allow any conclusions regarding your person. These data are:
Browser type and version
The operating system used
Referrer URL
Host name of the computer used for access
Names of the requested files
Date and time of server request
IP address
In particular, personal data are used as follows:
a) Contact via E-Mail
You can contact us via the e-mail address provided. In this case, your personal data sent by e-mail will be processed for the purpose of answering your request.
In this context, the data is not disclosed to third parties. The data is used exclusively for processing the conversation.
The legal basis for processing the data transmitted alongside an e-mail is Art. 6, Section 1a, of the GDPR.
§ 7 USING COOKIES
Besides the cookies described in Section 6 above, we use other cookies which are sent by our web server to your browser during your visit to our website and are stored on your computer for later retrieval. These cookies contain a characteristic character string that enables clear identification of the browser when the website is called up again.
When accessing our website, the user is informed about the use of cookies and his or her consent to the processing of personal data used in this connection is obtained. In this context, reference is also made to this privacy statement.
The legal basis for processing personal data using technically necessary cookies is Art. 6, Section 1f of the GDPR. If the user has given his or her consent in this regard, the legal basis for processing personal data using cookies for analysis purposes is Art. 6, Section 1a, of the GDPR.
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For this it is necessary for the browser to be recognised even after a change of page.
The user data collected by technically necessary cookies are not used to create user profiles.
Cookies are stored on the user's computer and sent from there to our site. Therefore, as a user you also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser.
Most browsers are pre-set to automatically accept cookies. However, you can deactivate the storage of cookies or set your browser so that it informs you before cookies are stored. Users who do not accept cookies may not be able to access certain areas of our websites.
Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.
Cookies management
According to regulations, you can opt out of our use of cookies through your browser settings.
In order to find out more about browser settings, please use the following guides, or refer to the Help menu of your browser:
Chrome
Internet Explorer 11
Internet Explorer 10
Internet Explorer 9
Internet Explorer 8
Firefox
Opera
Safari
b) Google Fonts
The websites use so-called Web Fonts provided by Google to ensure the uniform use of fonts on this site. These Google fonts are locally installed so that a connection to Google’s servers will not be established in conjunction with this application.
For more information on Google Web Fonts, please follow this link: https://developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en
​
c) Cookie Consent Tool
In order to manage cookies in compliance with data protection regulations, we use the software solution Wix. When visiting our AES-website, an essential cookie is stored in the user's browser, in which the consent given or the revocation of consent is stored.
We provide you with a so-called cookie banner, which you can use to give us your consent to the use of cookies. The cookie banner informs you about the use of cookies when you first visit our AES-website and asks for your consent to the use of cookies. Until you give your consent, all non-essential cookies that we use on our AES-website are automatically blocked. You have the option to refuse unwanted cookies via the cookie banner and still continue to use the AES-website.
Further information on data protection at Wix can be found on the following website:
https://de.wix.com/about/privacy
§ 8 PLUG-INS AND TOOLS
a) YouTube
Our website uses plugins from Google's YouTube platform to display short video sequences. The pages are operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.
If you visit any of our pages equipped with a YouTube plug-in, a connection is set up to the YouTube servers. The YouTube server is informed about our pages you have visited.
If you are logged into your YouTube account, you allow YouTube to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
For more information on how we handle user data, please see YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy
The legal basis for processing personal data is Art. 6, Section 1a of the GDPR
If data is exceptionally processed in the USA, this is covered by the certification of Google, under the EU-US Data Privacy Framework adequacy decision for the USA.
b) LinkedIn Plugin
We maintain an online presences on LinkedIn Company Page of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn") to communicate with interested parties and inform them about our products and services.
In the context of operating our online presences on LinkedIn, we may access information such as statistics on the use of our online presences provided by the operator of the social network. These statistics are aggregated and may include demographic information (e.g., age, gender, region, country), employment-related information (e.g., job, function, industry, work experience, company size), and data on interaction with our online presence (e.g., likes, shares, subscriptions, viewing pictures and videos) and the posts and content shared through it.
These may also provide insights into users' interests and which content and topics are particularly relevant to them. We may use this information to adjust and optimize our activities and content on the online presences. The collection and use of these statistics are subject to joint responsibility with the social network operator.
Further information on joint responsibility, the nature and extent of these statistics, and the contact details of the social network can be found at:
Page Insights Joint Controller Addendum (the "Addendum").
The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR to stay in contact with our customers and inform them and to carry out pre-contractual measures with interested parties, as well as Art. 6 para. 1 lit. f GDPR based on our legitimate interest in effective information and communication with users.
We have no control over the data processed by LinkedIn under its own responsibility according to its terms of use. However, we point out that data on your usage behavior may be transmitted to the social network operator when visiting the online presence.
LinkedIn may process the aforementioned information to create more detailed statistics and for their market research and advertising purposes, over which we have no control. For this purpose, cookies and other identifiers may be stored on the computers of the affected persons. Based on these usage profiles, advertisements may be displayed within the social network and on third-party websites. More information can be found in LinkedIn’s privacy notice: https://www.linkedin.com/legal/privacy-policy
If we receive your personal data while operating the online presence on LinkedIn, you have the rights described in this privacy policy. If you wish to assert your rights against the social network operator, you can most easily contact them directly. The operator knows both the technical operation details of the platform and the related data processing and can implement appropriate measures if you exercise your rights. We are happy to support you in asserting your rights, as far as possible, and forward your requests to the social network operator
§ 9 Career Portal
As part of the job application process, we process the personal data we require in order to make a decision on whether to establish an employment relationship.
This includes, in particular, your contact details (name, address, etc.) as well as all data related to your job application (CV, certificates, qualifications, etc.). If you submit a claim for reimbursement of travel expenses, we will also need your bank details. The legal basis for the processing of your data derives from Art. 88 GDPR in conjunction with art 26, paragraph 1, sentence 1 of the German Data Protection Act (BDSG).
We also collect and process personal data that you voluntarily provide to us. It is not mandatory to complete the fields marked as voluntary or optional. This data is processed on the basis of your revocable consent in accordance with Article 6.1.1(a) and Article 7 GDPR in conjunction with Article 26(2) BDSG.
a. Data sources
We only process the personal data you provide to us as part of the job application process.
b. Recipients of your data
We only pass on your personal data within our company to the departments and people involved in the decision to enter into an employment relationship.
We will only transfer your data to recipients outside the company if permitted or required by law, if we have your consent or if we are authorised or obliged to provide information. Under these conditions, the recipients of personal data may be, for example, public authorities and institutions, such as the Federal Employment Agency, in fulfilment of our legal obligations.
We may also pass on your data to service providers who support us, for example in the fields of IT or archiving and erasure, and with whom specific contracts on data processing have been concluded. In concluding the relevant contracts, we ensure that your personal data is processed in accordance with data protection regulations.
In addition, we may need to transfer your data in compliance with legal obligations, but this may only arise in specific individual cases and not in general.
c. Talent pool
If you are not hired, but your application is still of interest to us, we may ask you whether we can keep your application on file for future vacancies. This extended storage period is carried out on the basis of your revocable consent in accordance with Article 6.1.1(a) and Article 7 GDPR in conjunction with Article 26(2) BDSG. Inclusion in our talent pool is voluntary and failure to give the relevant consent does not affect other ongoing application processes.
We keep the applications we have placed in the talent pool for a period of six months. After this period the documents shall be removed. We will retain your declaration of consent for inclusion in our talent pool for 3 years in order to fulfil our proactive responsibility within the meaning of Article 5(2) GDPR.
d. Data erasure
All data collected shall be erased as soon as their storage is no longer necessary or the legitimate interest in their retention has expired, provided that there are no legal retention periods. If the recruitment does not take place, the data will in all cases be erased six months after the rejection letter is sent. We will also erase your data if you withdraw your consent to the processing of your data.
In specific cases, some individual data may be stored for longer periods of time (e.g. travel expenses settlement). In such cases, the retention period depends on the statutory retention obligations laid down, for example, in the German Tax Code (6 years) or the German Commercial Code (10 years). We are also permitted to extend the storage of your data if its further processing is necessary to assert, exercise or defend legal rights after we have weighed up the interests.
§ 10 Third Parties, Customers, and Business Partners
a. Description of data processing
We may process your personal data for the following purposes (and legal grounds):
-
manage secure access to offices and prevent damage to property and persons (consent, legitimate interest or legal obligation);
-
communicate with you and process as well as respond to your request ((pre)contractual or legitimate interest);
-
fulfill and execute your product purchase and use of services (contractual or legitimate interest);
-
license monitoring purposes and application access (legitimate interest);
-
marketing purposes; to provide you with personalized information about our products and services as well as conduct market research and satisfaction surveys (consent or legitimate interest);
-
credit checks on customers, which may involve credit agencies ((pre)contractual or legitimate interest);
-
assessment and screening, including due diligence purposes (also in mergers & acquisitions) (legitimate interest or legal obligation);
-
comply with legal and regulatory requirements and requests (legal obligation);
-
establish, exercise and defend legal claims (legitimate interest).
-
respond to training requests and set up the platforms used to deliver training (legitimate interest);
-
management of the external workforce (legitimate interest).
b. Secure access to premises
We may process your personal data to handle access to premises managed by us. If health data is processed this will only take place on the basis of your explicit consent.
Relevant personal data: full name, date of birth, home address, employer name and address, mobile phone, emergency contacts and health data.
c. Communication and requests handling
The exchange between individuals from different companies and the resolution of corporate requests requires the processing of personal data.
Relevant personal data: business email address, full name, job position, business mobile phone, corporate landline, company, country, content of request, date of request, and other data you may disclose to us.
d. Pre-contractual measures, product purchase or use of our services
The processing of your personal data may arise on the one hand due to the implementation of pre-contractual measures that precede a contractually regulated business relationship or on the other hand in the fulfilment of obligations arising from a concluded contract with you. For more detailed description of the performed data processing, please see our executed agreements and other documents related to data protection.
Relevant personal data: name, address, company name, telephone number, email address, log data, usage data, respective product or service.
e. Workforce management
We may process your personal data to conduct the purchasing of and invoicing of external workforce to appropriately allocate individuals to projects and provide services according to contractual agreements.
f. Microsoft “Teams”
We use “Teams” to conduct online meetings, conference calls and/or webinars (hereinafter collectively referred to as “Meetings”). Teams is a software from Microsoft Ireland Operations Limited, South County Business Park, Leopardstown, Dublin 18, Ireland (“Microsoft”), which is available as a desktop, web and mobile app.
The legal basis for data processing for conducting meetings via Teams is our legitimate interest in the effective and simple conduct of online meetings, discussion groups and presentations.
Insofar as the meetings are held within the framework of existing contractual relationships with you, the performance of our contractual relationship. We are not responsible for further data processing on the Teams product website, where the desktop software can be downloaded and the web app can be used.
The following data may be processed during a Meeting:
-
Participant details: display name if applicable, first name, surname, telephone, e-mail address, password (encrypted for authentication), profile picture;
-
Metadata: Topic and description of the meeting, IP address, telephone number of the participant, type of device/software (Windows/Mac/Linux/Web/iOS/Android Phone/Windows Phone), time of the participant’s last activity on Teams, number of chat and channel messages, number of meetings attended, duration of time for audio, video and screen sharing;
-
For chat or channel message usage: text data for display and, if applicable, logging;
-
For audio use: recording data of the microphone;
-
For video use: recording data from the video camera;
-
For recordings: Audio, video and screen sharing for storage in the cloud / Microsoft Stream;
-
For telephone use: incoming and outgoing phone numbers, country name, start and end time, possibly other connection data, such as the IP address of the device.
Before a Meeting, you must register via our website or by e-mail. Your registration data will be processed by us. Before the Meeting, you will receive a confirmation email with an invitation link or a calendar date.
To participate in a Meeting, you must at least provide your name and – if you are using a telephone – your telephone number, unless we enable anonymous participation in Meetings. In the latter case, we will inform you of this possibility of anonymous participation in the course of the invitation. You can deactivate the transmission via microphone and camera at any time via the corresponding settings. We only record Meetings or log text data with your consent and prior notification. Microsoft stores and uses the metadata to enable us to analyze and report on the use of Teams.
Microsoft may obtain knowledge of the above-mentioned data as part of the commissioned processing in order to process it. All data traffic is encrypted (MTLS, TLS or SRTP) and encrypted data storage always takes place on servers in the European Economic Area (EEA). Where possible, we also activate end-to-end encryption.
If data is exceptionally processed in the USA, this is covered by the certification of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, under the EU-US Data Privacy Framework adequacy decision for the USA.
Further information is available in Microsoft's privacy policy, accessible at: https://privacy.microsoft.com/en-us/privacystatement
§ 11 SECURITY MEASURES TO PROTECT YOUR DATA
We undertake to protect your privacy and to treat your personal data confidentially. To prevent the loss or misuse of data stored by us, we take extensive technical and organisational safety precautions which are regularly checked and adapted to technological progress. However, we would like to point out that due to the structure of the Internet, it is possible that the data protection rules and the above-mentioned safety measures may not be observed by other persons or institutions outside our field of responsibility. In particular, unencrypted data transmitted by e-mail, for instance, can be read by third parties. We have no technical influence on this. It is the user's responsibility to protect the data provided by him/her against misuse through encryption or in any other way.
This site is hosted at WIX, which uses Google Fonts without providing us an option to influence that. If you don't want to stay on our website, we are very sorry but we understand. Currently we can only inform you about this issue, but we hope that WIX is working on a technical option.
§ 12 HYPERLINKS TO EXTERNAL WEBSITES
Our website contains so-called hyperlinks to other providers' websites. When these hyperlinks are activated, you are redirected from our website directly to other providers' websites. You can recognise this, for example, by the change of URL. We cannot assume any responsibility for the confidentiality of your data on these third-party websites, as we have no influence on these companies' compliance with data privacy policies. You can find out how these companies handle your personal data directly on these websites.
§ 13 YOUR RIGHTS AS A DATA SUBJECT
If your personal data are processed, you are concerned in the sense of the General Data Protection Regulation (GDPR) and you have the following rights vis-à-vis the controller:
a. Right to information
You can ask the controller to confirm whether your personal data are processed by us.
If this is the case, you can ask the controller for the following information:
the purposes for which the personal data are processed;
the categories of personal data processed;
the recipients or categories of recipients to whom your personal data have been or are still being disclosed;
the planned duration of the storage of your personal data or, if specific information on this is not possible, the criteria for determining the storage period;
the existence of a right to rectify or erase your personal data, a right to have the processed data restricted by the controller, or a right to object to such processing;
the existence of a right to appeal to a supervisory authority;
all available information about the origin of the data if the personal data are not collected from the data subject.
You have the right to request for information as to whether your personal data is transferred to a third country or to an international organisation. In this connection, you may request that the appropriate guarantees pursuant to Art. 46 of the GDPR in connection with the transmission of data shall be made available to you.
b. Right to correction
You may ask the controller to rectify and/or complete your personal data if your personal data are incorrect or incomplete. The controller shall make the correction without delay.
c. Right to restrict the processing
You may request that the processing of your personal data be restricted on the following terms and conditions:
if you contest the accuracy of your personal data;
if the processing is unlawful and you reject the deletion of the personal data and instead demand the restriction of the use thereof;
if the controller no longer needs the personal data for the purposes of processing, but you do need them to assert, exercise or defend legal claims, or
if you have filed an objection to the processing pursuant to Art. 21, Section 1, of the GDPR and it has not yet been determined whether the controller's legitimate reasons outweigh your reasons.
If the processing of your personal data has been restricted, such data may only be processed - apart from being stored - with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.
If the processing restriction has been limited on the above conditions, we shall inform you before the restriction is lifted.
d. Right to deletion
aa) Deletion obligation
You may ask to delete your personal data without delay and we are obliged to delete this data without delay if:
Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
You revoke your consent, on which the processing was based pursuant to Art. 6, Section 1a or Art. 9, Section 2a of the GDPR, and there is no other legal basis for the processing.
You file an objection against the processing pursuant to Art. 21, Section 1, of the GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21, Section 2, of the GDPR.
Your personal data have been processed unlawfully.
Deleting your personal data is necessary to fulfil a legal obligation under EU law or the law of the Member States to which we are subject.
Your personal data have been collected regarding the services offered by the information company pursuant to Art. 8, Section 1, of the GDPR.
bb) Information to third parties
If we have made your personal data public and are obliged to delete it pursuant to Art. 17, Section 1, of the GDPR, we shall take appropriate measures, including technical measures, considering the available technology and the implementation costs, to inform the processors of the personal data for which you as the data subject have asked for the deletion of all links thereto or of copies or replications thereof.
cc) Exceptions
The right to deletion does is excluded if and to the extent as the processing is required
to exercise the freedom of expression and information;
to fulfil a legal obligation required for processing under EU law or the law of Member States to which the controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the controller;
for reasons of public interest in the field of public health pursuant to Art. 9, Sections 2h and i, and Art. 9, Section 3, of the GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89, Section 1, of the GDPR, insofar as the law referred to under a) is likely to render impossible or seriously impair the attainment of the objectives of such processing, or
to assert, exercise or defend legal claims.
e. Right to information
If you have asked us to correct, delete or restrict the processing of your personal data, we must inform all recipients of your personal data about this correction or deletion of the data or restriction on processing, unless this proves impossible or entails a disproportionate effort.
You have the right to be informed of such recipients.
f. Right to data portability
You have the right to receive the personal data you have made available to the controller in a structured, accessible and machine-readable format. Moreover, you have the right transmit this data on to another controller, provided that
processing is based on consent pursuant to Art. 6, Section 1a, of the GDPR or Art. 9, Section 2a, of the GDPR or on a contract pursuant to Art. 6, Section 1b, of the GDPR and
processing is carried out automatically.
While exercising this right, you also have the right to request that your personal data be transferred directly from us to another controller, so far as this is technically feasible.
Other persons' freedoms and rights must not be affected by this.
The right to portability shall not apply to the processing of personal data needed to perform a task in the public interest or to exercise official authority conferred on the controller.
g. Right to object
You have the right to object at any time, on the grounds of your particular situation, to the processing of your personal data in accordance with Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions.
We shall no longer process your personal data, unless we can prove protection-worthy compelling reasons for the processing, which outweigh your interests, rights and freedoms, or unless the processing is used to assert, exercise or defend legal claims.
You have the possibility to exercise your right of objection in connection with the use of the services of an information company by means of automated procedures based on technical specifications, notwithstanding Directive 2002/58/EC.
h. Right to revoke the data protection consent
You have the right to revoke your data protection consent at any time.
The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.
i. Right to appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or where the alleged infringement has been made, if you believe that the processing of your personal data is contrary to the stipulations of the GDPR. The competent supervisory authority for Bavaria is:
Bayerisches Landesamt für Datenschutzaufsicht, Promenade 27, 91522 Ansbach, https://www.lda.bayern.de/de/kontakt.html