PRIVACY POLICY /
2018
With this privacy policy, we inform you about our processing of your personal data. We process personal data in accordance with the European General Data Protection Regulation (“GDPR”) and the German Federal Data Protection Act (Bun-desdatenschutzgesetz – “BDSG”).

1. Who is responsible for data processing and who can I contact?
Controller within the meaning of Art. 4 (7) GDPR is:
Konstantin Grcic
Konstantin Grcic Design
Kurfürstenstr. 13
D-10785 Berlin
office@konstantin-grcic.com
+49 30 94859210

2. For what purpose and on what legal basis do we process your personal data?
a) Fulfilment of contractual and pre-contractual obligations (Art. 6 (1) (b) GDPR)
The processing of personal data (Art. 4 No. 2 GDPR) is carried out to provide this web-site and to provide our services, in particular to conclude and process contracts, to in-voice, to carry out pre-contractual measures, to answer enquiries in connection with our business relationship and for all activities necessary for the operation and admin-istration of our company.
The purposes of the data processing depend primarily on the concrete product. Further details on the purpose of data processing within the framework of contracts can be found in the respective contract documents and terms and conditions.
b) In the context of balancing interests (Art. (1) (f) GDPR)
In addition, we process your data to protect legitimate interests of us or of third parties such as, in particular, in the following cases:
• replying to your inquiries outside of a contract or pre-contractual measures;
• assertion of legal claims and defence in legal disputes;
• guaranteeing our IT security and IT operations;
• measures for business management and further development of products.
c) Based on your consent (Art. 6 (1) (a) GDPR)
If you have given us permission to process personal data for certain purposes, the law-fulness of this processing is given on the basis of your consent. A given consent can be revoked at any time. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected by this.
d) On the basis of legal requirements (Art. 6 (1) (c) GDPR)
In addition, we are subject to various legal obligations, i.e. legal requirements (e.g. tax laws), which require the processing of data.

3. Website
When you visit our website, information is automatically sent to the server of our web-site by your browser. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automat-ically deleted: IP address of the inquiring computer, date and time of the access, name and URL of the retrieved file, website from which the access follows ("referrer URL"), if applicable the search engine used by you, browser used and if applicable the operating system of your computer as well as the name of your access provider.
The legal basis for this type of data processing is Art. 6 (1) (f) GDPR. The legitimate interests pursued by us are in particular:
• ensuring a smooth connection of the website,
• ensuring comfortable use of our website,
• evaluation of system safety and stability,
• for other administrative purposes.
We use technically necessary cookies on our website. The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest for doing so is enabling you to use our website. The data will not be combined with other personal data. We do not use cookies for advertising or analysis purposes.

4. Applications
When you apply for a job with us, we collect the data you enter. These are usually your contact data (title, first name, surname, e-mail address), data on your possible em-ployment with us (salary expectations, notice period, earliest starting date), data from your message, curriculum vitae, cover letter and certificates which you provide to us.
We process these application data exclusively for the purpose of the recruiting process. Legal basis for the data processing is § 26 (1) BDSG, as far as the data processing is necessary for the decision about the establishment of an employment relationship. If you provide us with data that is not necessary for application, the processing of this voluntary data is based on your consent; the legal basis is then § 26 (2) BDSG or § 26 (3) BDSG (insofar as in individual cases special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are concerned).

5. Who receives my data?
Within our company, those individuals that need your data in order to fulfil our contrac-tual and legal obligations will have access to it.
We pass on data to the following categories of recipients if this is necessary to fulfil an existing contractual relationship between you and us or to implement pre-contractual measures (Art. 6 (1) (b) GDPR) or to safeguard legitimate interests (Art. 6 (1) (f) GDPR).
• IT service provider
• logistics service provider
• financial institutions for payment purposes
Insofar as processing is necessary to safeguard legitimate interests, for example when using logistics and IT services, it is our legitimate interest to outsource functions.
In addition, your personal data will be forwarded or transmitted if this is required by law (Art. 6 (1) (c) GDPR) or if you have consented (Art. 6 (1) (a) GDPR).

6. How long will my data be stored?
If necessary, we process and store your personal data for the duration of our contrac-tual relationship, including, for example, the initiation and execution of a contract. It should be noted here that our contractual relationship may, depending on the individual case, be a continuing obligation for a number of years.
For contractual relationships, but also for other civil law claims, the storage period also depends on the statutory limitation periods, which, for example, according to § 195 et seq. of the German Civil Code (BGB) are generally three years long, but can, in certain cases, also be up to thirty years..
In addition, we are subject to various storage and documentation obligations, including those arising from the German Commercia Clode (Handelsgesetzbuch – HGB) and the Tax Code (Abgabenordnung - AO). The periods for storage or documentation specified there are 6 years for correspondence in connection with the conclusion of a contract and 10 years for accounting documents and business letters (§§ 238, 257 paras. 1 and 4 HGB, § 147 paras. 1 and 3 AO).
Log and cookies files are generally deleted after the end of the respective browser ses-sion, at the latest after seven days, unless their further storage is exceptionally neces-sary and lawful.

7. Which data protection rights do I have?
You have the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to limitation of processing (Art. 18 GDPR) and the right to data portability (Art. 20 GDPR). The restrictions according to§ 34 and § 35 BDSG apply to the right of access and the right of cancellation. You also have the right to object to data processing by us (Art. 21 GDPR). If our processing of your per-sonal data is based on consent (Art. 6 (1) (a) GDPR), you can withdraw this at any time; the legality of data processing based on the consent until withdrawal remains unaffected by this.
Regardless of this, you have the right to file a complaint with a supervisory authority – in particular in the EU Member State where you are staying, working or allegedly in-fringed – if you believe that the processing of personal data concerning you violates the GDPR or other applicable data protection laws (Art. 77 GDPR, § 19 BDSG).

8. Are data transferred to a third country or to an international organisation?
In general, no. If, in exceptional cases, data is transferred to third countries (countries outside the European Economic Area - EEA), this is only done on the basis of an ade-quacy decision of the Commission or on the basis of standard contractual clauses of the Commission (available at https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF) or binding corporate rules.

9. Is there automated decision-making in individual cases?
In general, no. Should we use such procedures in individual cases, we will inform you separately if this is required by law.