/ Privacy Statement

Data Protection Information for Visitors to Our Website

Thank you for visiting our website and for your interest in our company and our services. We respect your privacy and ensure the protection of your personal data by processing it in accordance with the contents of these data protection regulations and the applicable data protection laws.

You can visit our website without telling us who you are. For the purpose of displaying our websites, you are only obliged to provide the data transmitted by your browser to our server (see “Log Files”).

Further personal data will only be stored if you provide it voluntarily on the website or use corresponding functions, e.g., when using our contact forms or registering for our newsletter.

In the following, you will find our data protection regulations for visitors to our website:

Contact

You can enter your personal data on our website to contact us. Only data marked with an asterisk is mandatory. Providing further data may be helpful for the processing of your request, but it is not mandatory (optional). With your consent, the data is used and stored exclusively for the purpose of processing your message (Art. 6 para. 1 s. 1 lit. a GDPR). A use for other purposes or a passing on to third parties does not take place unless you explicitely agree (consent).

Cookies

Cookies are very small files used by web pages and stored on your device by your browser, which can provide us or a third party with certain information.

Transient cookies are automatically deleted when you close your browser. This includes, in particular, session cookies. These save a so-called session ID, which allows various requests from your browser to be alloated to a common session. This will allow your device to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.

Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. In contrast to transient cookies, persistant cookies are not automatically deleted when the browser is closed. You can delete cookies at any time in the security settings of your browser.

We process cookies that are absolutely necessary to provide a service expressly requested by the user (“necessary cookies”) within the scope of our legitimate interest in providing and operating the website on the basis of Art. 6 para. 1 s. 1 lit. f GDPR and §25 para. 2 TDDDG.

Moreover, further information is stored on or accessed from your terminal device, that is not strictly necessary to provide the service explicitly requested by the user. The information is only stored or accessed if you give your consent (Art. 6 para. 1 s. 1 lit. a GDPR and §25 para. 1 TDDDG). For details on the type of information, purpose of processing, storage period of the information, and possible recipients of the data,please refer to the following section of this privacy statement.

You can adjust your browser settings to prevent it from accepting cookies or to only save or not save certain cookies. You can find more information on this in the help system of your browser. If your browser rejects all cookies, it is possible that not all functions of this website can be used.

You can call up our cookie banner at any time and correct your selection of cookies or make a new one.

Log Files

Each time you access our website, we collect the following information about your computer: the IP address of your computer, the request from your browser, and the time of this request. In addition, the status and the amount of data transferred are recorded within the scope of this request, as well as product and version information about the browser used and the operating system of your computer. We further record the website from which our site was accessed. The IP address of your computer is only stored for the duration of your visit to the website and is then immediately deleted or made anonymous by shortening it. The remaining data is stored for a limited period of time. We use this data for the operation of our website, in particular to detect and eliminate errors, determine the level of utilization of the website, and make adjustments or improvements (legal basis: Art. 6 para. 1 s. 1 f GDPR).

Withdrawal of Consent and Objection to Data Processing

If you have given us your consent, you can withdraw it at any time, with effect for the future.

You may object to our processing of your personal data wherever the processing is based on a balancing of interests. If you choose to exercise your right to object, we ask that you provide us with the reasons why you do not want your personal data to be processed in the manner carried out by us. In the event of your justified objection, we will review the situation and either cease or adjust our processing of data state our compelling reasons for continuing the processing that are worthy of protection.

You can object to the processing of your personal data for purposes of advertising and data analysis at any time.

You can send your revocation or objection using the contact details given under “Person Responsible”.

Your Rights

You are granted the following rights against us regarding personal data concerning you:

  • Right of access
  • Right to rectification or erasure
  • Right to restriction of processing
  • Right of objection to processing
  • Right to data portability.

You also have the right to lodge a complaint regarding our processing of your personal data with a data protection supervisory authority.

Person Responsible

synava GmbH, Bannwaldallee 60, 76185 Karlsruhe, Germany

Data protection officer: Email: datenschutzanfragen@xdsb.de or to our postal address by adding “to the data protection officer”

xDSB Datenschutz GmbH & Co. KG, Greschbachstraße 6a, 76229 Karlsruhe, Germany, Phone: +49 721 828035-0, Fax: +49 721 82803 -99, Email: info@xdsb.de

Data Protection Information According to Art. 13 and 14 GDPR for Customers and Suppliers

The following information is intended to provide you with an overview of the personal data we process and inform you of your rights under data protection laws.

Person responsible for data processing and contact information of the data protection officer

synava GmbH, Bannwaldallee 60, 76185 Karlsruhe, Germany

Data protection officer: Email: datenschutzanfragen@xdsb.de or to our postal address by adding “to the data protection officer”

xDSB Datenschutz GmbH & Co. KG, Greschbachstraße 6a, 76229 Karlsruhe, Germany, Phone: +49 721 828035-0, Fax: +49 721 82803 -99, Email: info@xdsb.de

What are the sources of personal data?

We process personal data that we have obtained from business relationships (e.g., with customers or suppliers) or from inquiries to our company. Normally, we receive this data directly from a contractual party or an inquiring person. However, personal data may also originate from public sources (e.g., commercial registers), provided that the processing of such data is permitted. Data may also have been legitimately transmitted to us by other companies. Depending on the individual case, we also store our own information on this data (e.g., as part of an ongoing business relationship).

Depending on the individual case, this may include master data (e.g., name, address), contact information (e.g., telephone number, email address), contract and billing data for the fulfillment of our contractual obligations or necessary data for the processing of an inquiry, possibly also data on creditworthiness, advertising and sales data, and other data from comparable categories.

For what purposes and on what legal basis is the personal data processed?

We process personal data in accordance with data protection laws, in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

a.) In the context of the fulfillment of a contract or for the implementation of pre-contractual measures (Art. 6 para. 1 s. 1 lit. b GDPR). We process personal data primarily for the fulfillment of contractual obligations and the provision of related services, or in the context of a corresponding contract initiation (e.g., contract negotiations, preparation of offers). The specific purposes here are determined by the individual service or product to which the business relationship or contract initiation relates.

b.) In the context of fulfilling a legal obligation (Art. 6 para. 1 s. 1 lit. c GDPR). In many situations, we are required by law to collect certain personal data from you and to disclose or make it available to certain, usually public, entities. For example, we provide the tax authorities with the personal data required for tax calculation in accordance with the relevant statutory provisions.

c.) In the context of the balancing of interests (Art. 6 para. 1 s. 1 lit. f GDPR). We also collect and process personal data to safeguard legitimate interests in the following situations:

  • Processing general inquiries about our products and services
  • Checking creditworthiness via respective credit agencies to assess the risk of default in business relationships
  • Advertising or market research
  • Video surveillance for the protection of domiciliary rights on our company premises or building
  • Assertion of legal claims and defense in legal disputes
  • Ensuring IT security and IT operation
  • Measures for building and plant security (e.g., access authorizations)
  • Measures to improve our internal business processes and product optimization measures
  • Furthermore, we may use systems for communication purposes (e.g., video conferencing systems, chats, etc.). Depending on the form of communication, we may process your contact information, messages and image and audio recordings. Recordings of images or audio transmissions will not be taken without your explicit consent. Please also note the respective privacy statements of the providers’ tools.

d.) In the context of consent (Art. 6 para. 1 s. 1 lit. a GDPR). In some situations, the processing of your personal data is not mandatory and is only permitted with your consent. In these cases, we will inform you of this circumstance, in particular of the voluntary nature of the consent given and the possibility of withdrawal at any time with effect for the future. This is the case, for instance:

  • for certain processing of data via our website (see the privacy statement on our website),
  • in certain advertising situations (subject to permission of use, if required by law).

Recipients of the personal data
In general, the company only grants access to your data to entities that need to work with your data (“need-to-know principle”), i.e., need access to this data in order to fulfill a contractual or legal obligation. These may also include service providers and vicarious agents who act on behalf of the company and/or have been obligated to confidential processing of the data. In certain situations, we may transmit your data to

  • public authorities (e.g., tax authorities) when there’s a legal obligation,
  • other companies as part of the fulfillment of the contractual relationship, in the context of a balancing of interests, or on the basis of your consent. In individual cases, depending on the business relationship or order, these may be, for instance, companies involved in the provision of our services, logistics partners, marketing service providers, credit bureaus, banks, tax consultants, or lawyers.

Is data transferred to a third country or to an international organization?

We may transfer personal data to other entities in countries outside the European Union (third country) insofar as it is necessary for the execution of the business relationship, if it is required by law, or if you have given us your consent to do so. In certain situations, we use or reserve the right to use service providers that may either have their registered office in a third country or, in turn,  may have service providers with a registered office in a third country. According to Art. 45 GDPR, a data transfer to a third country is permitted if the European Commission has decided that an adequate level of protection exists in that country. In the absence of such a decision, a data transfer to a third country is permissible if the responsible entity has provided appropriate safeguards (e.g., so-called standard data protection clauses issued by the European Commission) and the data subject has enforceable rights and effective legal remedies (Art. 46 GDPR). As a matter of principle, we only work with entities in a third country that meet the listed criteria.

Storage period of the data

We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. If the storage of personal data is no longer required for the fulfillment of these obligations, it will be deleted, unless there are legal storage obligations, such as commercial and tax retention obligations under the German Fiscal Code and the German Commercial Code (6 or 10 years) and for the preservation of evidence within the framework of statutory periods of limitation.

Data subject rights

You are granted the following rights against us regarding personal data concerning you:

  • Right of access
  • Right to rectification or erasure
  • Right to restriction of processing
  • Right of objection to processing
  • Right to data portability.

You also have the right to lodge a complaint regarding our processing of your personal data with a data protection supervisory authority. However, you also have the possibility of contacting our company’s data protection officer (also confidentially). If you have given us consent (Art. 6 para. 1 s. 1 lit. a GDPR), you can withdraw it at any time with effect for the future.

You may object to the processing of your personal data wherever the processing is based on the balancing of interests (Art. 6 para. 1 s. 1 lit. f GDPR). When exercising such an objection, we ask you to provide us with the reasons why you do not want your personal data to be processed in the manner carried out by us. In the event of your justified objection, we will review the merits of the case and either cease or adjust our processing of data or state our compelling reasons for continuing that are worthy of protection on the basis of which we will continue the processing. You can object to the processing of your personal data for advertising purposes at any time.

Obligation to the provision of data

In the context of the fulfillment or initiation of a contract, you must provide the personal data necessary for the fulfillment of the contract or the implementation of pre-contractual measures and their associated obligations. Furthermore, you must provide the personal data that we are required to collect by law. We will not be able to conclude or fulfill a contract with you without this data. In cases of data collection based on consent, the provision of data by you is voluntary and not mandatory. However, if you do not give consent, we will not be able to provide the services or benefits based on data processing by means of consent. You may withdraw your consent at any time with effect for the future, even after giving it.

Does automated decision-making or profiling take place?

No.

Data Protection Information According to Art. 13 GDPR for Applicants

The following information is intended to inform you about the details of the processing of your data with regards to the application process. We process your personal data in strict compliance with labor and data protection regulations. In particular, we process the following data: name, address, date of birth, curriculum vitae, photograph, email address, telephone number, and proof of qualifications. You can also provide additional data on a voluntary basis. Furthermore, we may store additional data, such as internal notes and assessments. If you have stored your required data for an application on recruiting platforms, we may initiate a corresponding synchronization when using our career portal on our website to provide this data.

Person responsible for data processing and contact information of the data protection officer

synava GmbH, Bannwaldallee 60, 76185 Karlsruhe, Germany

Data protection officer: Email: datenschutzanfragen@xdsb.de or to our postal address by adding “to the data protection officer”

xDSB Datenschutz GmbH & Co. KG, Greschbachstraße 6a, 76229 Karlsruhe, Germany, Phone: +49 721 828035-0, Fax: +49 721 82803 -99, Email: info@xdsb.de

For what purposes and on what legal basis is the personal data processed?

We process personal data in accordance with data protection laws, in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

a.) In the context of the fulfillment of a contract or for the implementation of pre-contractual measures (Art. 6 para. 1 s. 1 lit. b GDPR), in particular the employment relationship (§ 26 BDSG). The legal basis for data processing is data processing for pre-contractual measures or for the initiation of a contract (Art. 6 para. 1 s. 1 lit. b GDPR, § 26 BDSG).

b.) In the context of consent (Art. 6 para. 1 s. 1 lit. a GDPR). In addition, you have the option to give us your consent for data processing that is not required for the purpose of processing your application for a specific position. This concerns, in particular, your consent to the processing of your data in the event of rejection in order to be able to consider you for further positions in the future. This consent is voluntary for you, i.e., you can refuse it without consequences, and you can also withdraw it at any time with effect for the future.

Recipients of the personal data

In general, the company only grants access to your data to entities that need to work with your data (“need-to-know principle”), i.e., access to this data is needed to fulfill a contractual or legal obligation. The transfer of data to third parties takes place only with your explicit consent. If we receive your application documents from recruitment agencies or recruitment platforms, you will either be informed by the recruitment agency or recruitment platform about the corresponding data transfer or, if necessary, your consent will be obtained. Due to possible commission or other remuneration obligations with recruitment agencies and recruitment platforms, it may be possible that we have to inform these service providers about the status of the application and in particular the conclusion of an employment relationship.

To process your application data, we use software which processes this data on our behalf.

Is data transferred to a third country or to an international organization?

As a matter of principle, no data is transmitted to entities in countries outside the European Union (third countries). In certain situations, we use or reserve the right to use service providers that may either have their registered office in a third country or who may in turn have service providers based in a third country. According to Art. 45 GDPR, a data transfer to a third country is permitted if the European Commission has decided that an adequate level of protection exists in that third country. In the absence of such a decision, a data transfer to a third country is permissible if the responsible entity has provided appropriate safeguards (e.g., so-called standard data protection clauses issued by the European Commission) and the data subject has enforceable rights and effective remedies (Art. 46 GDPR). As a matter of principle, we only work with entities in a third country that meet the listed criteria.

Storage period of the data

We process and store your personal data as long as it is necessary to fulfill the purpose of initiating the contract. If the storage of personal data is no longer required for the fulfillment of the purpose, it will be deleted, unless there are legal storage obligations, in particular for the preservation of evidence within the framework of statutory periods of limitation, or you have given your explicit consent to further storage.

Data subject rights

You have the following rights with respect to us regarding personal data concerning you:

  • Right of access
  • Right to rectification or erasure
  • Right to restriction of processing
  • Right of objection to processing
  • Right to data portability.

You also have the right to lodge a complaint regarding our processing of your personal data with a data protection supervisory authority. You also have the possibility of contacting our company’s data protection officer at any time (also confidentially).

If you have given us consent (Art. 6 para. 1 s. 1 lit. a GDPR), you can withdraw it at any time with effect for the future.

You may object to the processing of your personal data, wherever the processing is based on the balancing of interests (Art. 6 para. 1 s. 1 lit. f GDPR). When exercising such an objection, we ask you to provide us with the reasons why you do not want your personal data to be processed in the manner carried out by us. In the event of your justified objection, we will review the merits of the case and either cease or adjust the processing of data or state our compelling reasons worthy of protection on the basis of which we will continue the processing.

Obligation to the provision of data

In the context of the initiation of the employment relationship, you must provide the personal data necessary for the fulfillment of pre-contractual measures and their associated obligations. We will not be able to conclude a contract with you without providing this data.

Does automated decision-making or profiling take place?

No.

synava GmbH
Bannwaldallee 60
D – 76185 Karlsruhe

© 2025 synava GmbH | All rights reserved.
Imprint | Privacy statement