Status of the privacy policy 22.06.2020

General note and mandatory information

Designation of the responsible body

The person responsible for data processing on this website is:

CT Software Engineering GmbH

Dr. Tobias Lehmann

Biberger Straße 93

82008 Unterhaching

The responsible body decides alone or jointly with others on the purposes and means of processing personal data (e.g. names, contact details, etc.)

If you wish to object to the processing of your data by CT in accordance with these data protection provisions, either as a whole or for individual measures, you can send your objection by e-mail or letter to the following contact details: CT Software Engineering GmbH, Biberger Straße 93, 82008 Unterhaching, e-mail:

In addition, you can, of course, also obtain information about the data stored with us at any time free of charge.

1. personal data

Personal data is information that can be attributed to an identified or directly or indirectly identifiable natural person.

Personal data includes general personal data (e.g. name, address, date of birth, telephone number, e-mail address, etc.), bank data (account number, etc.), and data issued by authorities (e.g. driving licence number, identity card number, passport number), value judgements (e.g. school and work certificates, etc.), online data (IP address, location data, etc.), customer data and delivery data, etc.

1.1 Collection, processing and use of your personal data

Data protection is very important to us. Therefore, when processing your personal data, we adhere strictly to the legal provisions of the European Data Protection Regulation (DSGVO), the Federal Data Protection Act (new), the Telemedia Act and the other data protection laws in the European Economic Area (EEA) and Switzerland.

CT Engineering GmbH is an engineering service provider operating throughout Germany. As consultants, innovation drivers and supporters, we are a competent development partner for national and international companies. Data processing by CT is carried out for the purpose of fulfilling consulting and development activities at or for the customers of CT and its affiliated companies and all associated ancillary business.

This personal data will only be used for the purposes of advertising/market research and for the design of our services if you have given us your express permission to do so.

1.2 Description of the group of persons concerned

As a matter of principle, only the data necessary for the fulfillment of the company’s purpose and the contractual agreements are collected. Essentially, personal data is collected, processed and used for the following groups of persons:

Customer data: The processing of personal identification and communication data is carried out to fulfill the business purpose. Furthermore, for the initiation of business contacts and the information of customers.

Supplier data: The processing of personal identification, communication and performance data, economic and financial information, payment and bank account data, if necessary performance data is carried out to fulfill the business purpose.

Employee data: The processing of personal identification and performance data (certificates, etc.), contract mCTer data, insurance data, downtime, payment and bank details, tax and social security data, log-in data, communication data, travel booking data and vehicle booking data is carried out to carry out and process the respective employment relationship. (Data processing for purposes of the employment relationship § 26 BDSG)

Applicant data: The processing of personal identification data, performance data (certificates etc.), payment and bank account data is carried out for the initiation of employment relationships and for the further development of our internal systems. (Data processing for the purpose of employment § 26 BDSG)

Website visitors: The processing of usage data (pseudonymised profiles according to § 15 TMG) is for statistical purposes and to improve the information on our website.

interested parties: The processing of personal identification data, communication data and, if applicable, economic and financial information of interested parties to CT, is carried out to fulfill the business purpose.

other personal data: The processing of personal data of other business partners (e.g. system partners, chambers, associations, banks and authorities) is also carried out to fulfill our business purpose.

1.3. recipients or categories of recipients of data

As a matter of principle, only the data necessary for the fulfilment of the company’s purpose and the contractual agreements are passed on internally and externally. These are essentially the following recipients:

Service providers who are called in to ensure that business is conducted properly (for example, suppliers to support administrative processes, including travel service providers to carry out business trips for employees, VBG and company physician as part of occupational health and safety precautions and occupational safety, insurance policies for damages incurred during the employment relationship). The legal basis for this is either Art. 28 DSGVO in the case of contract processing or, if applicable, Art. 26 BDSG (in conjunction with Art. 88 DSGVO) for the purpose of initiating or carrying out an employment relationship with you

external bodies for the fulfillment of the purposes mentioned under 2 (e.g. customers or affiliated companies of CT within the meaning of §§ 15 ff. AktG where the employee is employed or where the employee or applicant is to be employed within the scope of the employment relationship, customers and suppliers for the handling of projects, credit institutions for salary payments, tax consultants and auditors). The legal basis is regularly § 26 BDSG (in conjunction with Art. 88 DSGVO) for the establishment or execution of an employment relationship with the employees or Art. 6 (1) lit. f DSGVO with regard to general operational obligations such as tax returns, auditing, etc.

public authorities in the case of overriding legal provisions (e.g. social security institutions, tax authorities). The legal basis for this is Art. 6 (1) lit. c DSGVO in conjunction with the respective legal requirements, in particular labour and social law.

Furthermore, this personal data is processed for the purpose of complying with statutory provisions and regulations, such as labour law, tax and social law, money laundering law and international sanctions regulations (e.g. EU anti-terrorism directive). The legal basis for this is Art. 6 para. 1 lit. c DSGVO in conjunction with the relevant provision of national law.

As a matter of principle, there is no transfer to third countries. Should this nevertheless be necessary for project-related reasons, we strictly adhere to the legal requirements for suitable guarantees as a prerequisite for data transfer to third countries in accordance with Art. 46 DSGVO. The measures we apply in each case are (in this order), (i) the transfer is to a third country recognised by the EU Commission in accordance with Art. 45 DSGVO, (ii) in the case of the USA, the transfer is to a company certified in accordance with the EU-US Privacy Shield (, or (iii) otherwise the transfer to companies is to be carried out using the standard data protection clauses recognised by the EU Commission in accordance with Art. 46 para. 2 lit. c DSGVO.

2. collection of data when visiting our website

When you access our website, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider and similar information. This is exclusively information which does not allow any conclusions to be drawn about your person. This information is technically necessary in order to correctly deliver the contents of websites requested by you and is mandatory when using the Internet. Anonymous information of this kind is statistically evaluated by us in order to optimize our Internet presence and the technology behind it. The legal basis is our legitimate interest in providing the services of our website in accordance with Art. 6 (1) lit. f DSGVO.

2.1 Contact form

Data transmitted via the contact form will be stored including your contact data in order to be able to process your enquiry or to be available for follow-up questions. These data will not be passed on without your consent. The data entered in the contact form will be processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a DSGVO). A revocation of your already given consent is possible at any time. An informal notification by e-mail is sufficient for the revocation. The legality of the data processing operations carried out up to revocation remains unaffected by revocation. Data transmitted via the contact form will remain with us until you request us to delete it, revoke your consent to its storage or until there is no longer any need for data storage. Mandatory legal provisions – in particular retention periods – remain unaffected.

2.2 Data protection notice for applicants

If you apply to CT in order to be able to enter into an employment relationship with CT, CT processes the personal data which you provide us with in the context of your application for the purpose of initiating a contract and, if necessary, carrying it out. The legal basis for this is in each case § 26 BDSG (in conjunction with Art. 88 DSGVO) for the establishment and implementation of an employment relationship.

This involves the data you are required to provide – such as the title, name, address and e-mail address, telephone number as well as details of training and further training, professional experience, knowledge in the sense of additional qualifications, preferences for employment by CT with details of the professional field, the preferred place of work and working hours etc.

The following data categories are recorded:

• Personal identification and contract mCTer data (e.g. name, postal address, e-mail, telephone number)

• (work) preferences (e.g. occupational field, form of employment)

• Education, professional experience, knowledge

• Application documents (e.g. certificates, references, curriculum vitae, photo)

• Usage or inventory data (e.g. IP address, name of the accessed file, date and time of access, amount of data transferred, notification of successful access, web browser, domain of origin)

In detail:

2.3 Online application form

If you apply via our online form, you will be asked for personal information. The data you provide will only be used within the application process and will be stored and used in our personalised database for this purpose. We will only process other statements that are not absolutely necessary, but are made voluntarily by you, if you expressly and voluntarily make them available to us.

2.4 Application or contact at trade fairs

If you contact us personally with your application at trade fairs and provide us with personal data in your application documents for this purpose, we will use the data you provide us with exclusively in the context of the application procedure and only then will we store it in our personalised database.

2.5 Application by other means (by e-mail)

If you contact us in any other way (e.g. by e-mail) with your application and provide us with personal data in your application documents for this purpose, we will use the data you provide exclusively within the scope of the application process

2.6 Tool-based database

As data controller, we can send your data to the Textkernel CV parser as well as to external applications that have been integrated with Carerix. Your data will be kept as long as necessary, taking into account our legal obligations to keep data. If longer storage of your data is required, we will ask you again for your consent if necessary.

2.7. procedures for automated decision-making

As a responsible company, we avoid automatic decision making or profiling.

3. privacy policy for customers & suppliers

Within the scope of the business relationship with customers and suppliers, personal data are processed. If you are in a business relationship with CT or are in negotiations about a possible business relationship with CT, CT processes your personal data which have been made available to us for the purpose of initiating a contract and, if necessary, implementing it.

Furthermore, the processing of the data serves the purpose of invoicing, accounting, project management and maintenance of the ongoing business relationship. The legal basis for this is in each case Art. 6 Para. 1 lit b. DSGVO.

The following categories of data are recorded:

• Personal identification and contract mCTer data (e.g. name, postal address, e-mail, telephone number) of business partners and their contact persons

• Order and billing data

• Payment and bank account details

• Communication

• Information for and about advertising and direct marketing

The processing of the data is also used for the purposes of invoicing, billing, project management and the maintenance of the ongoing business relationship, including for advertising and direct marketing. The legal basis in each case is Art. 6 para. 1 letter b. DSGVO regarding the conclusion, execution and processing of contracts as well as Art. 6 para. 1 lit. f DSGVO regarding our legitimate interests, such as accounting, direct marketing.

4. transfer of personal data to third parties

CT collects and stores the data itself. Your data will neither be sold nor made available to other unauthorized third parties.

Your personal data may, for example, be passed on to or processed by other units of our group of companies in order to fulfil contractual obligations. A uniformly high level of data protection is guaranteed within the group of companies.

CT assures that the data will only be passed on within the CT Engineering Group and to customers, in each case limited to the extent necessary to achieve the purpose:

4.1 Initiation of the contract

Your personal data will be transmitted to customers and affiliated companies of CT within the meaning of §§ 15 ff. German Stock Corporation Act (AktG), insofar as this is necessary, in particular, to the hirers within the framework of employee assignments for the acquisition of activities. Applications in the areas of back office and business management are not affected.

4.2 Implementation of the contract

Insofar as it is necessary for the purpose of implementing your employment relationship with CT, your personal data will be transferred to the third parties necessarily involved in the implementation of the contract (customers, suppliers, affiliated companies of CT within the meaning of §§ 15 ff. of the German Stock Corporation Act).

4.3. within the scope of our business purposes or if this is legally permissible or necessary.

We may disclose information about you to third parties for business purposes, or where disclosure is permitted or required by law. Also, the transfer to state institutions and authorities entitled to receive information is only carried out within the scope of the statutory duty to provide information or if CT is obliged to provide information by a court decision.

5. Deletion or blocking of your data

We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as required by the various storage periods provided for by law. After the respective purpose has ceased to exist or these periods have expired, the corresponding data is routinely blocked or deleted in accordance with the statutory provisions.

6. Your rights

Revocation of your consent to data processing

Only with your express consent are some data processing operations possible. A revocation of your already given consent is possible at any time. An informal notification by e-mail to is sufficient for the revocation.

The lawfulness of the data processing carried out up to the revocation remains unaffected by the revocation.

Right to appeal to the competent supervisory authority

As a data subject, you have the right to complain to the competent supervisory authority in the event of a breach of data protection law. The competent supervisory authority with regard to data protection issues is the State Data Protection Commissioner of the federal state in which our company is located. The following link provides a list of the data protection officers and their contact details:

Right to data transferability

You have the right to have data, which we process automatically on the basis of your consent or in fulfilment of a contract, handed over to you or to third parties. The data will be provided in a machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done to the extent that it is technically feasible.

Right to information, correction, blocking, deletion

Within the framework of the applicable legal provisions, you have the right to obtain information free of charge at any time about your stored personal data, the origin of the data, its recipients and the purpose of the data processing and, if applicable, a right to correct, block or delete this data. In this regard and also for further questions on the subject of personal data, you can contact us at any time using the contact options listed in the imprint.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption. This means that data that you transmit via this website cannot be read by third parties. You can recognise an encrypted connection by the “https://” address line of your browser and the lock symbol in the browser line.

7. Google analytics and links

Google Analytics: Our website uses functions of the web analysis service Google Analytics. The provider of the web analysis service is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses “cookies.” These are small text files that your web browser stores on your end device and enable an analysis of website use. Information generated by cookies about your use of our website is transmitted to a Google server and stored there. Server location is usually the USA.

The setting of Google Analytics cookies is based on Art. 6 Para. 1 lit. f DSGVO. As the operator of this website, we have a legitimate interest in analysing user behaviour in order to optimise our website and, where applicable, advertising.

IP anonymisation

We use Google Analytics in conjunction with the IP anonymisation function. It ensures that Google truncates your IP address within member states of the European Union or in other states party to the Agreement on the European Economic Area before sending it to the USA. There may be exceptional cases in which Google transfers the full IP address to a server in the USA and shortens it there. On our behalf, Google will use this information to evaluate your use of the website, to create reports on website activities and to provide us with further services associated with the use of the website and the Internet. The IP address transmitted by Google Analytics is not merged with other Google data.

Browser Plugin

The setting of cookies by your web browser can be prevented. However, some functions of our website could be restricted as a result. You can also prevent the collection of data regarding your website usage, including your IP address and subsequent processing by Google. This is possible by downloading and

installing the browser plugin accessible via the following link:

Details on the handling of user data by Google Analytics can be found in the Google privacy policy:

Order processing

In order to fully comply with the legal data protection requirements, we have concluded a contract with Google for order processing.

Demographic characteristics at Google Analytics

Our website uses the “demographic features” function of Google Analytics. It can be used to generate reports that contain information about the age, gender and interests of visitors to the site. This data is derived from interest-based advertising by Google and from visitor data from third parties. It is not possible to assign the data to a specific person. You can disable this feature at any time. You can do this through the ad settings in your Google Account or by generally prohibiting the collection of your data by Google Analytics, as explained in the “Opting out of data collection” section.

Links to other websites: Our website also provides links to other websites (including our online presence on Xing and LinkedIn). These links are not “social plug-ins” (i.e. buttons through which the operator providing the relevant offer can collect information about the users of our website as soon as they access our website). Please note, however, that when accessing this other offer, information (possibly including personal data) about your visit may be collected by the operator of this offer. Further information is contained in the data protection notice of the operator of the respective offer.