The responsible data controller is auticon GmbH (hereinafter just “auticon” or “we”).
auticon’s contact details are:
Tel.: +49 89 / 2006068-0
Email:email@example.com Website: www.auticon.com
auticon’s processing of your personal data is regulated by the European Union’s General Data Protection Regulation (“GDPR”).
auticon’s data protection officer is:
AVIATICS Cost & Safety Management GmbH & Co. KG
Kieshecker Weg 148
40468 Düsseldorf, Germany
Our NIMA application allows you to participate in surveys to assess your organization’s neurodiversity inclusion status.Your participation in such surveys, and any answers you may give to the questions that are part of a survey, are always voluntary. Your provision of personal data is neither a statutory nor a contractual requirement, nor a requirement necessary to enter into a contract. You are not obliged to provide the personal data (i.e., answer the survey questions), but if you do not answer the survey will be less comprehensive and its findings may be less exact.
We will store your answers pseudonymously, i.e., in such way that it is not possible to directly relate the answers you have given to you as a person. We will only use these survey data to prepare anonymous statistics for
The underlying personal data (i.e., the survey answers you have given) will only be used to create these statistics, and not for any other purposes. Your personal data will, in particular, not be disclosed to any third party. 12 months after the survey for your organization has ended, we will permanently anonymize your personal survey data, so that it is not even indirectly possible to relate the answers you have given to you as a person.
The legal basis for this processing of personal data is Article 6(1)(a) in connection with Article 9(2)(a) GDPR and your consent. You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
For the processing of data not concerning health we may also rely on Article 6(1)(f) GDPR, i.e., a balancing of interests, based on our and your organization’s legitimate interest to assess your organization’s neurodiversity inclusion status.
Every time you access the application, our servers collect and store technical data in log files. These log files comprise the following data:
We use these log file data to ensure the technical stability of our application, i.e., to identify, to analyze, and to remedy potential technical defects, or to counter potential malicious attacks on our application. We will delete or permanently anonymize these log file data latest two weeks after they are created.
The legal basis for this processing of personal data is Article 6(1)(f) GDPR, i.e., a balancing of interests, based on our legitimate interest to ensure the technical stability of our application.
We may use technical service providers (e.g., website hosting providers) as data processors to support us in operating this application. We only use processors that provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that their processing meets the requirements of the GDPR and ensures the protection of your rights.
Other than this, your data will only be disclosed to third parties in exceptional situations if it is necessary for the establishment, exercise or defense of legal claims, or if we are legally obliged to do so.
In accordance with Article 21 GDPR you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR. We shall then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
You have the right to request confirmation from us as to whether personal data concerning you are being processed; if this is the case, you have the right to access the personal data and to receive additional information in accordance with Article1 15 GDPR.
In accordance with Article 16 GDPR you have the right to demand that we rectify any inaccurate personal data concerning you and, if necessary, complete any incomplete personal data.
You have the right to demand that we erase personal data concerning you in accordance with the reasons stated in Article 17 GDPR.
You have the right to demand restriction of processing of your personal data in accordance with the reasons stated in Article 18 GDPR.
You have the right to receive from us the data concerning you which you have provided to us, in a structured, commonly used and machine-readable format. You may transmit those data, or have them transmitted directly, to another controller in accordance with Article 20 GDPR (right to data portability).
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR.