Privacy Policy
1 General
With this privacy policy, PiCA Prüfinstitut Chemische Analytik GmbH (hereinafter referred to as “the company”) provides information about the processing of personal data in connection with the use of the website www.pica-berlin.de and in connection with other processing activities involving personal data carried out by the company.
Personal data is any information relating to an identified or identifiable person. This includes, in particular, information that allows conclusions to be drawn about your identity, such as your name, telephone number, address, or E-Mail address. Certain identifiers such as the IP address or device ID of the terminal you are using are also considered personal data.
2 Contact
2.1 Responsible
The contact person and controller responsible for processing your personal data within the meaning of the EU-General Data Protection Regulation (GDPR) when you visit this website is
PiCA Prüfinstitut Chemische Analytik GmbH
Rudower Chaussee 29, 12489 Berlin
Phone: +49 30 255 66 00-0
E-Mail: mail@pica-berlin.de
Website: www.pica-berlin.de
Responsible party: see legal notice
2.2 Data Protection Officer
If you have any questions about data protection in connection with our services or the use of our website, you can contact us at any time using the contact details provided in the legal notice or at the postal address or E-Mail address given above (keyword: “Data Protection”).
PiCA Prüfinstitut Chemische Analytik GmbH has appointed a data protection officer in accordance with legal requirements, whom you can contact at any time if you have any questions about data protection or wish to exercise your rights under the GDPR.
Please note that the content received via the specified E-Mail address is not viewed exclusively by the persons responsible for data protection. If you wish to exchange confidential information, we therefore ask you to first contact us directly via this E-Mail address.
3 Data processing on our website
3.1 Hosting of the website
| Purpose: | Provision of the server infrastructure and forwarding of web requests to our web server. |
| Legality: | Our legitimate interest in a standard Internet presence and the delivery of content requested by our website visitors (Art. 6 (1) (f) GDPR). |
| Data categories: | IP address of the sender of HTTP(S) requests and unencrypted parts of these requests. |
| Storage period: | The data is forwarded to us by our hosting provider exclusively for the purpose of processing HTTP and HTTPS requests and is not stored. |
| Recipient: | Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp, Germany |
3.2 Logging of accesses
| Purpose: | Ensuring the secure operation of the web server and the associated IT infrastructure on which the telemedia service is based. This includes, for example, databases or content management systems used. |
| Legality: | Our legitimate interest in the secure operation of the web server (Art. 6 (1) (f) GDPR). |
| Data categories: | Browser type and version, operating system used, referrer URL, host name of the accessing computer, time of the server request, IP address. |
| Storage period: | The data is stored for 7 days; in the event of a security incident, until the incident has been conclusively clarified. |
| Recipient: | non |
3.3 Career
You can apply for open positions with us by email, post, or via career portals. The purpose of data collection is to select suitable applicants for possible employment. To process your application, we process the data you provide (usually: first and last name, email address, application documents such as references and resume, earliest possible start date, job advertisement channel, telephone number if applicable, salary expectations, social media profile). Please note that confidentiality cannot be fully guaranteed when sending unencrypted emails. Alternatively, you can also apply by post.
| Purpose: | Conducting the application process and deciding on the establishment of an employment relationship in accordance with Art. 6 (1) (b) GDPR (pre-contractual measures). |
| Legality: | The legal basis for processing your application data is Art. 6 (1) (b) and (f) and Art. 88 (1) GDPR. In addition, § 26 (1) BDSG (processing of personal data for the purpose of establishing an employment relationship). If you provide us with special categories of personal data (e.g., health data), processing will be based on Art. 9(2)(b) GDPR. |
| Data categories: | Master data (last name, first name, address, telephone number, email address), application documents (cover letter, resume, references, qualifications), other information that you provide to us as part of your application. |
| Storage period: | Your application data will be stored for the duration of the application process. If your application is rejected, the data will be deleted no later than 6 months after notification of the decision, unless longer storage is required due to legal requirements or to defend against possible legal claims. If your application is successful, your data will be transferred to your personnel file and processed in accordance with the statutory retention obligations. If you consent to longer storage: If you have given us your express consent, we will store your application data in our applicant pool for up to one year after the end of the application process in order to consider you for other suitable job openings. The period begins at the end of the year in which consent was given. You can revoke this consent at any time for the future by sending us an email to mail@pica-berlin.de or by declaring your revocation by post. |
| Recipient: | Your application data will only be processed by persons within our company who are responsible for the application process. It will not be passed on to third parties unless this is required by law or you have expressly consented to this. |
| Provision of your data: | The provision of data is necessary in order to process your application and consider it as part of the application process. Without this data, we cannot review or consider your application. |
4 Disclosure of data
4.1 Legality
The data we collect will only be disclosed if:
- you have given your express consent in accordance with Art. 6 (1) (a) GDPR,
- the disclosure is necessary for the assertion, exercise, or defense of legal claims pursuant to Art. 6 (1) (f) GDPR and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
- we are legally obliged to disclose the data pursuant to Art. 6 (1) (c) GDPR, or
- the disclosure is legally permissible and necessary pursuant to Art. 6 (1) (b) GDPR for the performance of contractual relationships with you or for the implementation of pre-contractual measures taken at your request.
4.2 Data processing by service providers
Some data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, these include, in particular, data centers that host our website and databases, IT service providers that maintain our systems, and consulting firms. Data is only passed on to service providers for the purpose of fulfilling the respective tasks, and the service providers have been carefully selected and Kommissionen by us. They are contractually bound to our instructions, have appropriate technical and organizational measures in place to protect the rights of data subjects, and are regularly monitored by us.
4.3 Disclosure to authorities
In addition, data may be disclosed in connection with official inquiries, court orders, or legal proceedings if this is necessary for the prosecution or enforcement of legal claims.
5 Data transfer to third countries
As described in this privacy policy, we use services whose providers are partly based in so-called third countries (e.g. the USA). These countries may not have the same level of data protection as the European Union. However, there is an adequacy decision by the European Commission (EU-U.S. Data Privacy Framework) for the USA, which ensures an adequate level of data protection for certain transfers.
If no adequacy decision (Art. 45 GDPR) exists for other third countries, we have taken precautions to ensure an adequate level of data protection, such as the application of the European Union’s standard contractual clauses and binding internal data protection regulations.
If such measures are not possible, we base the data transfer on exceptions pursuant to Art. 49 GDPR, in particular on your express consent or the necessity of the transfer for the performance of the contract.
Please note that there is a risk involved in transferring personal data to third countries without an adequacy decision or appropriate safeguards: Authorities in the respective third country (e.g., secret services) could access and process the transferred data. In addition, your data subject rights may not be enforceable in such countries. When obtaining your consent via the consent banner, you will also be informed about these risks..
6 Storage period
As a general rule, we only store personal data for as long as is necessary to fulfill the purposes for which we collected the data. We then delete the data immediately, unless we still need it until the expiry of the statutory limitation periods for evidence purposes for civil law claims or due to statutory retention obligations.
Unless a specific storage period is specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion, your data will be deleted unless there are other legally permissible reasons for storage (e.g., tax or commercial law retention periods). In this case, the deletion will take place after these reasons no longer apply.
6.1 Storage of contract data
For evidentiary purposes, we are required to retain contract data for three years from the end of the year in which the business relationship with you ends, as any claims become time-barred at the earliest at this point in time in accordance with the statutory limitation period. Even after that, we must retain certain data for accounting reasons. This legal obligation to document data arises from the Commercial Code, the Tax Code, the Banking Act, and the Money Laundering Act. The legally prescribed retention periods here range from two to ten years.
7 Your rights
You have the right to request information about how we process your personal data at any time. As part of this disclosure, we will explain the data processing to you and provide you with an overview of the data stored about you. If the data stored by us is inaccurate or out of date, you have the right to have it corrected. You can also request the deletion of your data, provided there are no other legal reasons for storing it (e.g., statutory retention periods). In this case, the data will be blocked and only processed for legally permissible purposes. You can also request the restriction of the processing of your data, especially if you believe that the data is incorrect. You also have the right to data portability – upon request, we will provide you with a digital copy of the personal data you have provided.
7.1 Right to information
You have the right to obtain information free of charge about your personal data stored by us and to receive the data in a common, machine-readable format.
- Legal basis: Art. 15 GDPR
- Exception: The information may be refused if your request is manifestly abusive, your identity cannot be clearly established, or the information restricts the rights and freedoms of others.
7.2 Right to rectification
You may request the rectification of inaccurate data and the completion of incomplete data without delay, including by means of a supplementary statement.
- Legal basis: Art. 16 GDPR
7.3 Right to erasure of data
Under certain circumstances, you have the right to request the erasure of your data.
- Legal basis: Art. 17 GDPR
- Exception: Erasure may be refused if data is required, for example, to exercise the right to freedom of expression, to fulfill legal obligations, or to defend legal claims.
7.4 Right to restriction of processing
Under certain conditions, you may request the restriction of processing, for example if the accuracy of the data is disputed or the data is required to defend legal claims.
- Legal basis: Art. 18 GDPR
7.5 Right to data portability
You have the right to receive the personal data you have provided in a commonly used, structured, and machine-readable format or to have it transferred to another controller.
- Legal basis: Art. 20 GDPR
- Exception: This right only applies to data that has been processed in an automated procedure and was collected either on the basis of a contract or consent.
7.6 Right to object
If the processing is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR, you may object to the processing.
- Legal basis: Art. 21 (1) GDPR
- Exception: We may continue processing despite your objection if we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves to assert, exercise, or defend legal claims.
7.7 Right to object to direct marketing
You have the right to object to the processing of your data for direct marketing purposes at any time.
- Legal basis: Art. 21 (2) GDPR
7.8 Right not to be subject to automated decisions.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.
- Legal basis: Art. 22 GDPR
- Exception: This right does not apply if the automated decision is necessary for entering into or performing a contract with you, if the decision is permitted by law, or if you have expressly consented to it.
7.9 Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR, without prejudice to any other administrative or judicial remedy.
- Legal basis: Art. 77 GDPR
- Competent supervisory authority:
Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59–61
10555 Berlin
Exercising your rights
To exercise your rights, you can contact us at any time using the contact details above. This also applies if you wish to receive copies of guarantees to prove an adequate level of data protection. Provided that the respective legal requirements are met, we will comply with your request.
Retention of requests to assert data subject rights
Requests to exercise data subject rights and our responses to them are retained for up to three years for documentation purposes. In individual cases, storage may be extended, e.g., to defend against civil law claims. The legal basis for this is Art. 6 (1) lit. f GDPR, based on our legitimate interest in defending against potential claims and fulfilling our accountability obligation pursuant to Art. 5 (2) GDPR.
8 Data processing for direct marketing purposes
If you contact us to purchase goods, products, or services and provide your email address, we reserve the right to use it to send you newsletters containing direct advertising for our own similar goods or services. This is based on our overriding legitimate interest in advertising to our customers within the framework of a balancing of interests. You can object to this use of your data at any time, as described in section 8.7 of this privacy policy. To do so, simply send a message to the contact details above, without incurring any costs other than the transmission costs according to the basic rates.
If the newsletter is sent on the basis of the sale of goods or services, this is based on Section 7 (3) UWG.
9 Change of the privacy policy
This privacy policy is updated from time to time, for example when we modify our website or when legal or regulatory requirements change. We therefore recommend that you review this policy regularly to stay informed about the protection and processing of your data.
Status: June 26